Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.07.2013, 22:43   #1
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Icon23

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Hallo
Vorab ich bin kein Profi. Ich bin neu hier und habe ein grosses Problem. Ich denke es ist der selbe Trojaner wie bei MrMatrix vom 7.7.13.
Ich habe Avira Antivirus installiert, es hat mich allerdings nie gewarnt. Auf jeden Fall sind plötzlich viele Bilddateien und alle Word-Dokumente verschlüsselt. Und das leider auf allen drei Fesplatten die ich am PC laufen habe.
Ich hoffe jemand von euch kann mir weiterhelfen und mir sagen was ich tun muss. Muss ich alles formatieren? Kann man die Bilder noch retten? Sind die Fesplatten noch brauchbar? Wie gesagt, ich bin leider keine grosse Leuchte. Schattenkopien habe ich keine gefunden.

Ich habe wie vorgegeben den Defogger, SuperAntiSpywareScanLog, OTL und GMER durchlaufen lassen und die Resultate in ein Zip gepackt. Ich hoffe es ist alles richtig so.
Vorab schon mal besten Dank für eure Hilfe.

Freundliche Grüsse

Peter

Alt 23.07.2013, 00:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Hallo,

Zitat:
Kann man die Bilder noch retten?
Bitte lesen => http://www.trojaner-board.de/116851-...tml#post842337
__________________

__________________

Alt 24.07.2013, 21:13   #3
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Hallo Cosinus

Danke für deine Antwort.
Das habe ich bereits alles gelesen und ausprobiert.
Nr. 1 brachte nichts; Nr. 2 ist es nicht; Nr. 3 und 4 brachte auch nichts.
Was "Keine Hilfe per PN! Nutze das Forum" heisst versteh ich nicht? Habe ich meine Frage am falschen Ort platziert?
Ich zahle auch gern was für eure Hilfe. haupsache ich bekomme meine Bilder wieder (hoffentlich).



.
__________________

Alt 25.07.2013, 05:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Zitat:
Nr. 1 brachte nichts; Nr. 2 ist es nicht; Nr. 3 und 4 brachte auch nichts.
Dann sind deine Daten weg. So hart es klingen mag, aber man muss seine wichtigen Daten nunmal sichern. Das einzige was bei dir noch helfen könnte wäre der ShadowExplorer
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.07.2013, 21:11   #5
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Pech gehabt. Vor allem wenn man Jahr und Tag Backups laufen hat, und wenn man es mal braucht kommt die Meldung: WD Anyware Restore kann nicht mit dieser Version von Windows ausgeführt werden.
Hätte eh nichts genützt, da die Bilder auf zwei externen Platten waren.
Noch eine letzte Frage: Wie muss ich jetzt vorgehen? Ist der Trojaner weg und kann ich alles so lassen wie es ist? Muss ich die Hauptfestplatte neu formatieren oder gleich alle?

Danke


Alt 25.07.2013, 21:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"

Alt 25.07.2013, 21:29   #7
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Peter Elsasser (administrator) on 25-07-2013 21:24:05
Running from J:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Memeo) C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(MyWebSearch.com) C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
(Sony Corporation) D:\Programs\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(www.shadowexplorer.com) D:\Programs\ShadowExplorer\sesvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(MyWebSearch.com) C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Dropbox, Inc.) C:\Users\Peter Elsasser\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Sony Corporation) D:\Programs\PMBVolumeWatcher.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
(Nullsoft, Inc.) D:\Programs\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Memeo Inc.) C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-03-12] (CyberLink)
HKLM\...\Run: [WD Anywhere Backup] - C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe [197856 2008-11-07] (Memeo Inc.)
HKLM\...\RunOnce: [MedionReminder] - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey [443688 2011-03-12] (CyberLink)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe [38408 2011-12-10] (MyWebSearch.com)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-06] (Google Inc.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [436728 2012-09-10] (TomTom)
HKCU\...\Run: [Skype] - D:\Programs\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
MountPoints2: {f078a30d-32c7-11e1-9112-e0b9a58d3d76} - J:\laucher.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdatePDRShortCut] - "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-12] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-12-23] (CyberLink Corp.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [PMBVolumeWatcher] - D:\Programs\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM-x32\...\Run: [LWS] - D:\Programs\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [My Web Search Bar Search Scope Monitor] - "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [34336 2011-12-10] (MyWebSearch.com)
HKLM-x32\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe [38408 2011-12-10] (MyWebSearch.com)
HKLM-x32\...\Run: [DATAMNGR] - C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE [1694608 2011-12-06] (Bandoo Media, inc)
HKLM-x32\...\Run: [WinampAgent] - D:\Programs\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Clara\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-06] (Google Inc.)
HKU\Clara\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Michelle\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-06] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll  [1791384 2011-12-06] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll  [1233816 2011-12-06] (Bandoo Media, inc)
Startup: C:\Users\Peter Elsasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Peter Elsasser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
URLSearchHook: (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZSYYYYYYYYCH&ptnrS=ZSYYYYYYYYCH&ptb=hGZpPLhEEzDNTtKr7zilNw&ind=2011121815&n=77df4897&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZSYYYYYYYYCH&ptnrS=ZSYYYYYYYYCH&ptb=hGZpPLhEEzDNTtKr7zilNw&ind=2011121003&n=77df456b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
BHO-x32: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default
FF user.js: detected! => C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.searchqu.com/406
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\Programs\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\Programs\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mywebsearch.com/Plugin - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: No Name - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: Ghostery - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\Extensions\firefox@ghostery.com
FF Extension: My Web Search - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\Extensions\m3ffxtbr@mywebsearch.com
FF Extension: Winamp Toolbar - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: Searchqu Toolbar - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: WOT - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\1.bin

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - D:\Programs\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - D:\Programs\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\PETERE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\PETERE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\PETERE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\PETERE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\PETERE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-12] (CyberLink)
R2 MemeoBackgroundService; C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2008-11-07] (Memeo)
R2 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [34320 2011-12-10] (MyWebSearch.com)
R2 PMBDeviceInfoProvider; D:\Programs\PMBDeviceInfoProvider.exe [360224 2009-10-24] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 sesvc; D:\Programs\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com)
S2 SkypeUpdate; D:\Programs\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39728 2011-11-17] (Paragon Software Group)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 21:23 - 2013-07-25 21:23 - 00000000 ____D C:\FRST
2013-07-25 21:21 - 2013-07-25 21:21 - 00001114 _____ C:\Users\Peter Elsasser\Desktop\FRST64.exe - Verknüpfung.lnk
2013-07-24 20:25 - 2013-07-24 20:25 - 00000000 ____D C:\Users\Peter Elsasser\AppData\Roaming\www.shadowexplorer.com
2013-07-24 20:24 - 2013-07-24 20:24 - 00000768 _____ C:\Users\Peter Elsasser\Desktop\ShadowExplorer.lnk
2013-07-22 22:37 - 2013-07-22 22:37 - 00473176 _____ C:\Users\Peter Elsasser\Desktop\Logfiles.zip
2013-07-22 22:36 - 2013-07-22 22:33 - 00001538 _____ C:\Users\Peter Elsasser\Desktop\VirusText - Kopie.txt
2013-07-22 22:35 - 2013-07-22 21:36 - 00235408 _____ C:\Users\Peter Elsasser\Desktop\OTL - Kopie.Txt
2013-07-22 22:33 - 2013-07-22 22:33 - 00001538 _____ C:\Users\Peter Elsasser\Desktop\VirusText.txt
2013-07-22 22:31 - 2013-07-22 22:31 - 00290800 _____ C:\Windows\Minidump\072213-102913-01.dmp
2013-07-22 22:18 - 2013-07-22 22:18 - 00411149 _____ C:\Users\Peter Elsasser\Desktop\LogfilesPE.zip
2013-07-22 22:17 - 2013-07-22 22:17 - 00000504 _____ C:\Users\Peter Elsasser\Desktop\desktop.ini1.txt
2013-07-22 22:08 - 2013-07-22 22:08 - 00389019 _____ C:\Users\Peter Elsasser\Desktop\Desktop.7z
2013-07-22 22:07 - 2013-07-22 22:07 - 00408216 _____ C:\Users\Peter Elsasser\Desktop\Desktop.zip
2013-07-22 22:05 - 2013-07-22 22:05 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-07-22 22:00 - 2013-07-22 22:00 - 00093185 _____ C:\Users\Peter Elsasser\Desktop\SUPERAntiSpyware Scan Log - 07-17-2013 - 23-13-33.log
2013-07-22 22:00 - 2013-07-22 22:00 - 00029834 _____ C:\Users\Peter Elsasser\Desktop\Ereignisse-1.txt
2013-07-22 21:59 - 2013-07-22 21:59 - 00000806 _____ C:\Users\Peter Elsasser\Desktop\Ereignisse.txt
2013-07-22 21:55 - 2013-07-22 21:55 - 00003996 _____ C:\Users\Peter Elsasser\Desktop\gmer_2.1.19163.log
2013-07-22 21:49 - 2013-07-22 21:49 - 00377856 _____ C:\Users\Peter Elsasser\Desktop\gmer_2.1.19163.exe
2013-07-22 21:37 - 2013-07-22 21:37 - 00109492 _____ C:\Users\Peter Elsasser\Desktop\Extras.Txt
2013-07-22 21:36 - 2013-07-22 21:36 - 00235408 _____ C:\Users\Peter Elsasser\Desktop\OTL.Txt
2013-07-22 21:22 - 2013-07-22 21:22 - 00111278 _____ C:\Users\Peter Elsasser\Desktop\OTL2.Txt
2013-07-22 21:22 - 2013-07-22 21:22 - 00108964 _____ C:\Users\Peter Elsasser\Desktop\Extras2.Txt
2013-07-22 21:17 - 2013-07-22 21:16 - 00602112 _____ (OldTimer Tools) C:\Users\Peter Elsasser\Desktop\OTL.exe
2013-07-22 21:15 - 2013-07-22 21:15 - 00000490 _____ C:\Users\Peter Elsasser\Desktop\defogger_disable.log
2013-07-22 21:14 - 2013-07-22 21:12 - 00050477 _____ C:\Users\Peter Elsasser\Desktop\Defogger(1).exe
2013-07-22 21:13 - 2013-07-22 21:13 - 00000000 _____ C:\Users\Peter Elsasser\defogger_reenable
2013-07-19 22:35 - 2013-07-19 22:35 - 00000000 ____D C:\Users\Clara\AppData\Local\{B20EC04F-6600-4A31-A98C-379C2951C263}
2013-07-17 23:51 - 2013-07-17 23:51 - 00000000 ____D C:\archive_db
2013-07-17 23:08 - 2013-07-17 22:21 - 00000806 _____ E:\Peter Elsasser\Eigene Dokumente\Ereignisse.txt
2013-07-17 22:20 - 2013-07-17 22:20 - 00002296 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-17 22:16 - 2013-07-24 22:16 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a.job
2013-07-17 22:16 - 2013-07-23 02:00 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e.job
2013-07-17 22:16 - 2013-07-17 22:16 - 00003622 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e
2013-07-17 22:16 - 2013-07-17 22:16 - 00003548 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a
2013-07-17 21:50 - 2013-07-17 21:50 - 00000000 ____D C:\Users\Peter Elsasser\AppData\Roaming\JPEGsnoop
2013-07-17 21:04 - 2013-07-17 21:04 - 00000000 ____D C:\Users\PETERE~1\AppData\Local\{E5C57DEA-DCEE-490D-B998-EFB092181064}
2013-07-17 14:31 - 2013-07-17 14:31 - 00000000 ____D C:\Users\Clara\AppData\Local\{514D28B5-7018-4728-871C-65370235DF51}
2013-07-15 23:17 - 2013-07-15 23:17 - 00000000 ____D C:\Users\Clara\AppData\Local\{28544BA2-5EB6-4D81-B6D9-ED58BCE61254}
2013-07-15 22:45 - 2013-07-15 22:49 - 00000000 ____D C:\ProgramData\AntiSpyInfo
2013-07-15 21:38 - 2013-07-15 21:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 21:38 - 2013-07-15 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-15 21:34 - 2013-05-27 07:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-15 21:34 - 2013-05-27 07:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-15 21:34 - 2013-05-27 07:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-15 21:34 - 2013-05-27 07:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-15 21:34 - 2013-05-27 07:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-15 21:34 - 2013-05-27 07:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-15 21:34 - 2013-05-27 07:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-15 21:34 - 2013-05-27 07:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-15 21:34 - 2013-05-27 07:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-15 21:34 - 2013-05-27 07:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-15 21:34 - 2013-05-27 07:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-15 21:34 - 2013-05-27 07:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-15 21:34 - 2013-05-27 07:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-15 21:34 - 2013-05-27 06:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-15 21:34 - 2013-05-27 06:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-15 21:34 - 2013-05-27 06:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-15 21:34 - 2013-05-27 06:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-15 21:34 - 2013-05-27 06:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-15 21:34 - 2013-05-27 06:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-15 21:34 - 2013-05-27 06:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-15 21:34 - 2013-05-27 05:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-15 21:34 - 2013-05-27 05:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-15 21:34 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-15 21:34 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-15 21:34 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-15 21:34 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-15 21:34 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-15 21:34 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-15 21:34 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-15 21:34 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-15 21:34 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-15 21:34 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-07-15 21:34 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-15 21:34 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-15 21:34 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-15 21:34 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-15 21:34 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-15 21:34 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-15 21:34 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-15 21:34 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-15 21:34 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-15 21:34 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-15 21:34 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-15 21:34 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-15 21:34 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-15 21:34 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-15 21:34 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-15 21:34 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-15 21:33 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 21:33 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-15 21:33 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-15 21:33 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-15 21:33 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-15 21:33 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-15 21:33 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-15 21:33 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-15 21:33 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-15 21:33 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-15 21:33 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-15 21:33 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-15 21:33 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-15 21:33 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-15 21:33 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-07-15 21:33 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-15 21:33 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-15 21:33 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-15 21:33 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-15 21:33 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-15 21:33 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-15 21:33 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-15 21:33 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-15 21:33 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-15 21:33 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-07-15 21:32 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-15 21:32 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 21:32 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-15 21:32 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-15 21:32 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-15 21:32 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 21:32 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-15 13:32 - 2013-07-15 13:32 - 00000000 ____D C:\Users\Clara\AppData\Local\{473D59D2-34B9-4EF0-A515-ACB65FBA6E9F}
2013-07-02 23:19 - 2013-07-02 23:28 - 00000000 ____D E:\Peter Elsasser\Eigene Dokumente\My Digital Editions
2013-07-02 23:19 - 2013-07-02 23:19 - 00000802 _____ C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
2013-07-02 23:19 - 2013-07-02 23:19 - 00000000 ____D C:\Users\PETERE~1\AppData\Local\Adobe_Systems_Incorporate
2013-07-02 23:06 - 2013-07-02 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\Users\Clara\READ_TO_DECRYPT!!!.html
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\Users\Clara\Documents\READ_TO_DECRYPT!!!.html
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\Users\Clara\AppData\Local\READ_TO_DECRYPT!!!.html
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\ProgramData\READ_TO_DECRYPT!!!.html
2013-07-01 21:50 - 2013-07-01 21:50 - 00002232 _____ C:\Users\Clara\Desktop\Kindle.lnk
2013-07-01 21:50 - 2013-07-01 21:50 - 00000000 ____D C:\Users\Clara\Documents\My Kindle Content
2013-07-01 21:50 - 2013-07-01 21:50 - 00000000 ____D C:\Users\Clara\AppData\Local\Amazon
2013-07-01 21:40 - 2013-07-01 21:40 - 00000000 ____D C:\Users\Clara\AppData\Local\{BC244063-DB6B-4EC3-A98C-CF4AD2188AEE}
2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\Users\Clara\AppData\Local\{DE10676E-DF03-4F0F-9DDC-C74540C484D3}

==================== One Month Modified Files and Folders =======

2013-07-25 21:23 - 2013-07-25 21:23 - 00000000 ____D C:\FRST
2013-07-25 21:21 - 2013-07-25 21:21 - 00001114 _____ C:\Users\Peter Elsasser\Desktop\FRST64.exe - Verknüpfung.lnk
2013-07-25 21:06 - 2011-11-06 14:40 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 21:06 - 2011-11-06 14:40 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 21:05 - 2012-07-07 09:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 21:01 - 2011-11-06 14:40 - 02059099 _____ C:\Windows\WindowsUpdate.log
2013-07-25 20:59 - 2013-04-25 20:04 - 00000000 ____D C:\Users\Peter Elsasser\AppData\Roaming\Skype
2013-07-25 20:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-25 20:56 - 2011-11-07 20:39 - 00000000 ___RD C:\Users\Peter Elsasser\Dropbox
2013-07-25 20:56 - 2011-11-07 20:35 - 00000000 ____D C:\Users\Peter Elsasser\AppData\Roaming\Dropbox
2013-07-25 20:54 - 2009-07-14 06:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 20:54 - 2009-07-14 06:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 20:51 - 2011-02-10 21:25 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-07-25 20:51 - 2011-02-10 21:25 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-07-25 20:51 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 20:46 - 2012-07-04 20:38 - 00011670 _____ C:\Windows\setupact.log
2013-07-25 20:46 - 2011-12-11 22:59 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-07-25 20:46 - 2011-11-07 21:12 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-07-25 20:46 - 2010-11-21 05:47 - 00278406 _____ C:\Windows\PFRO.log
2013-07-25 20:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 22:16 - 2013-07-17 22:16 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a.job
2013-07-24 20:25 - 2013-07-24 20:25 - 00000000 ____D C:\Users\Peter Elsasser\AppData\Roaming\www.shadowexplorer.com
2013-07-24 20:24 - 2013-07-24 20:24 - 00000768 _____ C:\Users\Peter Elsasser\Desktop\ShadowExplorer.lnk
2013-07-23 02:00 - 2013-07-17 22:16 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e.job
2013-07-22 22:37 - 2013-07-22 22:37 - 00473176 _____ C:\Users\Peter Elsasser\Desktop\Logfiles.zip
2013-07-22 22:33 - 2013-07-22 22:36 - 00001538 _____ C:\Users\Peter Elsasser\Desktop\VirusText - Kopie.txt
2013-07-22 22:33 - 2013-07-22 22:33 - 00001538 _____ C:\Users\Peter Elsasser\Desktop\VirusText.txt
2013-07-22 22:31 - 2013-07-22 22:31 - 00290800 _____ C:\Windows\Minidump\072213-102913-01.dmp
2013-07-22 22:31 - 2013-04-26 19:44 - 00000000 ____D C:\Windows\Minidump
2013-07-22 22:18 - 2013-07-22 22:18 - 00411149 _____ C:\Users\Peter Elsasser\Desktop\LogfilesPE.zip
2013-07-22 22:17 - 2013-07-22 22:17 - 00000504 _____ C:\Users\Peter Elsasser\Desktop\desktop.ini1.txt
2013-07-22 22:08 - 2013-07-22 22:08 - 00389019 _____ C:\Users\Peter Elsasser\Desktop\Desktop.7z
2013-07-22 22:07 - 2013-07-22 22:07 - 00408216 _____ C:\Users\Peter Elsasser\Desktop\Desktop.zip
2013-07-22 22:05 - 2013-07-22 22:05 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-07-22 22:00 - 2013-07-22 22:00 - 00093185 _____ C:\Users\Peter Elsasser\Desktop\SUPERAntiSpyware Scan Log - 07-17-2013 - 23-13-33.log
2013-07-22 22:00 - 2013-07-22 22:00 - 00029834 _____ C:\Users\Peter Elsasser\Desktop\Ereignisse-1.txt
2013-07-22 21:59 - 2013-07-22 21:59 - 00000806 _____ C:\Users\Peter Elsasser\Desktop\Ereignisse.txt
2013-07-22 21:55 - 2013-07-22 21:55 - 00003996 _____ C:\Users\Peter Elsasser\Desktop\gmer_2.1.19163.log
2013-07-22 21:49 - 2013-07-22 21:49 - 00377856 _____ C:\Users\Peter Elsasser\Desktop\gmer_2.1.19163.exe
2013-07-22 21:37 - 2013-07-22 21:37 - 00109492 _____ C:\Users\Peter Elsasser\Desktop\Extras.Txt
2013-07-22 21:36 - 2013-07-22 22:35 - 00235408 _____ C:\Users\Peter Elsasser\Desktop\OTL - Kopie.Txt
2013-07-22 21:36 - 2013-07-22 21:36 - 00235408 _____ C:\Users\Peter Elsasser\Desktop\OTL.Txt
2013-07-22 21:22 - 2013-07-22 21:22 - 00111278 _____ C:\Users\Peter Elsasser\Desktop\OTL2.Txt
2013-07-22 21:22 - 2013-07-22 21:22 - 00108964 _____ C:\Users\Peter Elsasser\Desktop\Extras2.Txt
2013-07-22 21:16 - 2013-07-22 21:17 - 00602112 _____ (OldTimer Tools) C:\Users\Peter Elsasser\Desktop\OTL.exe
2013-07-22 21:15 - 2013-07-22 21:15 - 00000490 _____ C:\Users\Peter Elsasser\Desktop\defogger_disable.log
2013-07-22 21:13 - 2013-07-22 21:13 - 00000000 _____ C:\Users\Peter Elsasser\defogger_reenable
2013-07-22 21:13 - 2011-11-06 14:42 - 00000000 ____D C:\Users\Peter Elsasser
2013-07-22 21:12 - 2013-07-22 21:14 - 00050477 _____ C:\Users\Peter Elsasser\Desktop\Defogger(1).exe
2013-07-19 22:42 - 2013-04-25 20:26 - 00000000 ____D C:\Users\Clara\AppData\Roaming\Skype
2013-07-19 22:35 - 2013-07-19 22:35 - 00000000 ____D C:\Users\Clara\AppData\Local\{B20EC04F-6600-4A31-A98C-379C2951C263}
2013-07-19 22:35 - 2013-05-27 20:59 - 00000000 ____D C:\Users\Clara\Tracing
2013-07-17 23:51 - 2013-07-17 23:51 - 00000000 ____D C:\archive_db
2013-07-17 23:20 - 2012-09-15 19:46 - 00000000 ____D E:\Peter Elsasser\Eigene Dokumente\Privat
2013-07-17 22:21 - 2013-07-17 23:08 - 00000806 _____ E:\Peter Elsasser\Eigene Dokumente\Ereignisse.txt
2013-07-17 22:20 - 2013-07-17 22:20 - 00002296 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-17 22:20 - 2011-11-06 14:43 - 00000000 ____D C:\Users\PETERE~1\AppData\Local\Google
2013-07-17 22:20 - 2011-11-06 14:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-17 22:16 - 2013-07-17 22:16 - 00003622 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e
2013-07-17 22:16 - 2013-07-17 22:16 - 00003548 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a
2013-07-17 21:50 - 2013-07-17 21:50 - 00000000 ____D C:\Users\Peter Elsasser\AppData\Roaming\JPEGsnoop
2013-07-17 21:04 - 2013-07-17 21:04 - 00000000 ____D C:\Users\PETERE~1\AppData\Local\{E5C57DEA-DCEE-490D-B998-EFB092181064}
2013-07-17 14:31 - 2013-07-17 14:31 - 00000000 ____D C:\Users\Clara\AppData\Local\{514D28B5-7018-4728-871C-65370235DF51}
2013-07-15 23:20 - 2011-11-06 14:42 - 00000000 ___RD C:\Users\Peter Elsasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-15 23:20 - 2011-11-06 14:42 - 00000000 ___RD C:\Users\Peter Elsasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-15 23:19 - 2012-07-24 21:01 - 00000000 ____D C:\Users\Clara\Documents\alt
2013-07-15 23:17 - 2013-07-15 23:17 - 00000000 ____D C:\Users\Clara\AppData\Local\{28544BA2-5EB6-4D81-B6D9-ED58BCE61254}
2013-07-15 23:16 - 2009-07-14 06:45 - 00395840 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-15 23:13 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 23:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-15 23:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-15 22:49 - 2013-07-15 22:45 - 00000000 ____D C:\ProgramData\AntiSpyInfo
2013-07-15 21:42 - 2011-11-10 20:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-15 21:39 - 2011-11-10 21:13 - 00000039 _____ C:\Windows\vbaddin.ini
2013-07-15 21:38 - 2013-07-15 21:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 21:38 - 2013-07-15 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-15 21:01 - 2011-11-06 14:40 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 21:01 - 2011-11-06 14:40 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 13:32 - 2013-07-15 13:32 - 00000000 ____D C:\Users\Clara\AppData\Local\{473D59D2-34B9-4EF0-A515-ACB65FBA6E9F}
2013-07-15 13:32 - 2011-11-06 17:55 - 00103992 _____ C:\Users\Clara\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-15 13:31 - 2012-10-30 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-12 23:13 - 2011-11-07 20:39 - 00001049 _____ C:\Users\Peter Elsasser\Desktop\Dropbox.lnk
2013-07-12 23:13 - 2011-11-07 20:35 - 00000000 ____D C:\Users\Peter Elsasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-07-02 23:28 - 2013-07-02 23:19 - 00000000 ____D E:\Peter Elsasser\Eigene Dokumente\My Digital Editions
2013-07-02 23:19 - 2013-07-02 23:19 - 00000802 _____ C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
2013-07-02 23:19 - 2013-07-02 23:19 - 00000000 ____D C:\Users\PETERE~1\AppData\Local\Adobe_Systems_Incorporate
2013-07-02 23:06 - 2013-07-02 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 22:40 - 2011-11-07 21:27 - 00103992 _____ C:\Users\PETERE~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\Users\Clara\READ_TO_DECRYPT!!!.html
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\Users\Clara\Documents\READ_TO_DECRYPT!!!.html
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\Users\Clara\AppData\Local\READ_TO_DECRYPT!!!.html
2013-07-01 22:11 - 2013-07-01 22:11 - 00004984 ____R C:\ProgramData\READ_TO_DECRYPT!!!.html
2013-07-01 22:11 - 2012-09-15 19:46 - 00000000 ____D E:\Peter Elsasser\Eigene Dokumente\HBCH
2013-07-01 22:11 - 2011-11-07 20:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-01 22:11 - 2011-11-06 19:03 - 00000000 ____D C:\Netgear
2013-07-01 22:11 - 2011-11-06 17:55 - 00000000 ____D C:\Users\Clara\AppData\Local\VirtualStore
2013-07-01 22:11 - 2011-11-06 17:55 - 00000000 ____D C:\Users\Clara
2013-07-01 22:11 - 2011-11-06 17:35 - 00001704 ____H C:\ProgramData\__wdump.txt
2013-07-01 21:50 - 2013-07-01 21:50 - 00002232 _____ C:\Users\Clara\Desktop\Kindle.lnk
2013-07-01 21:50 - 2013-07-01 21:50 - 00000000 ____D C:\Users\Clara\Documents\My Kindle Content
2013-07-01 21:50 - 2013-07-01 21:50 - 00000000 ____D C:\Users\Clara\AppData\Local\Amazon
2013-07-01 21:44 - 2013-05-13 19:22 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-01 21:40 - 2013-07-01 21:40 - 00000000 ____D C:\Users\Clara\AppData\Local\{BC244063-DB6B-4EC3-A98C-CF4AD2188AEE}
2013-06-30 21:20 - 2011-11-06 17:55 - 00000000 ____D C:\Users\Clara\AppData\Local\Google
2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\Users\Clara\AppData\Local\{DE10676E-DF03-4F0F-9DDC-C74540C484D3}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 00:55

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2013
Ran by Peter Elsasser at 2013-07-25 21:24:26
Running from J:\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 Update for Microsoft Office 2007 (KB2508958) (x32)
50 FREE MP3s +1 Free Audiobook! (x32 Version: 1.0.0.1)
7-Zip 9.20 (x32)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.7.637)
Anti-Spy.Info 1.8d (x32 Version: 1.8d)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.4703)
CyberLink PowerBackup (x32 Version: 2.5.6023)
CyberLink PowerDirector (x32 Version: 7.0.3708)
CyberLink PowerDVD 10 (x32 Version: 10.0.2425.52)
CyberLink PowerProducer (x32 Version: 5.0.2.2820)
CyberLink PowerRecover (x32 Version: 5.5.3911)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Download Updater (AOL LLC) (x32)
Dropbox (HKCU Version: 2.0.22)
Erazer Control Center (x32 Version: 1.0.0.8)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
ifolor Bestellsoftware 3.7 (x32 Version: 3.7.220.0)
ifolor Designer (x32 Version: 2.5.12.22)
ifolor Gestaltungs-Vorlagen (x32 Version: 2.5.12.22)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008)
itech Webcam Software-Treiberpaket (Version: 12.10.1110)
Java Auto Updater (x32 Version: 2.0.3.1)
Java(TM) 6 Update 24 (64-bit) (Version: 6.0.240)
Java(TM) 6 Update 24 (x32 Version: 6.0.240)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Logitech Vid HD (x32 Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam-Software (x32 Version: 2.30)
LWS Webcam Software (x32 Version: 13.30.1379.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32)
Microsoft Visio Standard 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Web Search (Smiley Central) (x32)
MyTomTom 3.2.0.802 (x32 Version: 3.2.0.802)
NVIDIA Display Control Panel (Version: 6.14.12.6760)
NVIDIA Graphics Driver 267.60 (Version: 267.60)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
Paragon Backup & Recovery™ 2012 Free (x32 Version: 90.00.0003)
Pinnacle Studio 12 (x32 Version: 12.0.0.6163)
Pinnacle Studio 12 Ultimate Plugins (x32 Version: 12.0.0.0)
Pinnacle Video Treiber (Version: 12.00.0017)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (x32 Version: 5.2.00.03250)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
proDAD Vitascene 1.0 (x32)
QXL Ricardo Assistant 5 (x32 Version: 0.0.0.0)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6285)
Rechtschreibkorrektur für den ifolor Designer (x32 Version: 2.4.22.582)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
ShadowExplorer 0.9 (x32 Version: 0.9.462.0)
Skype™ 6.3 (x32 Version: 6.3.105)
swMSM (x32 Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
WD Anywhere Backup
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Winamp Toolbar (HKCU)
Winamp Toolbar (x32)
Windows iLivid Toolbar (x32 Version: 3.0.0.118320)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

25-07-2013 18:58:59 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AE8FB25-3C05-46EA-82AD-175C3DB47346} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {36FE1B19-38DC-4919-AD17-475B3D642B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: {5372CC19-6F47-4DBF-85D5-BD753F772E10} - System32\Tasks\{09B861F3-184B-4DD4-A7CB-EA1CC41588F5} => D:\Programs\Studio.exe [2008-05-13] (Pinnacle Systems)
Task: {7A2BF7D9-4476-46F6-AA3A-8A49BAA2488F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {A60CC6FC-301B-42CA-A230-B454454A12FE} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {A9860FB6-7887-40A4-8802-C6F6B8D66BCB} - System32\Tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a => C:\Program Files\SUPERAntiSpyware\SASTask.exe No File
Task: {B1C5FF56-B961-42F8-8E7F-51B4548D7CF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06] (Google Inc.)
Task: {CF80E062-6A6F-41C8-A733-7C7EFAA4A45C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e => C:\Program Files\SUPERAntiSpyware\SASTask.exe No File
Task: {D7E963FE-26E9-4EF2-B581-4FFAD945A7E7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============

Name: My Book World Edition Network Storage
Description: My Book World Edition Network Storage
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2013 09:01:23 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2742595" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2742595_20130725_210121999-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 09:01:19 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2840628" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2840628_20130725_205930838-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:59:28 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2737019" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2737019_20130725_205927371-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:59:25 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2789642" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2789642_20130725_205923791-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:59:22 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2729449" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2729449_20130725_205920632-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:59:18 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2604121" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2604121_20130725_205916989-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:59:14 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2804576" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2804576_20130725_205913048-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:59:11 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2736428" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2736428_20130725_205909987-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:59:08 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2835393" konnte nicht installiert werden. Fehlercode 1638. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2835393_20130725_205906648-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (07/25/2013 08:48:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/25/2013 09:01:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2742595)

Error: (07/25/2013 09:01:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2840628)

Error: (07/25/2013 09:01:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2737019)

Error: (07/25/2013 09:01:17 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/25/2013 08:59:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2789642)

Error: (07/25/2013 08:59:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2729449)

Error: (07/25/2013 08:59:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2604121)

Error: (07/25/2013 08:59:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2804576)

Error: (07/25/2013 08:59:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2736428)

Error: (07/25/2013 08:59:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2835393)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 16365.7 MB
Available physical RAM: 13803.88 MB
Total Pagefile: 32729.57 MB
Available Pagefile: 29920.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:58.53 GB) (Free:1.11 GB) NTFS (Disk=1 Partition=2)
Drive d: (Data) (Fixed) (Total:39.06 GB) (Free:9.46 GB) NTFS (Disk=2 Partition=1)
Drive e: (Recover) (Fixed) (Total:40.51 GB) (Free:6.35 GB) NTFS (Disk=2 Partition=3)
Drive i: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:162.09 GB) FAT32 (Disk=0 Partition=1)
Drive j: (Volume) (Fixed) (Total:390.62 GB) (Free:353.16 GB) NTFS (Disk=2 Partition=2)
Drive k: (Volume) (Fixed) (Total:2794.39 GB) (Free:1921.65 GB) NTFS (Disk=3 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 760E50DB)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 60 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6B4F62F8)
Partition 1: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=41 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 2795 GB) (Disk ID: 9B7EC9FC)

Partition: GPT Partition Type
==================== End Of Log ============================
         
Hallo cosinus

War das so richtig?

Alt 25.07.2013, 21:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.07.2013, 23:18   #9
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Peter Elsasser :: PE_ERAZER [administrator]

25.07.2013 21:52:30
mbar-log-2013-07-25 (21-52-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 312700
Time elapsed: 29 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
c:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Delete on reboot.

Registry Keys Detected: 41
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{AAA9C380-E19A-4436-88F6-02942C31CC9E} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{AAA9C381-E19A-4436-88F6-02942C31CC9E} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AAA9C380-E19A-4436-88F6-02942C31CC9E} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AAA9C381-E19A-4436-88F6-02942C31CC9E} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyWebSearchToolBar.SettingsPlugin.1 (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyWebSearchToolBar.SettingsPlugin (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyWebSearchToolBar.SettingsPlugin (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyWebSearchToolBar.SettingsPlugin.1 (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyWebSearchToolBar.ToolbarPlugin.1 (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyWebSearchToolBar.ToolbarPlugin (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyWebSearchToolBar.ToolbarPlugin (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyWebSearchToolBar.ToolbarPlugin.1 (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyWebSearch bar Uninstall (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Delete on reboot.

Registry Values Detected: 3
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00A6FAF6-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Data:  -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Data:  -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Delete on reboot.
c:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Delete on reboot.
c:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Das hätte ich. Der zweite Durchlauf brachte nichts mehr.

aswMBR und TDSS-Killer mach ich morgen.

Alt 27.07.2013, 23:45   #10
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Hallo Cosinus

aswMBR ist abgestürzt. Hab es 3 x versucht. Dann auf "none" gesetzt und geschlossen.

Code:
ATTFilter
23:34:40.0603 4204  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:34:41.0162 4204  ============================================================
23:34:41.0162 4204  Current date / time: 2013/07/27 23:34:41.0162
23:34:41.0162 4204  SystemInfo:
23:34:41.0162 4204  
23:34:41.0162 4204  OS Version: 6.1.7601 ServicePack: 1.0
23:34:41.0162 4204  Product type: Workstation
23:34:41.0162 4204  ComputerName: PE_ERAZER
23:34:41.0162 4204  UserName: Peter Elsasser
23:34:41.0162 4204  Windows directory: C:\Windows
23:34:41.0162 4204  System windows directory: C:\Windows
23:34:41.0162 4204  Running under WOW64
23:34:41.0162 4204  Processor architecture: Intel x64
23:34:41.0162 4204  Number of processors: 8
23:34:41.0162 4204  Page size: 0x1000
23:34:41.0162 4204  Boot type: Normal boot
23:34:41.0162 4204  ============================================================
23:34:49.0855 4204  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
23:34:49.0856 4204  Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:34:49.0873 4204  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:34:49.0889 4204  Drive \Device\Harddisk3\DR3 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:34:49.0910 4204  ============================================================
23:34:49.0910 4204  \Device\Harddisk0\DR0:
23:34:49.0910 4204  MBR partitions:
23:34:49.0910 4204  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
23:34:49.0910 4204  \Device\Harddisk1\DR1:
23:34:49.0910 4204  MBR partitions:
23:34:49.0910 4204  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:34:49.0910 4204  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x750D800
23:34:49.0910 4204  \Device\Harddisk2\DR2:
23:34:49.0910 4204  MBR partitions:
23:34:49.0910 4204  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4E20000
23:34:49.0910 4204  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x30D40000
23:34:49.0910 4204  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x6F600800, BlocksNum 0x5105DB0
23:34:49.0910 4204  \Device\Harddisk3\DR3:
23:34:49.0911 4204  GPT partitions:
23:34:49.0911 4204  \Device\Harddisk3\DR3\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {BCF36C53-6213-48F5-9ABE-B66E52C32449}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
23:34:49.0911 4204  \Device\Harddisk3\DR3\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CA4728E0-EB6C-4988-A234-F4B8CFAB1165}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
23:34:49.0911 4204  MBR partitions:
23:34:49.0911 4204  ============================================================
23:34:49.0912 4204  C: <-> \Device\Harddisk1\DR1\Partition2
23:34:49.0927 4204  D: <-> \Device\Harddisk2\DR2\Partition1
23:34:49.0972 4204  E: <-> \Device\Harddisk2\DR2\Partition3
23:34:49.0972 4204  I: <-> \Device\Harddisk0\DR0\Partition1
23:34:50.0012 4204  J: <-> \Device\Harddisk2\DR2\Partition2
23:34:50.0035 4204  K: <-> \Device\Harddisk3\DR3\Partition2
23:34:50.0035 4204  ============================================================
23:34:50.0035 4204  Initialize success
23:34:50.0035 4204  ============================================================
23:35:31.0430 1220  ============================================================
23:35:31.0430 1220  Scan started
23:35:31.0430 1220  Mode: Manual; SigCheck; TDLFS; 
23:35:31.0430 1220  ============================================================
23:35:31.0637 1220  ================ Scan system memory ========================
23:35:31.0637 1220  System memory - ok
23:35:31.0638 1220  ================ Scan services =============================
23:35:31.0641 1220  !SASCORE - ok
23:35:31.0679 1220  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:35:31.0712 1220  1394ohci - ok
23:35:31.0718 1220  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:35:31.0729 1220  ACPI - ok
23:35:31.0731 1220  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:35:31.0741 1220  AcpiPmi - ok
23:35:31.0746 1220  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:35:31.0756 1220  AdobeARMservice - ok
23:35:31.0776 1220  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:35:31.0790 1220  AdobeFlashPlayerUpdateSvc - ok
23:35:31.0796 1220  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:35:31.0809 1220  adp94xx - ok
23:35:31.0815 1220  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:35:31.0826 1220  adpahci - ok
23:35:31.0829 1220  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:35:31.0837 1220  adpu320 - ok
23:35:31.0841 1220  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:35:31.0863 1220  AeLookupSvc - ok
23:35:31.0869 1220  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:35:31.0881 1220  AFD - ok
23:35:31.0883 1220  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:35:31.0889 1220  agp440 - ok
23:35:31.0892 1220  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:35:31.0904 1220  ALG - ok
23:35:31.0906 1220  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:35:31.0912 1220  aliide - ok
23:35:31.0914 1220  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:35:31.0920 1220  amdide - ok
23:35:31.0923 1220  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:35:31.0931 1220  AmdK8 - ok
23:35:31.0933 1220  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:35:31.0941 1220  AmdPPM - ok
23:35:31.0943 1220  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:35:31.0950 1220  amdsata - ok
23:35:31.0954 1220  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:35:31.0962 1220  amdsbs - ok
23:35:31.0964 1220  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:35:31.0970 1220  amdxata - ok
23:35:31.0977 1220  [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:35:31.0986 1220  AntiVirSchedulerService - ok
23:35:31.0989 1220  [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:35:31.0998 1220  AntiVirService - ok
23:35:32.0001 1220  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:35:32.0022 1220  AppID - ok
23:35:32.0024 1220  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:35:32.0046 1220  AppIDSvc - ok
23:35:32.0048 1220  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
23:35:32.0057 1220  Appinfo - ok
23:35:32.0060 1220  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
23:35:32.0066 1220  arc - ok
23:35:32.0069 1220  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:35:32.0075 1220  arcsas - ok
23:35:32.0088 1220  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:35:32.0100 1220  aspnet_state - ok
23:35:32.0103 1220  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:35:32.0125 1220  AsyncMac - ok
23:35:32.0127 1220  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:35:32.0133 1220  atapi - ok
23:35:32.0142 1220  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:35:32.0174 1220  AudioEndpointBuilder - ok
23:35:32.0183 1220  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:35:32.0207 1220  AudioSrv - ok
23:35:32.0210 1220  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:35:32.0219 1220  avgntflt - ok
23:35:32.0222 1220  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:35:32.0229 1220  avipbb - ok
23:35:32.0231 1220  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:35:32.0237 1220  avkmgr - ok
23:35:32.0241 1220  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:35:32.0252 1220  AxInstSV - ok
23:35:32.0259 1220  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:35:32.0272 1220  b06bdrv - ok
23:35:32.0277 1220  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:35:32.0286 1220  b57nd60a - ok
23:35:32.0290 1220  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:35:32.0298 1220  BDESVC - ok
23:35:32.0301 1220  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:35:32.0322 1220  Beep - ok
23:35:32.0332 1220  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:35:32.0361 1220  BFE - ok
23:35:32.0373 1220  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:35:32.0404 1220  BITS - ok
23:35:32.0407 1220  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:35:32.0414 1220  blbdrive - ok
23:35:32.0417 1220  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:35:32.0424 1220  bowser - ok
23:35:32.0426 1220  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:35:32.0435 1220  BrFiltLo - ok
23:35:32.0437 1220  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:35:32.0446 1220  BrFiltUp - ok
23:35:32.0449 1220  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:35:32.0458 1220  Browser - ok
23:35:32.0463 1220  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:35:32.0474 1220  Brserid - ok
23:35:32.0476 1220  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:35:32.0485 1220  BrSerWdm - ok
23:35:32.0487 1220  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:35:32.0496 1220  BrUsbMdm - ok
23:35:32.0498 1220  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:35:32.0505 1220  BrUsbSer - ok
23:35:32.0508 1220  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:35:32.0516 1220  BTHMODEM - ok
23:35:32.0520 1220  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:35:32.0541 1220  bthserv - ok
23:35:32.0544 1220  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:35:32.0566 1220  cdfs - ok
23:35:32.0569 1220  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:35:32.0578 1220  cdrom - ok
23:35:32.0581 1220  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:35:32.0602 1220  CertPropSvc - ok
23:35:32.0604 1220  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
23:35:32.0613 1220  circlass - ok
23:35:32.0619 1220  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:35:32.0630 1220  CLFS - ok
23:35:32.0638 1220  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
23:35:32.0677 1220  CLKMSVC10_38F51D56 - ok
23:35:32.0683 1220  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:35:32.0694 1220  clr_optimization_v2.0.50727_32 - ok
23:35:32.0698 1220  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:35:32.0710 1220  clr_optimization_v2.0.50727_64 - ok
23:35:32.0717 1220  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:35:32.0731 1220  clr_optimization_v4.0.30319_32 - ok
23:35:32.0734 1220  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:35:32.0744 1220  clr_optimization_v4.0.30319_64 - ok
23:35:32.0746 1220  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:35:32.0754 1220  CmBatt - ok
23:35:32.0756 1220  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:35:32.0762 1220  cmdide - ok
23:35:32.0769 1220  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
23:35:32.0784 1220  CNG - ok
23:35:32.0787 1220  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:35:32.0793 1220  Compbatt - ok
23:35:32.0795 1220  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:35:32.0805 1220  CompositeBus - ok
23:35:32.0806 1220  COMSysApp - ok
23:35:32.0809 1220  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:35:32.0815 1220  crcdisk - ok
23:35:32.0819 1220  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:35:32.0829 1220  CryptSvc - ok
23:35:32.0838 1220  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:35:32.0865 1220  DcomLaunch - ok
23:35:32.0870 1220  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:35:32.0894 1220  defragsvc - ok
23:35:32.0897 1220  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:35:32.0918 1220  DfsC - ok
23:35:32.0924 1220  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:35:32.0936 1220  Dhcp - ok
23:35:32.0938 1220  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:35:32.0960 1220  discache - ok
23:35:32.0963 1220  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
23:35:32.0969 1220  Disk - ok
23:35:32.0973 1220  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:35:32.0982 1220  Dnscache - ok
23:35:32.0987 1220  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:35:33.0010 1220  dot3svc - ok
23:35:33.0014 1220  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:35:33.0035 1220  DPS - ok
23:35:33.0038 1220  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:35:33.0046 1220  drmkaud - ok
23:35:33.0059 1220  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:35:33.0073 1220  DXGKrnl - ok
23:35:33.0077 1220  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:35:33.0099 1220  EapHost - ok
23:35:33.0133 1220  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:35:33.0180 1220  ebdrv - ok
23:35:33.0183 1220  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:35:33.0191 1220  EFS - ok
23:35:33.0203 1220  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:35:33.0230 1220  ehRecvr - ok
23:35:33.0234 1220  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:35:33.0248 1220  ehSched - ok
23:35:33.0255 1220  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:35:33.0268 1220  elxstor - ok
23:35:33.0270 1220  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:35:33.0277 1220  ErrDev - ok
23:35:33.0286 1220  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:35:33.0311 1220  EventSystem - ok
23:35:33.0316 1220  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:35:33.0338 1220  exfat - ok
23:35:33.0343 1220  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:35:33.0367 1220  fastfat - ok
23:35:33.0377 1220  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:35:33.0394 1220  Fax - ok
23:35:33.0397 1220  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
23:35:33.0404 1220  fdc - ok
23:35:33.0407 1220  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:35:33.0431 1220  fdPHost - ok
23:35:33.0434 1220  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:35:33.0455 1220  FDResPub - ok
23:35:33.0458 1220  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:35:33.0465 1220  FileInfo - ok
23:35:33.0467 1220  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:35:33.0488 1220  Filetrace - ok
23:35:33.0491 1220  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:35:33.0498 1220  flpydisk - ok
23:35:33.0503 1220  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:35:33.0513 1220  FltMgr - ok
23:35:33.0523 1220  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
23:35:33.0540 1220  FontCache - ok
23:35:33.0543 1220  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:35:33.0552 1220  FontCache3.0.0.0 - ok
23:35:33.0555 1220  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:35:33.0561 1220  FsDepends - ok
23:35:33.0563 1220  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:35:33.0569 1220  Fs_Rec - ok
23:35:33.0574 1220  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:35:33.0584 1220  fvevol - ok
23:35:33.0586 1220  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:35:33.0593 1220  gagp30kx - ok
23:35:33.0604 1220  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:35:33.0633 1220  gpsvc - ok
23:35:33.0638 1220  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:35:33.0644 1220  gupdate - ok
23:35:33.0648 1220  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:35:33.0653 1220  gupdatem - ok
23:35:33.0658 1220  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:35:33.0664 1220  gusvc - ok
23:35:33.0667 1220  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:35:33.0675 1220  hcw85cir - ok
23:35:33.0681 1220  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:35:33.0694 1220  HdAudAddService - ok
23:35:33.0696 1220  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:35:33.0706 1220  HDAudBus - ok
23:35:33.0708 1220  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:35:33.0715 1220  HidBatt - ok
23:35:33.0719 1220  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:35:33.0728 1220  HidBth - ok
23:35:33.0731 1220  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:35:33.0739 1220  HidIr - ok
23:35:33.0742 1220  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
23:35:33.0764 1220  hidserv - ok
23:35:33.0766 1220  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:35:33.0773 1220  HidUsb - ok
23:35:33.0776 1220  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:35:33.0798 1220  hkmsvc - ok
23:35:33.0803 1220  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:35:33.0813 1220  HomeGroupListener - ok
23:35:33.0818 1220  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:35:33.0827 1220  HomeGroupProvider - ok
23:35:33.0830 1220  [ 5DB012836189C25241701B99E72B2745 ] hotcore3        C:\Windows\system32\DRIVERS\hotcore3.sys
23:35:33.0836 1220  hotcore3 - ok
23:35:33.0838 1220  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:35:33.0845 1220  HpSAMD - ok
23:35:33.0855 1220  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:35:33.0885 1220  HTTP - ok
23:35:33.0887 1220  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:35:33.0893 1220  hwpolicy - ok
23:35:33.0896 1220  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:35:33.0904 1220  i8042prt - ok
23:35:33.0911 1220  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
23:35:33.0920 1220  iaStor - ok
23:35:33.0923 1220  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:35:33.0927 1220  IAStorDataMgrSvc - ok
23:35:33.0933 1220  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:35:33.0944 1220  iaStorV - ok
23:35:33.0957 1220  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:35:33.0991 1220  idsvc - ok
23:35:33.0993 1220  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:35:33.0999 1220  iirsp - ok
23:35:34.0011 1220  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:35:34.0043 1220  IKEEXT - ok
23:35:34.0066 1220  [ 3E49DAC8EEFA6016AA2A6331BEC866AE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:35:34.0095 1220  IntcAzAudAddService - ok
23:35:34.0098 1220  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:35:34.0103 1220  intelide - ok
23:35:34.0106 1220  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:35:34.0113 1220  intelppm - ok
23:35:34.0116 1220  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:35:34.0138 1220  IPBusEnum - ok
23:35:34.0142 1220  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:35:34.0167 1220  IpFilterDriver - ok
23:35:34.0174 1220  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:35:34.0188 1220  iphlpsvc - ok
23:35:34.0190 1220  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:35:34.0198 1220  IPMIDRV - ok
23:35:34.0202 1220  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:35:34.0223 1220  IPNAT - ok
23:35:34.0226 1220  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:35:34.0236 1220  IRENUM - ok
23:35:34.0238 1220  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:35:34.0244 1220  isapnp - ok
23:35:34.0250 1220  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:35:34.0258 1220  iScsiPrt - ok
23:35:34.0261 1220  [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID           C:\Windows\system32\drivers\jraid.sys
23:35:34.0267 1220  JRAID - ok
23:35:34.0270 1220  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:35:34.0276 1220  kbdclass - ok
23:35:34.0278 1220  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:35:34.0285 1220  kbdhid - ok
23:35:34.0287 1220  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:35:34.0294 1220  KeyIso - ok
23:35:34.0296 1220  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:35:34.0303 1220  KSecDD - ok
23:35:34.0307 1220  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:35:34.0315 1220  KSecPkg - ok
23:35:34.0317 1220  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:35:34.0338 1220  ksthunk - ok
23:35:34.0345 1220  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:35:34.0371 1220  KtmRm - ok
23:35:34.0376 1220  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:35:34.0400 1220  LanmanServer - ok
23:35:34.0403 1220  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:35:34.0425 1220  LanmanWorkstation - ok
23:35:34.0429 1220  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:35:34.0451 1220  lltdio - ok
23:35:34.0456 1220  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:35:34.0481 1220  lltdsvc - ok
23:35:34.0484 1220  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:35:34.0506 1220  lmhosts - ok
23:35:34.0510 1220  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:35:34.0517 1220  LSI_FC - ok
23:35:34.0520 1220  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:35:34.0527 1220  LSI_SAS - ok
23:35:34.0529 1220  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:35:34.0536 1220  LSI_SAS2 - ok
23:35:34.0539 1220  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:35:34.0545 1220  LSI_SCSI - ok
23:35:34.0549 1220  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:35:34.0571 1220  luafv - ok
23:35:34.0575 1220  [ B2085E335F2B57077B0CBADB6F1245CD ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
23:35:34.0583 1220  lvpopf64 - ok
23:35:34.0586 1220  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:35:34.0591 1220  LVPr2M64 - ok
23:35:34.0592 1220  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:35:34.0597 1220  LVPr2Mon - ok
23:35:34.0601 1220  [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
23:35:34.0611 1220  LVPrcS64 - ok
23:35:34.0616 1220  [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
23:35:34.0625 1220  LVRS64 - ok
23:35:34.0660 1220  [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
23:35:34.0711 1220  LVUVC64 - ok
23:35:34.0716 1220  [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
23:35:34.0724 1220  MarvinBus - ok
23:35:34.0727 1220  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:35:34.0735 1220  Mcx2Svc - ok
23:35:34.0737 1220  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:35:34.0744 1220  megasas - ok
23:35:34.0748 1220  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:35:34.0757 1220  MegaSR - ok
23:35:34.0760 1220  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
23:35:34.0765 1220  MEIx64 - ok
23:35:34.0769 1220  [ 4D09756E231182B5CB8306B44F533DAB ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
23:35:34.0776 1220  MemeoBackgroundService - ok
23:35:34.0778 1220  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:35:34.0801 1220  MMCSS - ok
23:35:34.0803 1220  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:35:34.0825 1220  Modem - ok
23:35:34.0827 1220  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:35:34.0836 1220  monitor - ok
23:35:34.0839 1220  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:35:34.0845 1220  mouclass - ok
23:35:34.0848 1220  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:35:34.0855 1220  mouhid - ok
23:35:34.0858 1220  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:35:34.0865 1220  mountmgr - ok
23:35:34.0868 1220  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:35:34.0880 1220  MozillaMaintenance - ok
23:35:34.0884 1220  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:35:34.0891 1220  mpio - ok
23:35:34.0894 1220  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:35:34.0916 1220  mpsdrv - ok
23:35:34.0927 1220  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:35:34.0957 1220  MpsSvc - ok
23:35:34.0961 1220  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:35:34.0972 1220  MRxDAV - ok
23:35:34.0975 1220  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:35:34.0983 1220  mrxsmb - ok
23:35:34.0988 1220  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:35:34.0996 1220  mrxsmb10 - ok
23:35:35.0000 1220  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:35:35.0007 1220  mrxsmb20 - ok
23:35:35.0010 1220  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:35:35.0016 1220  msahci - ok
23:35:35.0019 1220  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:35:35.0026 1220  msdsm - ok
23:35:35.0030 1220  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:35:35.0038 1220  MSDTC - ok
23:35:35.0042 1220  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:35:35.0064 1220  Msfs - ok
23:35:35.0066 1220  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:35:35.0087 1220  mshidkmdf - ok
23:35:35.0089 1220  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:35:35.0095 1220  msisadrv - ok
23:35:35.0099 1220  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:35:35.0122 1220  MSiSCSI - ok
23:35:35.0124 1220  msiserver - ok
23:35:35.0126 1220  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:35:35.0147 1220  MSKSSRV - ok
23:35:35.0149 1220  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:35:35.0171 1220  MSPCLOCK - ok
23:35:35.0173 1220  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:35:35.0194 1220  MSPQM - ok
23:35:35.0201 1220  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:35:35.0212 1220  MsRPC - ok
23:35:35.0215 1220  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:35:35.0221 1220  mssmbios - ok
23:35:35.0223 1220  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:35:35.0244 1220  MSTEE - ok
23:35:35.0271 1220  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:35:35.0311 1220  MTConfig - ok
23:35:35.0313 1220  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:35:35.0320 1220  Mup - ok
23:35:35.0326 1220  [ C752AB67A50F921622FE65725D1F6856 ] mv91xx          C:\Windows\system32\drivers\mv91xx.sys
23:35:35.0335 1220  mv91xx - ok
23:35:35.0339 1220  [ BB74024A1D4E4808562C090980151653 ] MyWebSearchService C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
23:35:35.0347 1220  MyWebSearchService - ok
23:35:35.0355 1220  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:35:35.0382 1220  napagent - ok
23:35:35.0388 1220  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:35:35.0401 1220  NativeWifiP - ok
23:35:35.0412 1220  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:35:35.0429 1220  NDIS - ok
23:35:35.0431 1220  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:35:35.0453 1220  NdisCap - ok
23:35:35.0456 1220  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:35:35.0477 1220  NdisTapi - ok
23:35:35.0479 1220  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:35:35.0500 1220  Ndisuio - ok
23:35:35.0504 1220  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:35:35.0526 1220  NdisWan - ok
23:35:35.0528 1220  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:35:35.0549 1220  NDProxy - ok
23:35:35.0552 1220  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:35:35.0573 1220  NetBIOS - ok
23:35:35.0578 1220  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:35:35.0601 1220  NetBT - ok
23:35:35.0603 1220  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:35:35.0610 1220  Netlogon - ok
23:35:35.0616 1220  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:35:35.0642 1220  Netman - ok
23:35:35.0644 1220  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:35.0658 1220  NetMsmqActivator - ok
23:35:35.0660 1220  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:35.0666 1220  NetPipeActivator - ok
23:35:35.0674 1220  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:35:35.0699 1220  netprofm - ok
23:35:35.0702 1220  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:35.0708 1220  NetTcpActivator - ok
23:35:35.0710 1220  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:35.0716 1220  NetTcpPortSharing - ok
23:35:35.0719 1220  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:35:35.0725 1220  nfrd960 - ok
23:35:35.0730 1220  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:35:35.0740 1220  NlaSvc - ok
23:35:35.0743 1220  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:35:35.0765 1220  Npfs - ok
23:35:35.0767 1220  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:35:35.0789 1220  nsi - ok
23:35:35.0791 1220  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:35:35.0812 1220  nsiproxy - ok
23:35:35.0831 1220  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:35:35.0861 1220  Ntfs - ok
23:35:35.0863 1220  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:35:35.0885 1220  Null - ok
23:35:35.0887 1220  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
23:35:35.0894 1220  nusb3hub - ok
23:35:35.0897 1220  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:35:35.0904 1220  nusb3xhc - ok
23:35:35.0908 1220  [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
23:35:35.0914 1220  NVHDA - ok
23:35:36.0012 1220  [ 9CE8977440293D56641E17B0A3F0C2EB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:35:36.0151 1220  nvlddmkm - ok
23:35:36.0157 1220  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:35:36.0164 1220  nvraid - ok
23:35:36.0168 1220  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:35:36.0175 1220  nvstor - ok
23:35:36.0188 1220  [ 03AF3264E58C6E3402FBA2A5D470A6B5 ] NVSvc           C:\Windows\system32\nvvsvc.exe
23:35:36.0204 1220  NVSvc ( UnsignedFile.Multi.Generic ) - warning
23:35:36.0204 1220  NVSvc - detected UnsignedFile.Multi.Generic (1)
23:35:36.0207 1220  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:35:36.0214 1220  nv_agp - ok
23:35:36.0221 1220  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:35:36.0239 1220  odserv - ok
23:35:36.0242 1220  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:35:36.0249 1220  ohci1394 - ok
23:35:36.0253 1220  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:35:36.0265 1220  ose - ok
23:35:36.0318 1220  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:35:36.0409 1220  osppsvc - ok
23:35:36.0417 1220  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:35:36.0429 1220  p2pimsvc - ok
23:35:36.0436 1220  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:35:36.0449 1220  p2psvc - ok
23:35:36.0452 1220  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
23:35:36.0460 1220  Parport - ok
23:35:36.0463 1220  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:35:36.0470 1220  partmgr - ok
23:35:36.0475 1220  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:35:36.0487 1220  PcaSvc - ok
23:35:36.0490 1220  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:35:36.0498 1220  pci - ok
23:35:36.0499 1220  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:35:36.0505 1220  pciide - ok
23:35:36.0509 1220  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:35:36.0517 1220  pcmcia - ok
23:35:36.0520 1220  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:35:36.0526 1220  pcw - ok
23:35:36.0535 1220  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:35:36.0563 1220  PEAUTH - ok
23:35:36.0584 1220  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:35:36.0595 1220  PerfHost - ok
23:35:36.0616 1220  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:35:36.0656 1220  pla - ok
23:35:36.0662 1220  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:35:36.0673 1220  PlugPlay - ok
23:35:36.0729 1220  [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider D:\Programs\PMBDeviceInfoProvider.exe
23:35:36.0885 1220  PMBDeviceInfoProvider - ok
23:35:36.0889 1220  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:35:36.0902 1220  PNRPAutoReg - ok
23:35:36.0909 1220  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:35:36.0920 1220  PNRPsvc - ok
23:35:36.0928 1220  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:35:36.0955 1220  PolicyAgent - ok
23:35:36.0960 1220  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:35:36.0982 1220  Power - ok
23:35:36.0986 1220  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:35:37.0007 1220  PptpMiniport - ok
23:35:37.0009 1220  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
23:35:37.0017 1220  Processor - ok
23:35:37.0024 1220  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:35:37.0033 1220  ProfSvc - ok
23:35:37.0035 1220  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:35:37.0042 1220  ProtectedStorage - ok
23:35:37.0045 1220  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:35:37.0066 1220  Psched - ok
23:35:37.0086 1220  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:35:37.0117 1220  ql2300 - ok
23:35:37.0120 1220  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:35:37.0127 1220  ql40xx - ok
23:35:37.0132 1220  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:35:37.0144 1220  QWAVE - ok
23:35:37.0147 1220  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:35:37.0157 1220  QWAVEdrv - ok
23:35:37.0160 1220  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:35:37.0181 1220  RasAcd - ok
23:35:37.0184 1220  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:35:37.0205 1220  RasAgileVpn - ok
23:35:37.0209 1220  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:35:37.0231 1220  RasAuto - ok
23:35:37.0234 1220  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:35:37.0255 1220  Rasl2tp - ok
23:35:37.0261 1220  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:35:37.0286 1220  RasMan - ok
23:35:37.0289 1220  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:35:37.0311 1220  RasPppoe - ok
23:35:37.0314 1220  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:35:37.0336 1220  RasSstp - ok
23:35:37.0342 1220  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:35:37.0365 1220  rdbss - ok
23:35:37.0368 1220  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:35:37.0376 1220  rdpbus - ok
23:35:37.0379 1220  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:35:37.0400 1220  RDPCDD - ok
23:35:37.0403 1220  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:35:37.0424 1220  RDPENCDD - ok
23:35:37.0427 1220  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:35:37.0448 1220  RDPREFMP - ok
23:35:37.0452 1220  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:35:37.0461 1220  RDPWD - ok
23:35:37.0466 1220  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:35:37.0473 1220  rdyboost - ok
23:35:37.0476 1220  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:35:37.0498 1220  RemoteAccess - ok
23:35:37.0502 1220  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:35:37.0524 1220  RemoteRegistry - ok
23:35:37.0530 1220  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:35:37.0541 1220  RichVideo - ok
23:35:37.0544 1220  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:35:37.0566 1220  RpcEptMapper - ok
23:35:37.0568 1220  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:35:37.0576 1220  RpcLocator - ok
23:35:37.0583 1220  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:35:37.0607 1220  RpcSs - ok
23:35:37.0610 1220  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:35:37.0631 1220  rspndr - ok
23:35:37.0638 1220  [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:35:37.0646 1220  RTL8167 - ok
23:35:37.0655 1220  [ 4629C5C4772D223B0ECD1EA8BA7A2A33 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
23:35:37.0666 1220  RTL8192su - ok
23:35:37.0668 1220  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:35:37.0675 1220  SamSs - ok
23:35:37.0678 1220  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:35:37.0685 1220  sbp2port - ok
23:35:37.0689 1220  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:35:37.0712 1220  SCardSvr - ok
23:35:37.0714 1220  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:35:37.0735 1220  scfilter - ok
23:35:37.0750 1220  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:35:37.0782 1220  Schedule - ok
23:35:37.0785 1220  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:35:37.0805 1220  SCPolicySvc - ok
23:35:37.0809 1220  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:35:37.0818 1220  SDRSVC - ok
23:35:37.0820 1220  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:35:37.0841 1220  secdrv - ok
23:35:37.0844 1220  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:35:37.0865 1220  seclogon - ok
23:35:37.0868 1220  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:35:37.0890 1220  SENS - ok
23:35:37.0892 1220  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:35:37.0900 1220  SensrSvc - ok
23:35:37.0903 1220  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:35:37.0910 1220  Serenum - ok
23:35:37.0913 1220  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
23:35:37.0921 1220  Serial - ok
23:35:37.0923 1220  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:35:37.0931 1220  sermouse - ok
23:35:37.0936 1220  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:35:37.0958 1220  SessionEnv - ok
23:35:37.0997 1220  [ 02DED435FCAA1C02959051AF636E154A ] sesvc           D:\Programs\ShadowExplorer\sesvc.exe
23:35:38.0002 1220  sesvc ( UnsignedFile.Multi.Generic ) - warning
23:35:38.0002 1220  sesvc - detected UnsignedFile.Multi.Generic (1)
23:35:38.0004 1220  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:35:38.0012 1220  sffdisk - ok
23:35:38.0015 1220  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:35:38.0023 1220  sffp_mmc - ok
23:35:38.0025 1220  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:35:38.0033 1220  sffp_sd - ok
23:35:38.0035 1220  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:35:38.0042 1220  sfloppy - ok
23:35:38.0049 1220  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:35:38.0074 1220  SharedAccess - ok
23:35:38.0081 1220  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:35:38.0104 1220  ShellHWDetection - ok
23:35:38.0107 1220  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:35:38.0113 1220  SiSRaid2 - ok
23:35:38.0116 1220  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:35:38.0123 1220  SiSRaid4 - ok
23:35:38.0139 1220  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     D:\Programs\Updater\Updater.exe
23:35:38.0145 1220  SkypeUpdate - ok
23:35:38.0148 1220  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:35:38.0171 1220  Smb - ok
23:35:38.0175 1220  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:35:38.0183 1220  SNMPTRAP - ok
23:35:38.0185 1220  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:35:38.0191 1220  spldr - ok
23:35:38.0197 1220  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:35:38.0209 1220  Spooler - ok
23:35:38.0252 1220  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:35:38.0318 1220  sppsvc - ok
23:35:38.0321 1220  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:35:38.0344 1220  sppuinotify - ok
23:35:38.0349 1220  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:35:38.0360 1220  srv - ok
23:35:38.0365 1220  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:35:38.0374 1220  srv2 - ok
23:35:38.0377 1220  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:35:38.0385 1220  srvnet - ok
23:35:38.0389 1220  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:35:38.0412 1220  SSDPSRV - ok
23:35:38.0415 1220  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:35:38.0438 1220  SstpSvc - ok
23:35:38.0440 1220  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:35:38.0446 1220  stexstor - ok
23:35:38.0455 1220  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:35:38.0473 1220  stisvc - ok
23:35:38.0475 1220  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:35:38.0481 1220  swenum - ok
23:35:38.0489 1220  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:35:38.0516 1220  swprv - ok
23:35:38.0539 1220  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:35:38.0571 1220  SysMain - ok
23:35:38.0574 1220  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:35:38.0585 1220  TabletInputService - ok
23:35:38.0590 1220  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:35:38.0614 1220  TapiSrv - ok
23:35:38.0617 1220  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:35:38.0639 1220  TBS - ok
23:35:38.0656 1220  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:35:38.0684 1220  Tcpip - ok
23:35:38.0702 1220  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:35:38.0724 1220  TCPIP6 - ok
23:35:38.0728 1220  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:35:38.0735 1220  tcpipreg - ok
23:35:38.0738 1220  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:35:38.0745 1220  TDPIPE - ok
23:35:38.0747 1220  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:35:38.0754 1220  TDTCP - ok
23:35:38.0758 1220  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:35:38.0778 1220  tdx - ok
23:35:38.0780 1220  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:35:38.0787 1220  TermDD - ok
23:35:38.0797 1220  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:35:38.0826 1220  TermService - ok
23:35:38.0828 1220  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:35:38.0840 1220  Themes - ok
23:35:38.0842 1220  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:35:38.0863 1220  THREADORDER - ok
23:35:38.0867 1220  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:35:38.0889 1220  TrkWks - ok
23:35:38.0893 1220  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:35:38.0915 1220  TrustedInstaller - ok
23:35:38.0918 1220  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:35:38.0939 1220  tssecsrv - ok
23:35:38.0941 1220  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:35:38.0949 1220  TsUsbFlt - ok
23:35:38.0951 1220  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:35:38.0958 1220  TsUsbGD - ok
23:35:38.0961 1220  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:35:38.0982 1220  tunnel - ok
23:35:38.0985 1220  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:35:38.0991 1220  uagp35 - ok
23:35:38.0997 1220  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:35:39.0022 1220  udfs - ok
23:35:39.0026 1220  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:35:39.0034 1220  UI0Detect - ok
23:35:39.0038 1220  [ 34859D3801F4BD3DACFA131DD928455A ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
23:35:39.0043 1220  UimBus - ok
23:35:39.0051 1220  [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
23:35:39.0062 1220  Uim_IM - ok
23:35:39.0067 1220  [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
23:35:39.0076 1220  Uim_VIM - ok
23:35:39.0079 1220  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:35:39.0085 1220  uliagpkx - ok
23:35:39.0087 1220  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:35:39.0095 1220  umbus - ok
23:35:39.0097 1220  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:35:39.0104 1220  UmPass - ok
23:35:39.0110 1220  [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:35:39.0124 1220  UMVPFSrv - ok
23:35:39.0131 1220  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:35:39.0156 1220  upnphost - ok
23:35:39.0159 1220  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:35:39.0168 1220  usbaudio - ok
23:35:39.0171 1220  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:35:39.0178 1220  usbccgp - ok
23:35:39.0181 1220  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:35:39.0190 1220  usbcir - ok
23:35:39.0192 1220  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:35:39.0199 1220  usbehci - ok
23:35:39.0205 1220  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:35:39.0215 1220  usbhub - ok
23:35:39.0217 1220  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:35:39.0224 1220  usbohci - ok
23:35:39.0226 1220  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:35:39.0235 1220  usbprint - ok
23:35:39.0237 1220  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:35:39.0246 1220  usbscan - ok
23:35:39.0249 1220  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:35:39.0257 1220  USBSTOR - ok
23:35:39.0259 1220  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:35:39.0266 1220  usbuhci - ok
23:35:39.0268 1220  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
23:35:39.0276 1220  usb_rndisx - ok
23:35:39.0278 1220  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:35:39.0300 1220  UxSms - ok
23:35:39.0303 1220  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:35:39.0310 1220  VaultSvc - ok
23:35:39.0312 1220  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:35:39.0319 1220  vdrvroot - ok
23:35:39.0327 1220  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:35:39.0355 1220  vds - ok
23:35:39.0357 1220  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:35:39.0366 1220  vga - ok
23:35:39.0368 1220  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:35:39.0390 1220  VgaSave - ok
23:35:39.0394 1220  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:35:39.0402 1220  vhdmp - ok
23:35:39.0405 1220  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:35:39.0411 1220  viaide - ok
23:35:39.0413 1220  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:35:39.0420 1220  volmgr - ok
23:35:39.0426 1220  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:35:39.0437 1220  volmgrx - ok
23:35:39.0442 1220  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:35:39.0451 1220  volsnap - ok
23:35:39.0455 1220  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:35:39.0462 1220  vsmraid - ok
23:35:39.0483 1220  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:35:39.0526 1220  VSS - ok
23:35:39.0528 1220  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:35:39.0537 1220  vwifibus - ok
23:35:39.0540 1220  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:35:39.0550 1220  vwififlt - ok
23:35:39.0557 1220  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:35:39.0582 1220  W32Time - ok
23:35:39.0585 1220  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:35:39.0592 1220  WacomPen - ok
23:35:39.0595 1220  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:35:39.0616 1220  WANARP - ok
23:35:39.0619 1220  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:35:39.0639 1220  Wanarpv6 - ok
23:35:39.0651 1220  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:35:39.0683 1220  WatAdminSvc - ok
23:35:39.0702 1220  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:35:39.0730 1220  wbengine - ok
23:35:39.0735 1220  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:35:39.0748 1220  WbioSrvc - ok
23:35:39.0754 1220  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:35:39.0769 1220  wcncsvc - ok
23:35:39.0771 1220  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:35:39.0780 1220  WcsPlugInService - ok
23:35:39.0782 1220  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
23:35:39.0788 1220  Wd - ok
23:35:39.0798 1220  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:35:39.0815 1220  Wdf01000 - ok
23:35:39.0818 1220  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:35:39.0846 1220  WdiServiceHost - ok
23:35:39.0849 1220  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:35:39.0860 1220  WdiSystemHost - ok
23:35:39.0866 1220  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:35:39.0879 1220  WebClient - ok
23:35:39.0883 1220  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:35:39.0908 1220  Wecsvc - ok
23:35:39.0910 1220  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:35:39.0933 1220  wercplsupport - ok
23:35:39.0936 1220  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:35:39.0959 1220  WerSvc - ok
23:35:39.0961 1220  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:35:39.0981 1220  WfpLwf - ok
23:35:39.0983 1220  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:35:39.0990 1220  WIMMount - ok
23:35:39.0991 1220  WinDefend - ok
23:35:39.0994 1220  WinHttpAutoProxySvc - ok
23:35:40.0003 1220  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:35:40.0033 1220  Winmgmt - ok
23:35:40.0058 1220  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:35:40.0105 1220  WinRM - ok
23:35:40.0110 1220  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:35:40.0118 1220  WinUsb - ok
23:35:40.0131 1220  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:35:40.0228 1220  Wlansvc - ok
23:35:40.0233 1220  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:35:40.0246 1220  wlcrasvc - ok
23:35:40.0272 1220  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:35:40.0310 1220  wlidsvc - ok
23:35:40.0313 1220  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:35:40.0320 1220  WmiAcpi - ok
23:35:40.0325 1220  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:35:40.0339 1220  wmiApSrv - ok
23:35:40.0341 1220  WMPNetworkSvc - ok
23:35:40.0344 1220  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:35:40.0351 1220  WPCSvc - ok
23:35:40.0355 1220  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:35:40.0364 1220  WPDBusEnum - ok
23:35:40.0366 1220  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:35:40.0387 1220  ws2ifsl - ok
23:35:40.0390 1220  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:35:40.0447 1220  wscsvc - ok
23:35:40.0449 1220  WSearch - ok
23:35:40.0454 1220  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
23:35:40.0460 1220  wsvd - ok
23:35:40.0486 1220  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:35:40.0528 1220  wuauserv - ok
23:35:40.0531 1220  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:35:40.0538 1220  WudfPf - ok
23:35:40.0543 1220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:35:40.0551 1220  WUDFRd - ok
23:35:40.0554 1220  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:35:40.0563 1220  wudfsvc - ok
23:35:40.0567 1220  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:35:40.0577 1220  WwanSvc - ok
23:35:40.0581 1220  ================ Scan global ===============================
23:35:40.0583 1220  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:35:40.0587 1220  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:35:40.0592 1220  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:35:40.0596 1220  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:35:40.0601 1220  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:35:40.0603 1220  [Global] - ok
23:35:40.0603 1220  ================ Scan MBR ==================================
23:35:41.0064 1220  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
23:35:41.0128 1220  \Device\Harddisk0\DR0 - ok
23:35:41.0130 1220  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk1\DR1
23:35:42.0586 1220  \Device\Harddisk1\DR1 - ok
23:35:42.0597 1220  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
23:35:42.0667 1220  \Device\Harddisk2\DR2 - ok
23:35:42.0672 1220  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
23:35:42.0724 1220  \Device\Harddisk3\DR3 - ok
23:35:42.0725 1220  ================ Scan VBR ==================================
23:35:42.0727 1220  [ E1D5B2EFD342637E1E23CD2A3C1848CD ] \Device\Harddisk0\DR0\Partition1
23:35:42.0728 1220  \Device\Harddisk0\DR0\Partition1 - ok
23:35:42.0731 1220  [ EFFF90656A9863CF29DD9378ECDC4C20 ] \Device\Harddisk1\DR1\Partition1
23:35:42.0732 1220  \Device\Harddisk1\DR1\Partition1 - ok
23:35:42.0735 1220  [ 1FFAF75F2F8BB5A2E4056F867A1C5632 ] \Device\Harddisk1\DR1\Partition2
23:35:42.0737 1220  \Device\Harddisk1\DR1\Partition2 - ok
23:35:42.0773 1220  [ 24EF07C7456FB222A8F684FCD75EBDA1 ] \Device\Harddisk2\DR2\Partition1
23:35:42.0775 1220  \Device\Harddisk2\DR2\Partition1 - ok
23:35:42.0787 1220  [ FA19090E269F380527FB12C3AF6F0ABA ] \Device\Harddisk2\DR2\Partition2
23:35:42.0789 1220  \Device\Harddisk2\DR2\Partition2 - ok
23:35:42.0820 1220  [ 21AABA46F0C5427617BD11FCF0EFA0DD ] \Device\Harddisk2\DR2\Partition3
23:35:42.0821 1220  \Device\Harddisk2\DR2\Partition3 - ok
23:35:42.0824 1220  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk3\DR3\Partition1
23:35:42.0824 1220  \Device\Harddisk3\DR3\Partition1 - ok
23:35:42.0828 1220  [ CCB58B494A573981E23BA15F85D04DA7 ] \Device\Harddisk3\DR3\Partition2
23:35:42.0829 1220  \Device\Harddisk3\DR3\Partition2 - ok
23:35:42.0830 1220  ============================================================
23:35:42.0830 1220  Scan finished
23:35:42.0830 1220  ============================================================
23:35:42.0839 2884  Detected object count: 2
23:35:42.0839 2884  Actual detected object count: 2
23:37:31.0469 2884  NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:31.0469 2884  NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:37:31.0470 2884  sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:31.0470 2884  sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
TDSSKiller hat funktioniert.

Alt 28.07.2013, 23:22   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.07.2013, 09:19   #12
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Hallo Cosinus

Hier die JRT.txt Datei
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.6 (07.28.2013:1)
OS: Windows 7 Home Premium x64
Ran by Peter Elsasser on 29.07.2013 at  8:41:14.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] mywebsearchservice 
Successfully deleted: [Service] mywebsearchservice 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\datamngr
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\my web search bar search scope monitor
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dnsbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{08858af6-42ad-4914-95d2-ac3ab0dc8e28}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{799391d3-eb86-4bac-9bd3-cbfea58a0e15}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d858dafc-9573-4811-b323-7011a3aa7e61}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{01947140-417f-46b6-8751-a3a2b8345e1a}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{8ffdf636-0d87-4b33-b9e9-79a53f6e1dae}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchqumediabartb
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{08858af6-42ad-4914-95d2-ac3ab0dc8e28}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{25560540-9571-4d7b-9389-0f166788785a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{3e720452-b472-4954-b7aa-33069eb53906}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Failed to delete: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Peter Elsasser\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Peter Elsasser\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Peter Elsasser\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Peter Elsasser\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\Peter Elsasser\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\Peter Elsasser\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files (x86)\mywebsearch"
Successfully deleted: [Folder] "C:\Program Files (x86)\wi3c8a~1"
Successfully deleted: [Folder] "C:\Program Files (x86)\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{442CF549-C68C-4E92-B1DD-EB3B5C111042}
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{4D8969D6-60FB-4892-8CBF-310F0B1C5804}
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{592BD2A3-806D-47D3-9F4F-30775B5FD465}
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{92AE7A36-3D56-4DD3-81E0-E3DDAE93D58D}
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{AB031658-E733-40EA-8AE7-151D4CC320F8}
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{AD9B1101-86F3-4368-84B0-6F3E9A4E9B12}
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{E5C57DEA-DCEE-490D-B998-EFB092181064}
Successfully deleted: [Empty Folder] C:\Users\Peter Elsasser\appdata\local\{F8D468F0-1B4E-4F84-8C17-65D758DC897D}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\user.js
Successfully deleted: [File] C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\searchplugins\search_results.xml
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Successfully deleted: [Folder] C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\winamptoolbardata
Successfully deleted: [Folder] C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\extensions\m3ffxtbr@mywebsearch.com
Failed to delete: [Folder] C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Successfully deleted: [Folder] C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com
Successfully deleted the following from C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\prefs.js

user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=");
Emptied folder: C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\minidumps [155 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2013 at  8:43:59.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Hier der AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 29/07/2013 um 09:05:57 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Peter Elsasser - PE_ERAZER
# Bootmodus : Normal
# Ausgeführt unter : J:\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Ordner Gelöscht : C:\Users\Clara\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Clara\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\Clara\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\Clara\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\Clara\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Clara\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\o9kqag7d.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\o9kqag7d.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\Michelle\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\Michelle\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\Michelle\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Michelle\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Peter Elsasser\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Schlüssel Gelöscht : HKLM\Software\FocusInteractive
Schlüssel Gelöscht : HKLM\Software\Fun Web Products
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Peter Elsasser\AppData\Roaming\Mozilla\Firefox\Profiles\fmeb9oc3.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Clara\AppData\Roaming\Mozilla\Firefox\Profiles\o9kqag7d.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\wc5sd9te.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Peter Elsasser\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [23277 octets] - [29/07/2013 09:05:57]

########## EOF - C:\AdwCleaner[S1].txt - [23338 octets] ##########
         
OTL
Code:
ATTFilter
OTL logfile created on: 7/29/2013 9:13:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Peter Elsasser\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.98 Gb Total Physical Memory | 13.38 Gb Available Physical Memory | 83.72% Memory free
31.96 Gb Paging File | 29.19 Gb Available in Paging File | 91.31% Paging File free
Paging file location(s): j:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.53 Gb Total Space | 1.34 Gb Free Space | 2.30% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 9.44 Gb Free Space | 24.18% Space Free | Partition Type: NTFS
Drive E: | 40.51 Gb Total Space | 6.35 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
Drive I: | 931.28 Gb Total Space | 162.09 Gb Free Space | 17.40% Space Free | Partition Type: FAT32
Drive J: | 390.62 Gb Total Space | 353.13 Gb Free Space | 90.40% Space Free | Partition Type: NTFS
Drive K: | 2794.39 Gb Total Space | 1917.96 Gb Free Space | 68.64% Space Free | Partition Type: NTFS
 
Computer Name: PE_ERAZER | User Name: Peter Elsasser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Peter Elsasser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Peter Elsasser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programs\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - D:\Programs\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - D:\Programs\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - D:\Programs\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bf97db1b84277902561096c62d42ee22\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dcc781ebbddf98a9cf6dd4f3b17f1063\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Peter Elsasser\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Peter Elsasser\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (MemeoBackgroundService) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe (Memeo)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- D:\Programs\Updater\Updater.exe (Skype Technologies)
SRV - (sesvc) -- D:\Programs\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PMBDeviceInfoProvider) -- D:\Programs\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3996255496-3666725221-632000549-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3996255496-3666725221-632000549-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3996255496-3666725221-632000549-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3996255496-3666725221-632000549-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3996255496-3666725221-632000549-1001\..\SearchScopes\{3F061260-9C50-4782-B1F9-128A1F474977}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_deCH456CH456
IE - HKU\S-1-5-21-3996255496-3666725221-632000549-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.6
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:7.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programs\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Programs\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/29 08:42:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/29 08:42:29 | 000,000,000 | ---D | M]
 
[2011/12/24 10:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Elsasser\AppData\Roaming\mozilla\Extensions
[2013/07/29 09:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Elsasser\AppData\Roaming\mozilla\Firefox\Profiles\fmeb9oc3.default\extensions
[2013/05/23 19:40:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Peter Elsasser\AppData\Roaming\mozilla\Firefox\Profiles\fmeb9oc3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/07/02 22:41:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Peter Elsasser\AppData\Roaming\mozilla\Firefox\Profiles\fmeb9oc3.default\extensions\firefox@ghostery.com
[2013/07/28 00:44:41 | 000,143,928 | ---- | M] () (No name found) -- C:\Users\Peter Elsasser\AppData\Roaming\mozilla\firefox\profiles\fmeb9oc3.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013/07/02 23:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/07/02 23:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/07/02 23:06:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\Programs\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\Programs\Office14\NPSPWRAP.DLL
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\Programs\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\Programs\Office14\NPSPWRAP.DLL
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC
CHR - Extension: Docs = C:\Users\Peter Elsasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Peter Elsasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Peter Elsasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Peter Elsasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Peter Elsasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3996255496-3666725221-632000549-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LWS] D:\Programs\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] D:\Programs\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] D:\Programs\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3996255496-3666725221-632000549-1001..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3996255496-3666725221-632000549-1001..\Run: [Skype] D:\Programs\Phone\Skype.exe (Skype Technologies S.A.)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Peter Elsasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter Elsasser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay.ch - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5222-72748-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.ch - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5222-72748-17534-1/4 File not found
O9 - Extra Button: eBay.ch - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5222-72748-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.ch - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5222-72748-17534-1/4 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E6EE11-C465-4B32-872B-6B66263E0ADF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{300F73AC-9ED7-4530-9906-791B984FDDCB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f078a30d-32c7-11e1-9112-e0b9a58d3d76}\Shell - "" = AutoRun
O33 - MountPoints2\{f078a30d-32c7-11e1-9112-e0b9a58d3d76}\Shell\AutoRun\command - "" = J:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/29 08:41:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/27 23:17:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Peter Elsasser\Desktop\aswMBR.exe
[2013/07/25 21:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/25 21:48:57 | 000,000,000 | ---D | C] -- C:\Users\Peter Elsasser\Desktop\mbar
[2013/07/25 21:23:50 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/24 20:25:02 | 000,000,000 | ---D | C] -- C:\Users\Peter Elsasser\AppData\Roaming\www.shadowexplorer.com
[2013/07/24 20:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2013/07/22 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/07/22 22:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/07/22 21:17:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peter Elsasser\Desktop\OTL.exe
[2013/07/17 23:51:10 | 000,000,000 | ---D | C] -- C:\archive_db
[2013/07/17 22:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/17 21:50:40 | 000,000,000 | ---D | C] -- C:\Users\Peter Elsasser\AppData\Roaming\JPEGsnoop
[2013/07/15 22:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiSpyInfo
[2013/07/15 22:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Spy.Info
[2013/07/15 21:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/15 21:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/15 21:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/07/15 21:34:19 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/15 21:34:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/15 21:34:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/15 21:34:19 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/15 21:34:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/15 21:34:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/15 21:34:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/15 21:34:13 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/07/15 21:34:13 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/07/15 21:34:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/07/15 21:34:13 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/07/15 21:34:08 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/07/15 21:34:08 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/07/15 21:34:08 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/07/15 21:34:08 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/07/15 21:34:08 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/07/15 21:34:08 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/07/15 21:34:06 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/15 21:34:06 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/15 21:34:06 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/07/15 21:34:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/07/15 21:34:06 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/07/15 21:34:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/07/15 21:34:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/07/15 21:34:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/07/15 21:33:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/07/15 21:33:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/07/15 21:33:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/07/15 21:33:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/07/15 21:33:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/07/15 21:33:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/07/15 21:33:50 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/07/15 21:33:50 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/07/15 21:33:50 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/07/15 21:33:49 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/07/15 21:33:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/07/15 21:33:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/07/15 21:33:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/07/15 21:33:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/07/15 21:33:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/07/15 21:33:15 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/15 21:33:15 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/15 21:33:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/07/15 21:33:12 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/07/15 21:33:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/07/15 21:32:58 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/15 21:32:58 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/15 21:32:40 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/07/15 21:32:40 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/07/15 21:32:31 | 001,545,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/02 23:19:37 | 000,000,000 | ---D | C] -- C:\Users\Peter Elsasser\AppData\Local\Adobe_Systems_Incorporate
[2013/07/02 23:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/07/02 23:19:26 | 000,000,000 | ---D | C] -- E:\Peter Elsasser\Eigene Dokumente\My Digital Editions
[2013/07/02 23:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/02 22:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/03/24 12:37:25 | 019,786,880 | ---- | C] (Electronic Arts, Inc.) -- C:\Program Files (x86)\eadm-installer.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/29 09:14:22 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/29 09:14:22 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/29 09:14:22 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/29 09:14:22 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/29 09:14:22 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/29 09:09:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/29 09:07:27 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/07/29 09:07:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/29 09:07:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/07/29 09:07:23 | 4280,569,854 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/29 09:06:06 | 000,000,156 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 09:06:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/29 09:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/29 08:58:42 | 000,000,842 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\adwcleaner.exe - Verknüpfung.lnk
[2013/07/29 08:42:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 08:42:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 08:38:52 | 000,001,089 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\JRT.exe - Verknüpfung.lnk
[2013/07/28 22:16:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a.job
[2013/07/27 23:34:05 | 000,001,144 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\tdsskiller.exe - Verknüpfung.lnk
[2013/07/27 23:16:21 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Peter Elsasser\Desktop\aswMBR.exe
[2013/07/25 21:46:13 | 000,001,192 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\mbar-1.06.0.1004.zip - Verknüpfung.lnk
[2013/07/25 21:21:40 | 000,001,114 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\FRST64.exe - Verknüpfung.lnk
[2013/07/24 20:24:58 | 000,000,768 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\ShadowExplorer.lnk
[2013/07/23 02:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e.job
[2013/07/22 22:37:12 | 000,473,176 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\Logfiles.zip
[2013/07/22 22:18:45 | 000,411,149 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\LogfilesPE.zip
[2013/07/22 22:08:09 | 000,389,019 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\Desktop.7z
[2013/07/22 22:07:41 | 000,408,216 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\Desktop.zip
[2013/07/22 21:49:11 | 000,377,856 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\gmer_2.1.19163.exe
[2013/07/22 21:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Elsasser\Desktop\OTL.exe
[2013/07/22 21:13:48 | 000,000,000 | ---- | M] () -- C:\Users\Peter Elsasser\defogger_reenable
[2013/07/22 21:12:29 | 000,050,477 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\Defogger(1).exe
[2013/07/17 22:20:49 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/17 21:56:42 | 000,226,183 | ---- | M] () -- E:\Peter Elsasser\Eigene Dokumente\Virus.pdf
[2013/07/15 23:16:44 | 000,395,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/12 23:13:20 | 000,001,063 | ---- | M] () -- C:\Users\Peter Elsasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/07/12 23:13:16 | 000,001,049 | ---- | M] () -- C:\Users\Peter Elsasser\Desktop\Dropbox.lnk
[2013/07/02 23:19:27 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/01 22:11:39 | 000,004,984 | R--- | M] () -- C:\ProgramData\READ_TO_DECRYPT!!!.html
[2013/07/01 21:44:54 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/29 09:06:01 | 000,000,156 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 08:58:42 | 000,000,842 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\adwcleaner.exe - Verknüpfung.lnk
[2013/07/29 08:38:52 | 000,001,089 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\JRT.exe - Verknüpfung.lnk
[2013/07/27 23:34:05 | 000,001,144 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\tdsskiller.exe - Verknüpfung.lnk
[2013/07/25 21:46:13 | 000,001,192 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\mbar-1.06.0.1004.zip - Verknüpfung.lnk
[2013/07/25 21:21:40 | 000,001,114 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\FRST64.exe - Verknüpfung.lnk
[2013/07/24 20:24:58 | 000,000,768 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\ShadowExplorer.lnk
[2013/07/22 22:37:12 | 000,473,176 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\Logfiles.zip
[2013/07/22 22:18:45 | 000,411,149 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\LogfilesPE.zip
[2013/07/22 22:08:09 | 000,389,019 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\Desktop.7z
[2013/07/22 22:07:41 | 000,408,216 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\Desktop.zip
[2013/07/22 21:49:10 | 000,377,856 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\gmer_2.1.19163.exe
[2013/07/22 21:14:40 | 000,050,477 | ---- | C] () -- C:\Users\Peter Elsasser\Desktop\Defogger(1).exe
[2013/07/22 21:13:48 | 000,000,000 | ---- | C] () -- C:\Users\Peter Elsasser\defogger_reenable
[2013/07/17 22:20:49 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/17 22:16:22 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d8235377-097b-437d-9f52-e80de611ee0a.job
[2013/07/17 22:16:22 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 50ff43e1-931b-4fa9-9ebe-fd35caeab93e.job
[2013/07/17 21:56:42 | 000,226,183 | ---- | C] () -- E:\Peter Elsasser\Eigene Dokumente\Virus.pdf
[2013/07/02 23:19:27 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/02 23:19:27 | 000,000,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013/07/01 22:11:39 | 000,004,984 | R--- | C] () -- C:\ProgramData\READ_TO_DECRYPT!!!.html
[2012/07/29 13:00:44 | 000,007,602 | ---- | C] () -- C:\Users\Peter Elsasser\AppData\Local\Resmon.ResmonCfg
[2011/12/07 23:25:21 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/06 18:10:26 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 395 bytes -> C:\ProgramData\Temp:014474D4

< End of report >
         

Alt 29.07.2013, 09:22   #13
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Code:
ATTFilter
OTL Extras logfile created on: 7/29/2013 9:13:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Peter Elsasser\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.98 Gb Total Physical Memory | 13.38 Gb Available Physical Memory | 83.72% Memory free
31.96 Gb Paging File | 29.19 Gb Available in Paging File | 91.31% Paging File free
Paging file location(s): j:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.53 Gb Total Space | 1.34 Gb Free Space | 2.30% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 9.44 Gb Free Space | 24.18% Space Free | Partition Type: NTFS
Drive E: | 40.51 Gb Total Space | 6.35 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
Drive I: | 931.28 Gb Total Space | 162.09 Gb Free Space | 17.40% Space Free | Partition Type: FAT32
Drive J: | 390.62 Gb Total Space | 353.13 Gb Free Space | 90.40% Space Free | Partition Type: NTFS
Drive K: | 2794.39 Gb Total Space | 1917.96 Gb Free Space | 68.64% Space Free | Partition Type: NTFS
 
Computer Name: PE_ERAZER | User Name: Peter Elsasser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3996255496-3666725221-632000549-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programs\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programs\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programs\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programs\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programs\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programs\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E5C5F4B-88B1-469C-B8E9-2E83370C53DB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{217D419B-00D9-4D25-A843-99BFAD21D45B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{30F1FB37-79EB-4C78-A97E-39E0238A59B5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{31B38936-7E6B-435B-A21C-25CAE3D80583}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{331A7C0F-0D8D-4F91-8125-B506252FE248}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3C3EA27E-2914-49C4-8C29-5410B8C7CAD0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{404D178D-0C90-4094-B018-FC1E835EA5C5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{41B5D8A4-081E-4142-8559-7FE1F4544D36}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4F6CB1DE-6DD4-41B3-9585-7FF957BB9A20}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7284655E-9839-43E9-BE4F-C6C93FC02DFE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{795B4B18-30FC-401E-9D5A-0E3332741A9D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{83A7B532-4A8C-4918-B91B-56FFB8586E94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{858E9A2E-F58E-464B-B199-074B2B70B079}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86045993-E780-4F1F-88EB-C41898C01EF0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{924265AE-5D76-42A5-9D53-EA12552E5CA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A619EE00-28C8-40A6-8ACB-7EB955154F64}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AFDE9E60-A2EA-4543-ABBA-809020DBC743}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C32F41E0-3926-483F-9EC6-0FFF97B5E075}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D13FB80C-15BF-48C5-AADB-26AEBC9122FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9FD6F71-D137-41C9-9245-5BB34861379C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{E2953969-B9F6-4F9E-8C0D-16E24ABC7EAA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E3EAFF41-9627-468C-BD40-11D5AE8C3026}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5A9E193-4210-4A61-9CA0-36DEEC082A6A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F63AFC3D-7679-4A51-95C8-C30338229A1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7D42E5D-8AB9-440B-86D1-C9E3B8B3D671}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0355BA75-D64A-4BCD-B7BA-E23FD402E19E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{07167E89-6666-46CD-9391-37D66E50A3B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{079E64AB-F429-46EA-8C3E-105835DD57C9}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{0DAB8AFF-119D-4E06-974E-DE803BFBF726}" = protocol=17 | dir=in | app=c:\users\peter elsasser\appdata\roaming\dropbox\bin\dropbox.exe | 
"{11A6DF0A-3E42-46F2-872F-43479B5173DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16207F27-E370-4AFD-A963-EEA943D13737}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{16E26283-A5BC-48B9-A012-64C5E47C6F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2293583C-674B-4A50-9E79-05E3CE2A0B2B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2980F53B-C8EA-41EE-B2BC-8BFE6617BEBA}" = protocol=6 | dir=in | app=d:\programs\rm.exe | 
"{2BD6EDBB-2F91-4610-AC3F-DCC66CC46A00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{33D93E48-669E-42AF-B489-709D9F761365}" = protocol=6 | dir=in | app=d:\programs\studio.exe | 
"{36A563B6-69B7-4FBF-97C2-47E518CF79D5}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{38E17E99-BCC1-4F48-9099-1C4BEEDCB3A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3A37D3D8-85D9-463D-A2F4-99D481F7FF6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4CA35004-A04D-4A27-A569-CC703442B1CB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{4E998121-C64F-49D1-A716-2BACBA3C1ABF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{58F7CFBD-1574-4A23-BE9C-600D77FF6121}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5D23492C-B595-48F0-868F-CC5FCA096B53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5FC0CFF6-DBD5-443B-860B-247B0611A9FD}" = protocol=6 | dir=in | app=d:\programs\umi.exe | 
"{8EE8D522-3ECB-4FB6-849A-6F8F633EEA8C}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{938DB52B-5A89-41B0-AE2D-0D8F9785401F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{961FE211-26BA-4B9A-A3E3-C3E3BE158DF4}" = protocol=17 | dir=in | app=d:\programs\studio.exe | 
"{970C8217-A3BE-466B-9F40-0BE025D7C434}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9C0A7784-D0CB-4CA9-B405-89C7E29D396F}" = protocol=17 | dir=in | app=d:\programs\rm.exe | 
"{A3CA7E28-1864-4DBD-AC2A-2664DEF662FA}" = protocol=17 | dir=in | app=d:\programs\umi.exe | 
"{A5D02DFB-D2D3-476D-B3BF-42996628F632}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A6B38F32-3357-4F37-8DF3-5A2B3391F045}" = protocol=6 | dir=out | app=system | 
"{AC92F44E-86CB-420C-A335-D20C4F0C38C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BFC82463-1FA0-432E-A199-5A592DA29C18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7881A95-642B-4F57-9A2B-730BCB4B9D6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C85B73DE-B0FE-4A2C-AA87-48CFA48F000E}" = protocol=6 | dir=in | app=c:\users\peter elsasser\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CDE037B4-F31F-48E3-B6E5-09426B2E37C2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{CE044FFE-688E-424A-A050-5AF8754549CF}" = dir=in | app=d:\programs\phone\skype.exe | 
"{CE54F972-D941-45C2-88E2-6B229713F344}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E74ED352-472A-4670-9294-B3BB7A303E35}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{F0D477A7-883E-4F73-8AA9-1FCCA18BB7AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7079094-0131-4BE7-BB92-25F062ED00B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8BA434F-3751-4264-BB64-81A691281D5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"TCP Query User{CA0E6858-43F1-4D4B-9C44-4ACE844C83EC}D:\programs\studio.exe" = protocol=6 | dir=in | app=d:\programs\studio.exe | 
"TCP Query User{E9B89823-F56F-4578-8EC4-F850E17309E3}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
"UDP Query User{3346252B-CBD4-4FD1-972B-27008830AFA2}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | 
"UDP Query User{5B992C04-2781-4DFF-8BBD-3217577A3718}D:\programs\studio.exe" = protocol=17 | dir=in | app=d:\programs\studio.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7BB67E6C-4AA2-426b-8AC0-19460E94A4D7}" = WD Anywhere Backup
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Anti-Spy.Info" = Anti-Spy.Info 1.8d
"Avira AntiVir Desktop" = Avira Free Antivirus
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Erazer Control Center_is1" = Erazer Control Center
"Google Chrome" = Google Chrome
"Ifolor-Baby-Plugin" = ifolor Gestaltungs-Vorlagen
"Ifolor-Christmas-Plugin" = ifolor Gestaltungs-Vorlagen
"ifolor-Designer" = ifolor Designer
"Ifolor-Holiday-Plugin" = ifolor Gestaltungs-Vorlagen
"ifolor-OrderClient" = ifolor Bestellsoftware 3.7
"Ifolor-SpellChecker-Plugin" = Rechtschreibkorrektur für den ifolor Designer
"Ifolor-Wedding-Plugin" = ifolor Gestaltungs-Vorlagen
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Logitech Vid" = Logitech Vid HD
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.802
"Office14.VISIOR" = Microsoft Visio Standard 2010
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"QXL Ricardo Assistant 5" = QXL Ricardo Assistant 5
"ShadowExplorer_is1" = ShadowExplorer 0.9
"STANDARDR" = Microsoft Office Standard 2007
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3996255496-3666725221-632000549-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/29/2013 3:07:27 AM | Computer Name = PE_Erazer | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
 args)
 
Error - 7/29/2013 3:09:10 AM | Computer Name = PE_Erazer | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 7/29/2013 3:07:27 AM | Computer Name = PE_Erazer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 7/29/2013 3:08:43 AM | Computer Name = PE_Erazer | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
         

Alt 29.07.2013, 12:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.08.2013, 19:48   #15
67Peterpan
 
Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Standard

Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Peter Elsasser :: PE_ERAZER [Administrator]

Schutz: Aktiviert

02.08.2013 16:34:56
MBAM-log-2013-08-02 (17-25-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 645402
Laufzeit: 46 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Clara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1911f7c5-652c731b (Spyware.Password) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b136a7e7645fb7468efe42c361b87505
# engine=14626
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-02 04:44:18
# local_time=2013-08-02 06:44:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 8251 240885148 1041 0
# compatibility_mode=5893 16776574 100 94 1539024 127091708 0 0
# scanned=395086
# found=0
# cleaned=0
# scan_time=4138
         
Hallo Cosinus

Malewarebytes hat noch was gefunden.
Eset nichts mehr.

Antwort

Themen zu Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"
antivirus, beste, besten, bilddateien, bilder, fesplatte, formatieren, formatieren?, gmer, hoffe, installiert, log, neu, plötzlich, resultate, retten, troja, trojan.agent, trojan.bho, trojan.vundo, trojaner, verschlüsselt, virus, weiterhelfen



Ähnliche Themen: Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"


  1. Bilder auf USB Festplatte teilweise(nicht alle Bilder)mit Cryptowall 3 verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 08.08.2015 (3)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Windows 7: Adware/Pop-Ups durch "iminent" bzw. "Free M4a to MP3 Converter"
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (13)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. SPAM-Vorwurf durch Internet-Anbieter / "Malwarebytes Anti-Malware"-Abstürze / Nachfrage zu "Secunia PSI"
    Log-Analyse und Auswertung - 30.08.2013 (17)
  6. Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!"
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (9)
  7. 100 Euro "Bundespolizei" Virus (Zugriff ohne Bildschirmübernahme durch Virus möglich)
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (34)
  8. Nach Virus (EXP/MS04-028.JPEG.A) lassen sich Bilder, OpenOffice-Dokumente usw. nicht mehr öffnen
    Log-Analyse und Auswertung - 18.07.2012 (3)
  9. Gmail erlaubt Anhängen einer "infizierten" Word-Datei nicht - evtl. Virus-Falschmeldung?
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (2)
  10. Computerverschlüsselungstrojaner WinXP Home, Folge HDD "C" und "D" verschlüsselt
    Log-Analyse und Auswertung - 05.05.2012 (9)
  11. Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM
    Log-Analyse und Auswertung - 01.09.2011 (31)
  12. hohe load durch prozess "system" und "explorer.exe" verbindet alleine nach russland
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (10)
  13. Kein Internet(Skype schon) und 0x000000 "read" Fehlermeldung
    Log-Analyse und Auswertung - 10.08.2010 (2)
  14. ungefragte Werbetabs in firefox, svchost.exe Fehler "read"
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (27)
  15. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
  16. Der Vorgang "read" Konnte Nicht Auf Dem Speicher..
    Log-Analyse und Auswertung - 06.06.2007 (2)
  17. Der Vorgang "read" konnte nicht durchgeführt werden
    Log-Analyse und Auswertung - 07.12.2005 (6)

Zum Thema Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" - Hallo Vorab ich bin kein Profi. Ich bin neu hier und habe ein grosses Problem. Ich denke es ist der selbe Trojaner wie bei MrMatrix vom 7.7.13. Ich habe Avira - Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!"...
Archiv
Du betrachtest: Word und Bilder (Jpeg) durch Virus verschlüsselt "Read to Decrypt!" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.