Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe habe Trojaner am PC! Forderungsseite geht auf mit Bundesadler! (https://www.trojaner-board.de/138058-hilfe-habe-trojaner-pc-forderungsseite-geht-bundesadler.html)

claudia123 11.07.2013 16:04
Hilfe habe Trojaner am PC! Forderungsseite geht auf mit Bundesadler!
 
Komme seit 1 Woche nicht mehr ins Laptop! Forderungsseite geht auf mit Bundesadler!
Brauche dringendst Hilfe!!!!

markusg 11.07.2013 16:05
Hi,
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


claudia123 11.07.2013 16:08
Code:
WIN_7 X64 Service Pack 1
Running from F:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.


[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
WmiPrvSE.exe
srep.exe


HKLM\..\Run [HotkeyApp] = "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe"
HKLM\..\Run [LMgrVolOSD] = "C:\Program Files (x86)\Launch Manager\OSD.exe"
HKLM\..\Run [Wbutton] = "C:\Program Files (x86)\Launch Manager\Wbutton.exe"
HKLM\..\Run [NUSB3MON] = "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\..\Run [CLMLServer] = "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
HKLM\..\Run [DataCardMonitor] = C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
HKLM\..\Run [ROC_roc_dec12] = "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\..\Run [Ad-Aware Browsing Protection] = "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\..\Run [Adobe ARM] = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\..\Run [KiesTrayAgent] = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM\..\Run [AVG_UI] = "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU\..\Run [swg] = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKCU\..\Run [HW_OPENEYE_OUC_T-Mobile Internet Manager] = "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
HKCU\..\Run [KiesPreload] = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKCU\..\Run [KiesAirMessage] = C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\..\Run [] = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKCU\..\Run [ctfmon.exe] = C:\PROGRA~3\rundll32.exe C:\PROGRA~3\owbdo.dat,FG00

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Winlogon; Shell = cmd.exe
HKU\S-1-5-21-2142051162-903070000-4166080372-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Run [swg] = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Run [HW_OPENEYE_OUC_T-Mobile Internet Manager] = "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Run [KiesPreload] = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Run [KiesAirMessage] = C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Run [] = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-2142051162-903070000-4166080372-1000\..\Run [ctfmon.exe] = C:\PROGRA~3\rundll32.exe C:\PROGRA~3\owbdo.dat,FG00


x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell = cmd.exe

==== FINISH 11.07-16.44 ====
Brauche dringendst Hilfe! Habe einen USB Stick mit srep gestartet!
Wollte dann neu starten, geht aber nicht wie er mir sagt der laufwerkbuchstabe ist falsch! Stimmt aber, c:/
claudia

markusg 11.07.2013 16:26
hi, alle brauchen hier hilfe. es ist nicht nötig das 4 5 mal zu erwähnen.
hast du es ganz genau nach anleitung gemacht?
also ab hier:
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
...

claudia123 11.07.2013 16:28
der scann läuft! sorry

der scann ist fertig. was soll ich als nächstes tun? habe einen zweiten pc weil ich in den infizierten nicht mehr rein komme. der logfile wie schicke ich dir den?

markusg 11.07.2013 16:31
auch das steht in der Anleitung, auf einen usb stick kopieren, bitte lies die Anleitungen richtig

claudia123 11.07.2013 16:37
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by mezgerp (administrator) on 11-07-2013 17:26:07
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-21] (Google Inc.)
HKCU\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] - "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [ctfmon.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\owbdo.dat,FG00 [x] <===== ATTENTION
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Command Processor: "C:\Users\mezgerp\AppData\Local\Temp\wjnkbcnasjstublwb.exe" <======= ATTENTION
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {16285253-8ae5-11e0-b276-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {16285298-8ae5-11e0-b276-485d60d3d1c6} - F:\AutoRun.exe
MountPoints2: {7a3b62a0-5c99-11e2-8e07-00262dc3a34d} - F:\AutoRun.exe
MountPoints2: {805232ef-5cdb-11e2-93d9-00262dc3a34d} - F:\AutoRun.exe
HKLM-x32\...\Run: [HotkeyApp] - "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" [200704 2009-12-14] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - "C:\Program Files (x86)\Launch Manager\OSD.exe" [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - "C:\Program Files (x86)\Launch Manager\Wbutton.exe" [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2011-05-30] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={857CE5D9-0EAD-4EEC-A296-57F60464797A}&mid=18b242bf488c47d182aed16f6b274abe-733828ee18d5211b13e725d0190610a29db3f621&lang=de&ds=tt015&pr=sa&d=2012-02-13 20:06:16&v=10.0.0.7&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA"
CHR DefaultSearchURL: (AVG Secure Search) - hxxp://isearch.avg.com/search?cid={857CE5D9-0EAD-4EEC-A296-57F60464797A}&mid=18b242bf488c47d182aed16f6b274abe-733828ee18d5211b13e725d0190610a29db3f621&lang=de&ds=tt015&pr=sa&d=2012-02-13 20:06:16&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: (AVG Secure Search) - hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [913888 2009-09-24] (DiBcom SA)
S3 NxpCap64; C:\Windows\System32\DRIVERS\NxpCap64.sys [1888864 2010-02-04] (NXP Semiconductors Germany GmbH)
S3 TrdCap64; C:\Windows\System32\DRIVERS\TrdCap64.sys [1887528 2010-06-09] (Trident Microsystems, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S1 fvnjrxdx; \??\C:\Windows\system32\drivers\fvnjrxdx.sys [x]
S1 lnqsfepf; \??\C:\Windows\system32\drivers\lnqsfepf.sys [x]
S1 rqttipne; \??\C:\Windows\system32\drivers\rqttipne.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
S1 smsgiqvq; \??\C:\Windows\system32\drivers\smsgiqvq.sys [x]
S1 vggekkrm; \??\C:\Windows\system32\drivers\vggekkrm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-11 17:26 - 2013-07-11 17:26 - 00000000 ____D C:\FRST
2013-07-08 01:18 - 2013-07-08 01:18 - 00393533 ____A C:\ProgramData\2433f433
2013-07-08 01:18 - 2013-07-08 01:18 - 00393516 ____A C:\Users\mezgerp\AppData\Roaming\2433f433
2013-07-08 01:18 - 2013-07-08 01:18 - 00393513 ____A C:\Users\mezgerp\AppData\Local\2433f433
2013-06-25 17:50 - 2013-06-25 17:50 - 00002972 ____A C:\Windows\System32\Tasks\{DDCF1C5D-C9C4-493D-A340-A471CF807135}
2013-06-25 17:50 - 2013-06-25 17:50 - 00002972 ____A C:\Windows\System32\Tasks\{9CA35E65-1A4E-4CE4-975F-2FC3FC9356BD}
2013-06-25 16:28 - 2013-06-25 16:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 15:33 - 2013-06-25 15:33 - 00000000 ____D C:\Program Files (x86)\MarkAny
2013-06-25 14:40 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-25 14:40 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-25 14:40 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-25 14:40 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-25 14:40 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-25 14:40 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-25 14:40 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-25 14:40 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-25 14:40 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-25 14:40 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-25 14:40 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-25 14:40 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-24 13:39 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-24 13:39 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 12:00 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 12:00 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-13 12:00 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-13 12:00 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-13 12:00 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-13 12:00 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-13 12:00 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-13 12:00 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-13 12:00 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-13 12:00 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-13 12:00 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-13 12:00 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 16:10 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 16:08 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 16:08 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 16:08 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 16:08 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 16:08 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 16:08 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 16:08 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 16:08 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 16:08 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 16:08 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 16:08 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 16:08 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 16:08 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 16:08 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 16:08 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 16:08 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified Files and Folders =======

2013-07-11 17:26 - 2013-07-11 17:26 - 00000000 ____D C:\FRST
2013-07-11 17:25 - 2009-07-14 06:45 - 00009888 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 17:25 - 2009-07-14 06:45 - 00009888 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 17:22 - 2010-05-12 10:18 - 00654400 ____A C:\Windows\system32\perfh007.dat
2013-07-11 17:22 - 2010-05-12 10:18 - 00130240 ____A C:\Windows\system32\perfc007.dat
2013-07-11 17:22 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 17:18 - 2011-01-21 14:27 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-11 17:18 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 17:18 - 2009-07-14 06:51 - 00166888 ____A C:\Windows\setupact.log
2013-07-11 15:43 - 2011-01-21 14:27 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-11 15:43 - 2011-01-21 14:23 - 01529509 ____A C:\Windows\WindowsUpdate.log
2013-07-11 15:42 - 2013-05-08 08:31 - 00000000 ____D C:\ProgramData\MFAData
2013-07-08 01:18 - 2013-07-08 01:18 - 00393533 ____A C:\ProgramData\2433f433
2013-07-08 01:18 - 2013-07-08 01:18 - 00393516 ____A C:\Users\mezgerp\AppData\Roaming\2433f433
2013-07-08 01:18 - 2013-07-08 01:18 - 00393513 ____A C:\Users\mezgerp\AppData\Local\2433f433
2013-07-08 00:46 - 2011-02-14 11:14 - 00003946 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{F82E3433-133B-4CE1-80AF-26B874EC45B3}
2013-07-03 13:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-25 17:50 - 2013-06-25 17:50 - 00002972 ____A C:\Windows\System32\Tasks\{DDCF1C5D-C9C4-493D-A340-A471CF807135}
2013-06-25 17:50 - 2013-06-25 17:50 - 00002972 ____A C:\Windows\System32\Tasks\{9CA35E65-1A4E-4CE4-975F-2FC3FC9356BD}
2013-06-25 16:28 - 2013-06-25 16:28 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 15:33 - 2013-06-25 15:33 - 00000000 ____D C:\Program Files (x86)\MarkAny
2013-06-24 13:33 - 2011-01-21 14:27 - 00002187 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-13 12:03 - 2009-07-14 04:34 - 00000499 ____A C:\Windows\win.ini
2013-06-13 12:00 - 2010-07-07 17:49 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\c_0_lpt.pad
C:\ProgramData\odbwo.bat
C:\ProgramData\odbwo.pad
C:\ProgramData\odbwo.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 13:11

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 04
Ran by mezgerp at 2013-07-11 17:27:27
Running from F:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
 2013 (Version: 2013.0.3349)
Acrobat.com (x32 Version: 1.6.65)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Ad-Aware Browsing Protection (x32 Version: 0.9.0.2)
Ad-Aware Security Toolbar (x32 Version: 2.1.0.20)
Adobe AIR (x32 Version: 2.5.0.16600)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (x32 Version: 10.1.85.3)
Adobe Reader 9.5.5 MUI (x32 Version: 9.5.5)
ALDI SÜD Mah Jong (x32)
Ashampoo Burning Studio (x32 Version: 9.23.0)
Ashampoo Photo Commander (x32 Version: 8.3.2)
Ashampoo Photo Optimizer (x32 Version: 3.12.0)
Ashampoo Snap (x32 Version: 3.4.1)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 13.0.3349)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Corel Shell Extension - 64Bit (Version: 14.0)
CorelDRAW Essentials 4 - Content (x32 Version: 4.0)
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0)
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0)
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1)
CorelDRAW Essentials 4 - Windows Shell Extension (x32)
CorelDRAW Essentials 4 (x32 Version: 4.0)
CorelDRAW Essentials 4 (x32)
CyberLink LabelPrint (x32 Version: 2.5.3418)
CyberLink MediaShow (x32 Version: 5.0.1410a)
CyberLink MediaShow Espresso (x32 Version: 5.5.1412_24021a)
CyberLink PhotoNow (x32 Version: 1.1.0.6904)
CyberLink Power2Go (x32 Version: 6.1.3802)
CyberLink PowerDirector (x32 Version: 8.0.3224a)
CyberLink PowerDVD 10 (x32 Version: 10.0.2225)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerProducer (x32 Version: 5.0.2.2429)
CyberLink YouCam (x32 Version: 3.1.3428)
D3DX10 (x32 Version: 15.4.2368.0902)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 27.0.1453.116)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Haali Media Splitter (x32)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Launch Manager (x32 Version: 1.5.1.2)
Medion Home Cinema (x32 Version: 8.0.2213)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Moorhuhn Remake (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6237)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0148)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)
Samsung Kies (x32 Version: 2.5.2.13021_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
T-Mobile Internet Manager (x32 Version: 11.301.05.00.108)
Total Commander (Remove or Repair) (x32 Version: 7.50a)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
X10 Hardware(TM) (x32)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {372DB98D-63F9-4DE5-8834-C8B92272B92D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {5E86DC29-6D81-45F7-A62C-28EB75C91449} - System32\Tasks\{DDCF1C5D-C9C4-493D-A340-A471CF807135} => C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe [2013-02-13] ()
Task: {6DC50E5B-D2F8-401E-8038-028C4931929B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21] (Google Inc.)
Task: {79F35158-2F02-4E83-8148-DB63715AAB0C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {8087D927-A2A0-463B-8261-5C2AB9F78419} - System32\Tasks\{9CA35E65-1A4E-4CE4-975F-2FC3FC9356BD} => C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe [2013-02-13] ()
Task: {9B63DAF4-9597-415D-AA33-391C60745702} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {A383897C-8599-4BC7-A575-1ADD116EAD8F} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {AA6AE98A-F1BD-452F-A108-CC24E8AD92BF} - System32\Tasks\User_Feed_Synchronization-{F82E3433-133B-4CE1-80AF-26B874EC45B3} => C:\Windows\system32\msfeedssync.exe [2013-05-04] (Microsoft Corporation)
Task: {B8DE0B50-CD5B-4B3C-B8F7-250E76E696FC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {D98B09B0-611A-4665-801B-FE6C84AE6BBC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DBEB7628-3762-4F99-AA98-76921F728AFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21] (Google Inc.)
Task: {DE193F37-22EE-4334-B36D-3F64B8A66E4D} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe No File
Task: {F66CF543-EE39-4155-8021-7F2F8A5C02F9} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2013 00:37:23 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/03/2013 00:40:05 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/24/2013 01:39:57 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/21/2013 11:04:19 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/12/2013 03:09:45 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/03/2013 10:07:47 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (05/31/2013 02:03:33 AM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16576 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a64

Startzeit: 01ce5d9230f6ea76

Endzeit: 20

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (05/27/2013 09:30:03 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "D:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (05/27/2013 09:29:20 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1199, Zeitstempel: 0x511b6cb8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x10bbc894
ID des fehlerhaften Prozesses: 0x117c
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (05/27/2013 09:29:16 AM) (Source: .NET Runtime) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
  at Kies.Common.Util.Popup.DownloadUpdateAgentVM.PrepareUpdateTempThread(System.Object)
  at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Threading.ThreadHelper.ThreadStart(System.Object)


System errors:
=============
Error: (07/11/2013 05:18:28 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (07/11/2013 05:04:55 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (07/11/2013 05:03:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (07/11/2013 04:49:04 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
AVGIDSDriver
Avgldx64
Avgtdia
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
SBRE
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (07/11/2013 04:49:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/11/2013 04:49:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/11/2013 04:49:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/11/2013 04:49:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (07/11/2013 04:49:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/11/2013 04:49:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" ist vom Dienst "AVGIDSDriver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31


Microsoft Office Sessions:
=========================
Error: (07/08/2013 00:37:23 AM) (Source: Windows Backup)(User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/03/2013 00:40:05 PM) (Source: Windows Backup)(User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/24/2013 01:39:57 PM) (Source: Windows Backup)(User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/21/2013 11:04:19 AM) (Source: Windows Backup)(User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/12/2013 03:09:45 PM) (Source: Windows Backup)(User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/03/2013 10:07:47 AM) (Source: Windows Backup)(User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (05/31/2013 02:03:33 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16576a6401ce5d9230f6ea7620C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (05/27/2013 09:30:03 AM) (Source: Windows Backup)(User: )
Description: D:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (05/27/2013 09:29:20 AM) (Source: Application Error)(User: )
Description: Kies.exe1.0.0.1199511b6cb8unknown0.0.0.000000000c000000510bbc894117c01ce5aabda15786bC:\Program Files (x86)\Samsung\Kies\Kies.exeunknown24db493a-c69f-11e2-b2af-00262dc3a34d

Error: (05/27/2013 09:29:16 AM) (Source: .NET Runtime)(User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
  at Kies.Common.Util.Popup.DownloadUpdateAgentVM.PrepareUpdateTempThread(System.Object)
  at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Threading.ThreadHelper.ThreadStart(System.Object)


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3893.49 MB
Available physical RAM: 1978.37 MB
Total Pagefile: 7785.16 MB
Available Pagefile: 6087.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:350.86 GB) (Free:307.84 GB) NTFS (Disk=0 Partition=2)
Drive d: (Recover) (Fixed) (Total:244.21 GB) (Free:152.87 GB) NTFS (Disk=0 Partition=3)
Drive f: (KINGSTON) (Removable) (Total:28.8 GB) (Free:14.71 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1023 MB) - (Type=12)

========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 22896F74)
Partition 1: (Active) - (Size=29 GB) - (Type=0B)

==================== End Of Log ============================

markusg 11.07.2013 16:41
Hi,
1.
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\...\Command Processor: "C:\Users\mezgerp\AppData\Local\Temp\wjnkbcnasjstublwb.exe" <======= ATTENTION
C:\Users\mezgerp\AppData\Local\Temp\wjnkbcnasjstublwb.exe
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Run: [ctfmon.exe] - C:\PROGRA~3\rundll32.exe C:\PROGRA~3\owbdo.dat,FG00 [x] <===== ATTENTION
C:\ProgramData\rundll32.exe
C:\ProgramData\c_0_lpt.pad
C:\ProgramData\odbwo.bat
C:\ProgramData\odbwo.pad
C:\ProgramData\odbwo.reg
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

2. nach Neustart in den normalen Modus:

Navigiere bitte zu:
C:\FRST\Quarantine
Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen.
Trojaner-Board Upload Channel

claudia123 11.07.2013 16:46
soll ich den rechner runterfahren? Komme aber nicht mehr rein!

ok hab das letzte nicht gelesen!

markusg 11.07.2013 16:47
auf dem nicht betroffenen pc die fixlist erstellen und speichern und infizierten Rechner nach Anleitung booten.

claudia123 11.07.2013 17:01
kann Windows nicht öffnen.
für diesen Schritt!
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

markusg 11.07.2013 17:03
du schreibst doch grade von einem pc oder? auf dem sollst du die fixlist.txt erstellen und auf den stick kopieren, wie ichs ja vor einem post gesagt hab, und die dann auf den Stick packen und nach anleitung ausführen.

claudia123 11.07.2013 17:09
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 04
Ran by mezgerp at 2013-07-11 18:08:18 Run:1
Running from F:\
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
"C:\Users\mezgerp\AppData\Local\Temp\wjnkbcnasjstublwb.exe" => File/Directory not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe => Value deleted successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\ProgramData\c_0_lpt.pad => Moved successfully.
C:\ProgramData\odbwo.bat => Moved successfully.
C:\ProgramData\odbwo.pad => Moved successfully.
C:\ProgramData\odbwo.reg => Moved successfully.

==== End of Fixlog ====

markusg 11.07.2013 17:12
Hi,
lässt sich der PC normal starten?
Dann:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

claudia123 11.07.2013 17:13
2. nach Neustart in den normalen Modus:

Navigiere bitte zu:
C:\FRST\Quarantine
wie geht das genau?

markusg 11.07.2013 17:18
lass es einfach weg und mach mit tdss killer weiter.

claudia123 11.07.2013 17:32
[CODE18:26:24.0521 1888 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:26:24.0802 1888 ============================================================
18:26:24.0802 1888 Current date / time: 2013/07/11 18:26:24.0802
18:26:24.0802 1888 SystemInfo:
18:26:24.0802 1888
18:26:24.0802 1888 OS Version: 6.1.7601 ServicePack: 1.0
18:26:24.0802 1888 Product type: Workstation
18:26:24.0802 1888 ComputerName: MEZGERP-PC
18:26:24.0802 1888 UserName: mezgerp
18:26:24.0802 1888 Windows directory: C:\Windows
18:26:24.0802 1888 System windows directory: C:\Windows
18:26:24.0802 1888 Running under WOW64
18:26:24.0802 1888 Processor architecture: Intel x64
18:26:24.0802 1888 Number of processors: 4
18:26:24.0802 1888 Page size: 0x1000
18:26:24.0802 1888 Boot type: Normal boot
18:26:24.0802 1888 ============================================================
18:26:25.0114 1888 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:26:25.0130 1888 Drive \Device\Harddisk1\DR1 - Size: 0x73467E800 (28.82 Gb), SectorSize: 0x200, Cylinders: 0xEB2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:26:25.0130 1888 ============================================================
18:26:25.0130 1888 \Device\Harddisk0\DR0:
18:26:25.0130 1888 MBR partitions:
18:26:25.0130 1888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:26:25.0130 1888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2BDB9637
18:26:25.0130 1888 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BDEBE38, BlocksNum 0x1E86C1C8
18:26:25.0130 1888 \Device\Harddisk1\DR1:
18:26:25.0130 1888 MBR partitions:
18:26:25.0130 1888 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x39A2C81
18:26:25.0130 1888 ============================================================
18:26:25.0145 1888 C: <-> \Device\Harddisk0\DR0\Partition2
18:26:25.0177 1888 D: <-> \Device\Harddisk0\DR0\Partition3
18:26:25.0177 1888 ============================================================
18:26:25.0177 1888 Initialize success
18:26:25.0177 1888 ============================================================
18:28:12.0037 2796 ============================================================
18:28:12.0037 2796 Scan started
18:28:12.0037 2796 Mode: Manual; SigCheck; TDLFS;
18:28:12.0037 2796 ============================================================
18:28:12.0240 2796 ================ Scan system memory ========================
18:28:12.0240 2796 System memory - ok
18:28:12.0240 2796 ================ Scan services =============================
18:28:12.0380 2796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:28:12.0474 2796 1394ohci - ok
18:28:12.0567 2796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:28:12.0598 2796 ACPI - ok
18:28:12.0614 2796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:28:12.0692 2796 AcpiPmi - ok
18:28:12.0739 2796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:28:12.0786 2796 adp94xx - ok
18:28:12.0817 2796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:28:12.0832 2796 adpahci - ok
18:28:12.0848 2796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:28:12.0864 2796 adpu320 - ok
18:28:12.0895 2796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:28:12.0973 2796 AeLookupSvc - ok
18:28:13.0066 2796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:28:13.0129 2796 AFD - ok
18:28:13.0176 2796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:28:13.0207 2796 agp440 - ok
18:28:13.0254 2796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:28:13.0332 2796 ALG - ok
18:28:13.0347 2796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:28:13.0363 2796 aliide - ok
18:28:13.0378 2796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:28:13.0394 2796 amdide - ok
18:28:13.0410 2796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:28:13.0456 2796 AmdK8 - ok
18:28:13.0488 2796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:28:13.0550 2796 AmdPPM - ok
18:28:13.0612 2796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:28:13.0628 2796 amdsata - ok
18:28:13.0675 2796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:28:13.0690 2796 amdsbs - ok
18:28:13.0706 2796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:28:13.0706 2796 amdxata - ok
18:28:13.0737 2796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:28:13.0800 2796 AppID - ok
18:28:13.0831 2796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:28:13.0909 2796 AppIDSvc - ok
18:28:13.0940 2796 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
18:28:13.0971 2796 Appinfo - ok
18:28:14.0018 2796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:28:14.0018 2796 arc - ok
18:28:14.0049 2796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:28:14.0065 2796 arcsas - ok
18:28:14.0112 2796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:14.0190 2796 AsyncMac - ok
18:28:14.0236 2796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:28:14.0252 2796 atapi - ok
18:28:14.0283 2796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:28:14.0361 2796 AudioEndpointBuilder - ok
18:28:14.0377 2796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:28:14.0424 2796 AudioSrv - ok
18:28:14.0642 2796 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
18:28:14.0736 2796 AVGIDSAgent - ok
18:28:14.0798 2796 [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:28:14.0829 2796 AVGIDSDriver - ok
18:28:14.0876 2796 [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:28:14.0892 2796 AVGIDSHA - ok
18:28:14.0954 2796 [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:28:14.0985 2796 Avgldx64 - ok
18:28:15.0001 2796 [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
18:28:15.0016 2796 Avgloga - ok
18:28:15.0048 2796 [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:28:15.0063 2796 Avgmfx64 - ok
18:28:15.0094 2796 [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:28:15.0110 2796 Avgrkx64 - ok
18:28:15.0157 2796 [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:28:15.0188 2796 Avgtdia - ok
18:28:15.0235 2796 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
18:28:15.0266 2796 avgwd - ok
18:28:15.0297 2796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:28:15.0391 2796 AxInstSV - ok
18:28:15.0438 2796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:28:15.0500 2796 b06bdrv - ok
18:28:15.0516 2796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:28:15.0578 2796 b57nd60a - ok
18:28:15.0625 2796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:28:15.0656 2796 BDESVC - ok
18:28:15.0687 2796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:28:15.0750 2796 Beep - ok
18:28:15.0812 2796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:28:15.0921 2796 BFE - ok
18:28:15.0968 2796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:28:16.0062 2796 BITS - ok
18:28:16.0093 2796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:28:16.0140 2796 blbdrive - ok
18:28:16.0202 2796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:28:16.0233 2796 bowser - ok
18:28:16.0280 2796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:16.0342 2796 BrFiltLo - ok
18:28:16.0374 2796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:16.0420 2796 BrFiltUp - ok
18:28:16.0452 2796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:28:16.0514 2796 Browser - ok
18:28:16.0545 2796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:28:16.0592 2796 Brserid - ok
18:28:16.0639 2796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:16.0686 2796 BrSerWdm - ok
18:28:16.0717 2796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:16.0764 2796 BrUsbMdm - ok
18:28:16.0795 2796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:16.0826 2796 BrUsbSer - ok
18:28:16.0857 2796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:28:16.0904 2796 BTHMODEM - ok
18:28:16.0951 2796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:28:17.0013 2796 bthserv - ok
18:28:17.0091 2796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:28:17.0185 2796 cdfs - ok
18:28:17.0232 2796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:28:17.0278 2796 cdrom - ok
18:28:17.0310 2796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:28:17.0372 2796 CertPropSvc - ok
18:28:17.0419 2796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:28:17.0466 2796 circlass - ok
18:28:17.0528 2796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:28:17.0559 2796 CLFS - ok
18:28:17.0622 2796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:17.0637 2796 clr_optimization_v2.0.50727_32 - ok
18:28:17.0684 2796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:28:17.0715 2796 clr_optimization_v2.0.50727_64 - ok
18:28:17.0778 2796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:17.0809 2796 clr_optimization_v4.0.30319_32 - ok
18:28:17.0824 2796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:28:17.0840 2796 clr_optimization_v4.0.30319_64 - ok
18:28:17.0887 2796 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
18:28:17.0902 2796 clwvd - ok
18:28:17.0949 2796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:17.0996 2796 CmBatt - ok
18:28:18.0027 2796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:28:18.0043 2796 cmdide - ok
18:28:18.0090 2796 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:28:18.0121 2796 CNG - ok
18:28:18.0168 2796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:28:18.0199 2796 Compbatt - ok
18:28:18.0230 2796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:28:18.0277 2796 CompositeBus - ok
18:28:18.0308 2796 COMSysApp - ok
18:28:18.0339 2796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:18.0355 2796 crcdisk - ok
18:28:18.0386 2796 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:28:18.0417 2796 CryptSvc - ok
18:28:18.0448 2796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:28:18.0511 2796 DcomLaunch - ok
18:28:18.0542 2796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:28:18.0604 2796 defragsvc - ok
18:28:18.0667 2796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:28:18.0745 2796 DfsC - ok
18:28:18.0807 2796 [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
18:28:18.0823 2796 dg_ssudbus - ok
18:28:18.0870 2796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:28:18.0948 2796 Dhcp - ok
18:28:18.0994 2796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:28:19.0072 2796 discache - ok
18:28:19.0119 2796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:28:19.0150 2796 Disk - ok
18:28:19.0182 2796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:28:19.0244 2796 Dnscache - ok
18:28:19.0260 2796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:28:19.0322 2796 dot3svc - ok
18:28:19.0369 2796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:28:19.0447 2796 DPS - ok
18:28:19.0494 2796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:28:19.0540 2796 drmkaud - ok
18:28:19.0634 2796 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:28:19.0681 2796 DXGKrnl - ok
18:28:19.0712 2796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:28:19.0774 2796 EapHost - ok
18:28:19.0884 2796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:28:19.0946 2796 ebdrv - ok
18:28:19.0977 2796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:28:20.0040 2796 EFS - ok
18:28:20.0133 2796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:28:20.0227 2796 ehRecvr - ok
18:28:20.0258 2796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:28:20.0320 2796 ehSched - ok
18:28:20.0352 2796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:28:20.0398 2796 elxstor - ok
18:28:20.0414 2796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:28:20.0461 2796 ErrDev - ok
18:28:20.0523 2796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:28:20.0601 2796 EventSystem - ok
18:28:20.0648 2796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:28:20.0710 2796 exfat - ok
18:28:20.0757 2796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:28:20.0835 2796 fastfat - ok
18:28:20.0882 2796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:28:20.0960 2796 Fax - ok
18:28:20.0976 2796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:28:21.0007 2796 fdc - ok
18:28:21.0038 2796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:28:21.0147 2796 fdPHost - ok
18:28:21.0163 2796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:28:21.0256 2796 FDResPub - ok
18:28:21.0334 2796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:28:21.0350 2796 FileInfo - ok
18:28:21.0381 2796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:28:21.0428 2796 Filetrace - ok
18:28:21.0444 2796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:21.0490 2796 flpydisk - ok
18:28:21.0553 2796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:28:21.0584 2796 FltMgr - ok
18:28:21.0631 2796 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:28:21.0693 2796 FontCache - ok
18:28:21.0740 2796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:28:21.0771 2796 FontCache3.0.0.0 - ok
18:28:21.0787 2796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:28:21.0802 2796 FsDepends - ok
18:28:21.0849 2796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:28:21.0865 2796 Fs_Rec - ok
18:28:21.0896 2796 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:28:21.0912 2796 fvevol - ok
18:28:21.0943 2796 fvnjrxdx - ok
18:28:21.0958 2796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:21.0974 2796 gagp30kx - ok
18:28:22.0021 2796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:28:22.0083 2796 gpsvc - ok
18:28:22.0161 2796 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:22.0192 2796 gupdate - ok
18:28:22.0208 2796 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:22.0208 2796 gupdatem - ok
18:28:22.0239 2796 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:28:22.0255 2796 gusvc - ok
18:28:22.0286 2796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:28:22.0333 2796 hcw85cir - ok
18:28:22.0364 2796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:28:22.0411 2796 HdAudAddService - ok
18:28:22.0442 2796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:28:22.0473 2796 HDAudBus - ok
18:28:22.0520 2796 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:28:22.0551 2796 HECIx64 - ok
18:28:22.0582 2796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:22.0629 2796 HidBatt - ok
18:28:22.0660 2796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:28:22.0692 2796 HidBth - ok
18:28:22.0723 2796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:28:22.0738 2796 HidIr - ok
18:28:22.0754 2796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:28:22.0801 2796 hidserv - ok
18:28:22.0816 2796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:28:22.0832 2796 HidUsb - ok
18:28:22.0863 2796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:28:22.0941 2796 hkmsvc - ok
18:28:22.0972 2796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:28:23.0050 2796 HomeGroupListener - ok
18:28:23.0082 2796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:28:23.0128 2796 HomeGroupProvider - ok
18:28:23.0160 2796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:28:23.0175 2796 HpSAMD - ok
18:28:23.0238 2796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:28:23.0316 2796 HTTP - ok
18:28:23.0378 2796 [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:28:23.0425 2796 hwdatacard - ok
18:28:23.0456 2796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:28:23.0472 2796 hwpolicy - ok
18:28:23.0503 2796 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
18:28:23.0550 2796 hwusbdev - ok
18:28:23.0596 2796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:28:23.0628 2796 i8042prt - ok
18:28:23.0643 2796 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:28:23.0659 2796 iaStor - ok
18:28:23.0737 2796 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:28:23.0752 2796 IAStorDataMgrSvc - ok
18:28:23.0768 2796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:28:23.0799 2796 iaStorV - ok
18:28:23.0862 2796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:28:23.0893 2796 idsvc - ok
18:28:24.0174 2796 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:28:24.0298 2796 igfx - ok
18:28:24.0330 2796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:28:24.0361 2796 iirsp - ok
18:28:24.0408 2796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:28:24.0501 2796 IKEEXT - ok
18:28:24.0579 2796 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:28:24.0610 2796 Impcd - ok
18:28:24.0735 2796 [ 4E2745DB3ADEF0FFA5E14857666AAE13 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:28:24.0798 2796 IntcAzAudAddService - ok
18:28:24.0844 2796 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:28:24.0876 2796 IntcDAud - ok
18:28:24.0891 2796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:28:24.0907 2796 intelide - ok
18:28:24.0938 2796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:28:24.0985 2796 intelppm - ok
18:28:25.0016 2796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:28:25.0094 2796 IPBusEnum - ok
18:28:25.0125 2796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:25.0172 2796 IpFilterDriver - ok
18:28:25.0203 2796 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:28:25.0234 2796 iphlpsvc - ok
18:28:25.0266 2796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:28:25.0297 2796 IPMIDRV - ok
18:28:25.0328 2796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:28:25.0406 2796 IPNAT - ok
18:28:25.0437 2796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:28:25.0484 2796 IRENUM - ok
18:28:25.0515 2796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:28:25.0531 2796 isapnp - ok
18:28:25.0562 2796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:28:25.0578 2796 iScsiPrt - ok
18:28:25.0578 2796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:28:25.0593 2796 kbdclass - ok
18:28:25.0624 2796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:28:25.0656 2796 kbdhid - ok
18:28:25.0671 2796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:28:25.0687 2796 KeyIso - ok
18:28:25.0718 2796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:28:25.0734 2796 KSecDD - ok
18:28:25.0749 2796 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:28:25.0765 2796 KSecPkg - ok
18:28:25.0780 2796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:28:25.0827 2796 ksthunk - ok
18:28:25.0874 2796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:28:25.0936 2796 KtmRm - ok
18:28:25.0999 2796 [ 48686C29856F46443952A831424F8D6F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:28:26.0014 2796 L1C - ok
18:28:26.0046 2796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:28:26.0108 2796 LanmanServer - ok
18:28:26.0139 2796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:28:26.0217 2796 LanmanWorkstation - ok
18:28:26.0248 2796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:28:26.0326 2796 lltdio - ok
18:28:26.0358 2796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:28:26.0420 2796 lltdsvc - ok
18:28:26.0451 2796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:28:26.0498 2796 lmhosts - ok
18:28:26.0576 2796 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:28:26.0607 2796 LMS - ok
18:28:26.0638 2796 lnqsfepf - ok
18:28:26.0670 2796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:28:26.0685 2796 LSI_FC - ok
18:28:26.0701 2796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:28:26.0716 2796 LSI_SAS - ok
18:28:26.0763 2796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:28:26.0779 2796 LSI_SAS2 - ok
18:28:26.0794 2796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:28:26.0810 2796 LSI_SCSI - ok
18:28:26.0841 2796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:28:26.0904 2796 luafv - ok
18:28:26.0919 2796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:28:26.0950 2796 Mcx2Svc - ok
18:28:27.0044 2796 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:28:27.0075 2796 MDM - ok
18:28:27.0091 2796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:28:27.0106 2796 megasas - ok
18:28:27.0138 2796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:28:27.0169 2796 MegaSR - ok
18:28:27.0184 2796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:28:27.0247 2796 MMCSS - ok
18:28:27.0309 2796 [ B6187C5F104DA7F2519BB996F9653F01 ] mod7764 C:\Windows\system32\DRIVERS\mod77-64.sys
18:28:27.0387 2796 mod7764 - ok
18:28:27.0418 2796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:28:27.0496 2796 Modem - ok
18:28:27.0528 2796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:28:27.0574 2796 monitor - ok
18:28:27.0606 2796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:28:27.0621 2796 mouclass - ok
18:28:27.0637 2796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:28:27.0668 2796 mouhid - ok
18:28:27.0699 2796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:28:27.0715 2796 mountmgr - ok
18:28:27.0746 2796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:28:27.0762 2796 mpio - ok
18:28:27.0824 2796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:28:27.0886 2796 mpsdrv - ok
18:28:27.0933 2796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:28:28.0027 2796 MpsSvc - ok
18:28:28.0058 2796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:28:28.0120 2796 MRxDAV - ok
18:28:28.0152 2796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:28.0183 2796 mrxsmb - ok
18:28:28.0245 2796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:28.0292 2796 mrxsmb10 - ok
18:28:28.0308 2796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:28.0354 2796 mrxsmb20 - ok
18:28:28.0386 2796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:28:28.0417 2796 msahci - ok
18:28:28.0448 2796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:28:28.0464 2796 msdsm - ok
18:28:28.0495 2796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:28:28.0526 2796 MSDTC - ok
18:28:28.0573 2796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:28:28.0635 2796 Msfs - ok
18:28:28.0651 2796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:28:28.0713 2796 mshidkmdf - ok
18:28:28.0744 2796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:28:28.0760 2796 msisadrv - ok
18:28:28.0791 2796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:28:28.0869 2796 MSiSCSI - ok
18:28:28.0869 2796 msiserver - ok
18:28:28.0900 2796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:28:28.0932 2796 MSKSSRV - ok
18:28:28.0963 2796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:29.0010 2796 MSPCLOCK - ok
18:28:29.0041 2796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:28:29.0088 2796 MSPQM - ok
18:28:29.0119 2796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:28:29.0134 2796 MsRPC - ok
18:28:29.0166 2796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:28:29.0181 2796 mssmbios - ok
18:28:29.0197 2796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:28:29.0259 2796 MSTEE - ok
18:28:29.0290 2796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:28:29.0322 2796 MTConfig - ok
18:28:29.0337 2796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:28:29.0353 2796 Mup - ok
18:28:29.0384 2796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:28:29.0446 2796 napagent - ok
18:28:29.0462 2796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:28:29.0509 2796 NativeWifiP - ok
18:28:29.0556 2796 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:28:29.0602 2796 NDIS - ok
18:28:29.0618 2796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:29.0680 2796 NdisCap - ok
18:28:29.0727 2796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:29.0790 2796 NdisTapi - ok
18:28:29.0821 2796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:29.0868 2796 Ndisuio - ok
18:28:29.0930 2796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:29.0977 2796 NdisWan - ok
18:28:30.0008 2796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:28:30.0039 2796 NDProxy - ok
18:28:30.0055 2796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:28:30.0102 2796 NetBIOS - ok
18:28:30.0148 2796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:28:30.0226 2796 NetBT - ok
18:28:30.0242 2796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:28:30.0258 2796 Netlogon - ok
18:28:30.0289 2796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:28:30.0382 2796 Netman - ok
18:28:30.0414 2796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:28:30.0460 2796 netprofm - ok
18:28:30.0492 2796 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:28:30.0523 2796 NetTcpPortSharing - ok
18:28:30.0570 2796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:28:30.0585 2796 nfrd960 - ok
18:28:30.0616 2796 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:28:30.0663 2796 NlaSvc - ok
18:28:30.0679 2796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:28:30.0726 2796 Npfs - ok
18:28:30.0757 2796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:28:30.0788 2796 nsi - ok
18:28:30.0804 2796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:28:30.0850 2796 nsiproxy - ok
18:28:30.0913 2796 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:28:30.0960 2796 Ntfs - ok
18:28:30.0975 2796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:28:31.0069 2796 Null - ok
18:28:31.0131 2796 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
18:28:31.0178 2796 nusb3hub - ok
18:28:31.0209 2796 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:28:31.0240 2796 nusb3xhc - ok
18:28:31.0474 2796 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:28:31.0662 2796 nvlddmkm - ok
18:28:31.0724 2796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:28:31.0755 2796 nvraid - ok
18:28:31.0771 2796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:28:31.0786 2796 nvstor - ok
18:28:31.0802 2796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:28:31.0818 2796 nv_agp - ok
18:28:31.0880 2796 [ C64097401081D5D641924E8B96332F75 ] NxpCap64 C:\Windows\system32\DRIVERS\NxpCap64.sys
18:28:31.0958 2796 NxpCap64 ( UnsignedFile.Multi.Generic ) - warning
18:28:31.0958 2796 NxpCap64 - detected UnsignedFile.Multi.Generic (1)
18:28:31.0989 2796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:28:32.0052 2796 ohci1394 - ok
18:28:32.0098 2796 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:28:32.0114 2796 ose - ok
18:28:32.0161 2796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:28:32.0223 2796 p2pimsvc - ok
18:28:32.0270 2796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:28:32.0317 2796 p2psvc - ok
18:28:32.0332 2796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:28:32.0364 2796 Parport - ok
18:28:32.0395 2796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:28:32.0410 2796 partmgr - ok
18:28:32.0426 2796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:28:32.0488 2796 PcaSvc - ok
18:28:32.0551 2796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:28:32.0582 2796 pci - ok
18:28:32.0598 2796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:28:32.0613 2796 pciide - ok
18:28:32.0629 2796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:28:32.0644 2796 pcmcia - ok
18:28:32.0691 2796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:28:32.0707 2796 pcw - ok
18:28:32.0738 2796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:28:32.0785 2796 PEAUTH - ok
18:28:32.0847 2796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:28:32.0878 2796 PerfHost - ok
18:28:32.0941 2796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:28:33.0019 2796 pla - ok
18:28:33.0050 2796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:28:33.0097 2796 PlugPlay - ok
18:28:33.0112 2796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:28:33.0159 2796 PNRPAutoReg - ok
18:28:33.0190 2796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:28:33.0206 2796 PNRPsvc - ok
18:28:33.0253 2796 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
18:28:33.0253 2796 Point64 - ok
18:28:33.0300 2796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:28:33.0378 2796 PolicyAgent - ok
18:28:33.0409 2796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:28:33.0471 2796 Power - ok
18:28:33.0487 2796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:28:33.0549 2796 PptpMiniport - ok
18:28:33.0580 2796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:28:33.0627 2796 Processor - ok
18:28:33.0658 2796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:28:33.0721 2796 ProfSvc - ok
18:28:33.0721 2796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:28:33.0736 2796 ProtectedStorage - ok
18:28:33.0783 2796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:28:33.0846 2796 Psched - ok
18:28:33.0908 2796 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:28:33.0924 2796 PSI_SVC_2 - ok
18:28:33.0970 2796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:28:34.0017 2796 ql2300 - ok
18:28:34.0048 2796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:28:34.0064 2796 ql40xx - ok
18:28:34.0080 2796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:28:34.0111 2796 QWAVE - ok
18:28:34.0111 2796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:28:34.0158 2796 QWAVEdrv - ok
18:28:34.0173 2796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:28:34.0204 2796 RasAcd - ok
18:28:34.0236 2796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:34.0298 2796 RasAgileVpn - ok
18:28:34.0314 2796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:28:34.0376 2796 RasAuto - ok
18:28:34.0423 2796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:34.0501 2796 Rasl2tp - ok
18:28:34.0532 2796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:28:34.0579 2796 RasMan - ok
18:28:34.0626 2796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:34.0688 2796 RasPppoe - ok
18:28:34.0704 2796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:28:34.0782 2796 RasSstp - ok
18:28:34.0844 2796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:28:34.0906 2796 rdbss - ok
18:28:34.0922 2796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:28:34.0953 2796 rdpbus - ok
18:28:34.0984 2796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:35.0047 2796 RDPCDD - ok
18:28:35.0078 2796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:28:35.0125 2796 RDPENCDD - ok
18:28:35.0156 2796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:28:35.0187 2796 RDPREFMP - ok
18:28:35.0218 2796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:28:35.0281 2796 RDPWD - ok
18:28:35.0312 2796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:28:35.0359 2796 rdyboost - ok
18:28:35.0374 2796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:28:35.0437 2796 RemoteAccess - ok
18:28:35.0484 2796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:28:35.0546 2796 RemoteRegistry - ok
18:28:35.0655 2796 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:28:35.0686 2796 RichVideo ( UnsignedFile.Multi.Generic ) - warning
18:28:35.0686 2796 RichVideo - detected UnsignedFile.Multi.Generic (1)
18:28:35.0718 2796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:28:35.0780 2796 RpcEptMapper - ok
18:28:35.0811 2796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:28:35.0827 2796 RpcLocator - ok
18:28:35.0874 2796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:28:35.0936 2796 RpcSs - ok
18:28:35.0952 2796 rqttipne - ok
18:28:35.0967 2796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:28:36.0030 2796 rspndr - ok
18:28:36.0061 2796 [ 44ED82612403021E36998E1ECB1198F1 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
18:28:36.0076 2796 RSUSBSTOR - ok
18:28:36.0108 2796 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:28:36.0139 2796 RTL8167 - ok
18:28:36.0217 2796 [ A5986B46C4348CB35EBB98F220948DF7 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
18:28:36.0264 2796 rtl8192se - ok
18:28:36.0279 2796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:28:36.0295 2796 SamSs - ok
18:28:36.0310 2796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:28:36.0326 2796 sbp2port - ok
18:28:36.0357 2796 SBRE - ok
18:28:36.0373 2796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:28:36.0435 2796 SCardSvr - ok
18:28:36.0466 2796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:28:36.0513 2796 scfilter - ok
18:28:36.0560 2796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:28:36.0622 2796 Schedule - ok
18:28:36.0638 2796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:28:36.0685 2796 SCPolicySvc - ok
18:28:36.0700 2796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:28:36.0763 2796 SDRSVC - ok
18:28:36.0794 2796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:28:36.0872 2796 secdrv - ok
18:28:36.0903 2796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:28:36.0950 2796 seclogon - ok
18:28:36.0981 2796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:28:37.0044 2796 SENS - ok
18:28:37.0059 2796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:28:37.0106 2796 SensrSvc - ok
18:28:37.0122 2796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:28:37.0153 2796 Serenum - ok
18:28:37.0184 2796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:28:37.0231 2796 Serial - ok
18:28:37.0278 2796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:28:37.0309 2796 sermouse - ok
18:28:37.0371 2796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:28:37.0465 2796 SessionEnv - ok
18:28:37.0496 2796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:28:37.0543 2796 sffdisk - ok
18:28:37.0574 2796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:28:37.0621 2796 sffp_mmc - ok
18:28:37.0621 2796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:28:37.0683 2796 sffp_sd - ok
18:28:37.0714 2796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:28:37.0761 2796 sfloppy - ok
18:28:37.0792 2796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:28:37.0870 2796 SharedAccess - ok
18:28:37.0902 2796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:28:37.0948 2796 ShellHWDetection - ok
18:28:37.0964 2796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:28:37.0980 2796 SiSRaid2 - ok
18:28:38.0011 2796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:28:38.0042 2796 SiSRaid4 - ok
18:28:38.0073 2796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:28:38.0136 2796 Smb - ok
18:28:38.0151 2796 smsgiqvq - ok
18:28:38.0182 2796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:28:38.0214 2796 SNMPTRAP - ok
18:28:38.0229 2796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:28:38.0245 2796 spldr - ok
18:28:38.0276 2796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:28:38.0307 2796 Spooler - ok
18:28:38.0416 2796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:28:38.0526 2796 sppsvc - ok
18:28:38.0588 2796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:28:38.0666 2796 sppuinotify - ok
18:28:38.0728 2796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:28:38.0775 2796 srv - ok
18:28:38.0806 2796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:28:38.0853 2796 srv2 - ok
18:28:38.0869 2796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:28:38.0900 2796 srvnet - ok
18:28:38.0947 2796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:28:39.0009 2796 SSDPSRV - ok
18:28:39.0025 2796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:28:39.0056 2796 SstpSvc - ok
18:28:39.0103 2796 [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
18:28:39.0118 2796 ssudmdm - ok
18:28:39.0150 2796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:28:39.0150 2796 stexstor - ok
18:28:39.0197 2796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:28:39.0259 2796 stisvc - ok
18:28:39.0290 2796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:28:39.0306 2796 swenum - ok
18:28:39.0337 2796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:28:39.0415 2796 swprv - ok
18:28:39.0462 2796 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:28:39.0477 2796 SynTP - ok
18:28:39.0540 2796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:28:39.0587 2796 SysMain - ok
18:28:39.0633 2796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:28:39.0680 2796 TabletInputService - ok
18:28:39.0711 2796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:28:39.0758 2796 TapiSrv - ok
18:28:39.0789 2796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:28:39.0852 2796 TBS - ok
18:28:39.0930 2796 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:28:39.0977 2796 Tcpip - ok
18:28:40.0008 2796 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:28:40.0055 2796 TCPIP6 - ok
18:28:40.0086 2796 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:28:40.0117 2796 tcpipreg - ok
18:28:40.0148 2796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:28:40.0179 2796 TDPIPE - ok
18:28:40.0211 2796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:28:40.0242 2796 TDTCP - ok
18:28:40.0289 2796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:28:40.0335 2796 tdx - ok
18:28:40.0367 2796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:28:40.0398 2796 TermDD - ok
18:28:40.0429 2796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:28:40.0491 2796 TermService - ok
18:28:40.0523 2796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:28:40.0554 2796 Themes - ok
18:28:40.0554 2796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:28:40.0585 2796 THREADORDER - ok
18:28:40.0679 2796 [ 023317B4CB35E1E87FC12D43B7BA4864 ] TrdCap64 C:\Windows\system32\DRIVERS\TrdCap64.sys
18:28:40.0725 2796 TrdCap64 - ok
18:28:40.0757 2796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:28:40.0803 2796 TrkWks - ok
18:28:40.0866 2796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:28:40.0959 2796 TrustedInstaller - ok
18:28:40.0991 2796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:41.0069 2796 tssecsrv - ok
18:28:41.0115 2796 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:28:41.0162 2796 TsUsbFlt - ok
18:28:41.0193 2796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:28:41.0240 2796 tunnel - ok
18:28:41.0256 2796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:28:41.0271 2796 uagp35 - ok
18:28:41.0303 2796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:28:41.0349 2796 udfs - ok
18:28:41.0381 2796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:28:41.0396 2796 UI0Detect - ok
18:28:41.0412 2796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:28:41.0427 2796 uliagpkx - ok
18:28:41.0459 2796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:28:41.0474 2796 umbus - ok
18:28:41.0521 2796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:28:41.0552 2796 UmPass - ok
18:28:41.0693 2796 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:28:41.0739 2796 UNS - ok
18:28:41.0802 2796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:28:41.0864 2796 upnphost - ok
18:28:41.0911 2796 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:28:41.0942 2796 usbccgp - ok
18:28:41.0973 2796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:28:42.0005 2796 usbcir - ok
18:28:42.0051 2796 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:28:42.0067 2796 usbehci - ok
18:28:42.0083 2796 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:28:42.0098 2796 usbhub - ok
18:28:42.0129 2796 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:28:42.0129 2796 usbohci - ok
18:28:42.0161 2796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:28:42.0192 2796 usbprint - ok
18:28:42.0223 2796 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:28:42.0254 2796 usbscan - ok
18:28:42.0301 2796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:28:42.0332 2796 USBSTOR - ok
18:28:42.0348 2796 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:28:42.0379 2796 usbuhci - ok
18:28:42.0441 2796 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:28:42.0488 2796 usbvideo - ok
18:28:42.0519 2796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:28:42.0582 2796 UxSms - ok
18:28:42.0597 2796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:28:42.0613 2796 VaultSvc - ok
18:28:42.0644 2796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:28:42.0660 2796 vdrvroot - ok
18:28:42.0691 2796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:28:42.0738 2796 vds - ok
18:28:42.0769 2796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:28:42.0785 2796 vga - ok
18:28:42.0816 2796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:28:42.0863 2796 VgaSave - ok
18:28:42.0863 2796 vggekkrm - ok
18:28:42.0909 2796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:28:42.0925 2796 vhdmp - ok
18:28:42.0956 2796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:28:42.0956 2796 viaide - ok
18:28:42.0972 2796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:28:42.0987 2796 volmgr - ok
18:28:43.0034 2796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:28:43.0065 2796 volmgrx - ok
18:28:43.0097 2796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:28:43.0112 2796 volsnap - ok
18:28:43.0143 2796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:28:43.0143 2796 vsmraid - ok
18:28:43.0206 2796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:28:43.0284 2796 VSS - ok
18:28:43.0331 2796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:28:43.0393 2796 vwifibus - ok
18:28:43.0424 2796 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:28:43.0455 2796 vwififlt - ok
18:28:43.0487 2796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:28:43.0549 2796 W32Time - ok
18:28:43.0580 2796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:28:43.0611 2796 WacomPen - ok
18:28:43.0643 2796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:28:43.0705 2796 WANARP - ok
18:28:43.0705 2796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:28:43.0736 2796 Wanarpv6 - ok
18:28:43.0799 2796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:28:43.0877 2796 wbengine - ok
18:28:43.0892 2796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:28:43.0939 2796 WbioSrvc - ok
18:28:43.0970 2796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:28:44.0017 2796 wcncsvc - ok
18:28:44.0033 2796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:28:44.0095 2796 WcsPlugInService - ok
18:28:44.0111 2796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:28:44.0126 2796 Wd - ok
18:28:44.0173 2796 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:28:44.0204 2796 Wdf01000 - ok
18:28:44.0220 2796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:28:44.0329 2796 WdiServiceHost - ok
18:28:44.0329 2796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:28:44.0360 2796 WdiSystemHost - ok
18:28:44.0391 2796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:28:44.0423 2796 WebClient - ok
18:28:44.0438 2796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:28:44.0485 2796 Wecsvc - ok
18:28:44.0501 2796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:28:44.0547 2796 wercplsupport - ok
18:28:44.0563 2796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:28:44.0625 2796 WerSvc - ok
18:28:44.0657 2796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:28:44.0703 2796 WfpLwf - ok
18:28:44.0719 2796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:28:44.0735 2796 WIMMount - ok
18:28:44.0766 2796 WinDefend - ok
18:28:44.0766 2796 WinHttpAutoProxySvc - ok
18:28:44.0828 2796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:28:44.0906 2796 Winmgmt - ok
18:28:44.0984 2796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:28:45.0062 2796 WinRM - ok
18:28:45.0125 2796 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:28:45.0156 2796 WinUsb - ok
18:28:45.0234 2796 [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
18:28:45.0265 2796 WisLMSvc - ok
18:28:45.0296 2796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:28:45.0343 2796 Wlansvc - ok
18:28:45.0437 2796 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:28:45.0452 2796 wlcrasvc - ok
18:28:45.0530 2796 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:28:45.0577 2796 wlidsvc - ok
18:28:45.0608 2796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:28:45.0655 2796 WmiAcpi - ok
18:28:45.0686 2796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:28:45.0733 2796 wmiApSrv - ok
18:28:45.0780 2796 WMPNetworkSvc - ok
18:28:45.0795 2796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:28:45.0842 2796 WPCSvc - ok
18:28:45.0873 2796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:28:45.0905 2796 WPDBusEnum - ok
18:28:45.0967 2796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:28:46.0029 2796 ws2ifsl - ok
18:28:46.0045 2796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:28:46.0092 2796 wscsvc - ok
18:28:46.0107 2796 WSearch - ok
18:28:46.0185 2796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:28:46.0232 2796 wuauserv - ok
18:28:46.0263 2796 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:28:46.0295 2796 WudfPf - ok
18:28:46.0326 2796 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:28:46.0357 2796 WUDFRd - ok
18:28:46.0404 2796 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:28:46.0435 2796 wudfsvc - ok
18:28:46.0482 2796 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
18:28:46.0544 2796 WwanSvc - ok
18:28:46.0560 2796 [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
18:28:46.0575 2796 X10Hid - ok
18:28:46.0622 2796 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
18:28:46.0638 2796 x10nets ( UnsignedFile.Multi.Generic ) - warning
18:28:46.0638 2796 x10nets - detected UnsignedFile.Multi.Generic (1)
18:28:46.0669 2796 [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
18:28:46.0685 2796 XUIF - ok
18:28:46.0731 2796 ================ Scan global ===============================
18:28:46.0763 2796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:28:46.0794 2796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:28:46.0809 2796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:28:46.0825 2796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:28:46.0872 2796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:28:46.0872 2796 [Global] - ok
18:28:46.0872 2796 ================ Scan MBR ==================================
18:28:46.0887 2796 [ 8B790A79784018D2B00DC944072570F8 ] \Device\Harddisk0\DR0
18:28:49.0196 2796 \Device\Harddisk0\DR0 - ok
18:28:49.0196 2796 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
18:28:49.0321 2796 \Device\Harddisk1\DR1 - ok
18:28:49.0321 2796 ================ Scan VBR ==================================
18:28:49.0337 2796 [ DF0A5F15B0D2BD459D141162D87652BB ] \Device\Harddisk0\DR0\Partition1
18:28:49.0337 2796 \Device\Harddisk0\DR0\Partition1 - ok
18:28:49.0352 2796 [ C66BDF867758C7427BF47CF42AB5609E ] \Device\Harddisk0\DR0\Partition2
18:28:49.0368 2796 \Device\Harddisk0\DR0\Partition2 - ok
18:28:49.0383 2796 [ D57F010848173F6384103951015AB23C ] \Device\Harddisk0\DR0\Partition3
18:28:49.0383 2796 \Device\Harddisk0\DR0\Partition3 - ok
18:28:49.0383 2796 [ C6E1C70369D39067E02D730B9FEC10C5 ] \Device\Harddisk1\DR1\Partition1
18:28:49.0383 2796 \Device\Harddisk1\DR1\Partition1 - ok
18:28:49.0383 2796 ============================================================
18:28:49.0383 2796 Scan finished
18:28:49.0383 2796 ============================================================
18:28:49.0399 2056 Detected object count: 3
18:28:49.0399 2056 Actual detected object count: 3
18:30:05.0808 2056 NxpCap64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:05.0808 2056 NxpCap64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:05.0808 2056 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:05.0808 2056 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:05.0808 2056 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:05.0808 2056 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
][/CODE]

claudia123 11.07.2013 17:36
Code:
18:26:24.0521 1888  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:26:24.0802 1888  ============================================================
18:26:24.0802 1888  Current date / time: 2013/07/11 18:26:24.0802
18:26:24.0802 1888  SystemInfo:
18:26:24.0802 1888 
18:26:24.0802 1888  OS Version: 6.1.7601 ServicePack: 1.0
18:26:24.0802 1888  Product type: Workstation
18:26:24.0802 1888  ComputerName: MEZGERP-PC
18:26:24.0802 1888  UserName: mezgerp
18:26:24.0802 1888  Windows directory: C:\Windows
18:26:24.0802 1888  System windows directory: C:\Windows
18:26:24.0802 1888  Running under WOW64
18:26:24.0802 1888  Processor architecture: Intel x64
18:26:24.0802 1888  Number of processors: 4
18:26:24.0802 1888  Page size: 0x1000
18:26:24.0802 1888  Boot type: Normal boot
18:26:24.0802 1888  ============================================================
18:26:25.0114 1888  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:26:25.0130 1888  Drive \Device\Harddisk1\DR1 - Size: 0x73467E800 (28.82 Gb), SectorSize: 0x200, Cylinders: 0xEB2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:26:25.0130 1888  ============================================================
18:26:25.0130 1888  \Device\Harddisk0\DR0:
18:26:25.0130 1888  MBR partitions:
18:26:25.0130 1888  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:26:25.0130 1888  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2BDB9637
18:26:25.0130 1888  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BDEBE38, BlocksNum 0x1E86C1C8
18:26:25.0130 1888  \Device\Harddisk1\DR1:
18:26:25.0130 1888  MBR partitions:
18:26:25.0130 1888  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x39A2C81
18:26:25.0130 1888  ============================================================
18:26:25.0145 1888  C: <-> \Device\Harddisk0\DR0\Partition2
18:26:25.0177 1888  D: <-> \Device\Harddisk0\DR0\Partition3
18:26:25.0177 1888  ============================================================
18:26:25.0177 1888  Initialize success
18:26:25.0177 1888  ============================================================
18:28:12.0037 2796  ============================================================
18:28:12.0037 2796  Scan started
18:28:12.0037 2796  Mode: Manual; SigCheck; TDLFS;
18:28:12.0037 2796  ============================================================
18:28:12.0240 2796  ================ Scan system memory ========================
18:28:12.0240 2796  System memory - ok
18:28:12.0240 2796  ================ Scan services =============================
18:28:12.0380 2796  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:28:12.0474 2796  1394ohci - ok
18:28:12.0567 2796  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:28:12.0598 2796  ACPI - ok
18:28:12.0614 2796  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
18:28:12.0692 2796  AcpiPmi - ok
18:28:12.0739 2796  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
18:28:12.0786 2796  adp94xx - ok
18:28:12.0817 2796  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
18:28:12.0832 2796  adpahci - ok
18:28:12.0848 2796  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
18:28:12.0864 2796  adpu320 - ok
18:28:12.0895 2796  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
18:28:12.0973 2796  AeLookupSvc - ok
18:28:13.0066 2796  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
18:28:13.0129 2796  AFD - ok
18:28:13.0176 2796  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:28:13.0207 2796  agp440 - ok
18:28:13.0254 2796  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
18:28:13.0332 2796  ALG - ok
18:28:13.0347 2796  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:28:13.0363 2796  aliide - ok
18:28:13.0378 2796  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:28:13.0394 2796  amdide - ok
18:28:13.0410 2796  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
18:28:13.0456 2796  AmdK8 - ok
18:28:13.0488 2796  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:28:13.0550 2796  AmdPPM - ok
18:28:13.0612 2796  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
18:28:13.0628 2796  amdsata - ok
18:28:13.0675 2796  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:28:13.0690 2796  amdsbs - ok
18:28:13.0706 2796  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
18:28:13.0706 2796  amdxata - ok
18:28:13.0737 2796  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
18:28:13.0800 2796  AppID - ok
18:28:13.0831 2796  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:28:13.0909 2796  AppIDSvc - ok
18:28:13.0940 2796  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\Windows\System32\appinfo.dll
18:28:13.0971 2796  Appinfo - ok
18:28:14.0018 2796  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
18:28:14.0018 2796  arc - ok
18:28:14.0049 2796  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:28:14.0065 2796  arcsas - ok
18:28:14.0112 2796  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:14.0190 2796  AsyncMac - ok
18:28:14.0236 2796  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
18:28:14.0252 2796  atapi - ok
18:28:14.0283 2796  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:28:14.0361 2796  AudioEndpointBuilder - ok
18:28:14.0377 2796  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:28:14.0424 2796  AudioSrv - ok
18:28:14.0642 2796  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
18:28:14.0736 2796  AVGIDSAgent - ok
18:28:14.0798 2796  [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:28:14.0829 2796  AVGIDSDriver - ok
18:28:14.0876 2796  [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
18:28:14.0892 2796  AVGIDSHA - ok
18:28:14.0954 2796  [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
18:28:14.0985 2796  Avgldx64 - ok
18:28:15.0001 2796  [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga        C:\Windows\system32\DRIVERS\avgloga.sys
18:28:15.0016 2796  Avgloga - ok
18:28:15.0048 2796  [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
18:28:15.0063 2796  Avgmfx64 - ok
18:28:15.0094 2796  [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
18:28:15.0110 2796  Avgrkx64 - ok
18:28:15.0157 2796  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia        C:\Windows\system32\DRIVERS\avgtdia.sys
18:28:15.0188 2796  Avgtdia - ok
18:28:15.0235 2796  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd          C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
18:28:15.0266 2796  avgwd - ok
18:28:15.0297 2796  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:28:15.0391 2796  AxInstSV - ok
18:28:15.0438 2796  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
18:28:15.0500 2796  b06bdrv - ok
18:28:15.0516 2796  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:28:15.0578 2796  b57nd60a - ok
18:28:15.0625 2796  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:28:15.0656 2796  BDESVC - ok
18:28:15.0687 2796  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:28:15.0750 2796  Beep - ok
18:28:15.0812 2796  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
18:28:15.0921 2796  BFE - ok
18:28:15.0968 2796  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:28:16.0062 2796  BITS - ok
18:28:16.0093 2796  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:28:16.0140 2796  blbdrive - ok
18:28:16.0202 2796  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:28:16.0233 2796  bowser - ok
18:28:16.0280 2796  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:16.0342 2796  BrFiltLo - ok
18:28:16.0374 2796  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:16.0420 2796  BrFiltUp - ok
18:28:16.0452 2796  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
18:28:16.0514 2796  Browser - ok
18:28:16.0545 2796  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
18:28:16.0592 2796  Brserid - ok
18:28:16.0639 2796  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:16.0686 2796  BrSerWdm - ok
18:28:16.0717 2796  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:16.0764 2796  BrUsbMdm - ok
18:28:16.0795 2796  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:16.0826 2796  BrUsbSer - ok
18:28:16.0857 2796  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:28:16.0904 2796  BTHMODEM - ok
18:28:16.0951 2796  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
18:28:17.0013 2796  bthserv - ok
18:28:17.0091 2796  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:28:17.0185 2796  cdfs - ok
18:28:17.0232 2796  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
18:28:17.0278 2796  cdrom - ok
18:28:17.0310 2796  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
18:28:17.0372 2796  CertPropSvc - ok
18:28:17.0419 2796  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:28:17.0466 2796  circlass - ok
18:28:17.0528 2796  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:28:17.0559 2796  CLFS - ok
18:28:17.0622 2796  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:17.0637 2796  clr_optimization_v2.0.50727_32 - ok
18:28:17.0684 2796  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:28:17.0715 2796  clr_optimization_v2.0.50727_64 - ok
18:28:17.0778 2796  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:17.0809 2796  clr_optimization_v4.0.30319_32 - ok
18:28:17.0824 2796  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:28:17.0840 2796  clr_optimization_v4.0.30319_64 - ok
18:28:17.0887 2796  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd          C:\Windows\system32\DRIVERS\clwvd.sys
18:28:17.0902 2796  clwvd - ok
18:28:17.0949 2796  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:17.0996 2796  CmBatt - ok
18:28:18.0027 2796  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:28:18.0043 2796  cmdide - ok
18:28:18.0090 2796  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
18:28:18.0121 2796  CNG - ok
18:28:18.0168 2796  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:28:18.0199 2796  Compbatt - ok
18:28:18.0230 2796  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:28:18.0277 2796  CompositeBus - ok
18:28:18.0308 2796  COMSysApp - ok
18:28:18.0339 2796  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:18.0355 2796  crcdisk - ok
18:28:18.0386 2796  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:28:18.0417 2796  CryptSvc - ok
18:28:18.0448 2796  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:28:18.0511 2796  DcomLaunch - ok
18:28:18.0542 2796  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
18:28:18.0604 2796  defragsvc - ok
18:28:18.0667 2796  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:28:18.0745 2796  DfsC - ok
18:28:18.0807 2796  [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:28:18.0823 2796  dg_ssudbus - ok
18:28:18.0870 2796  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:28:18.0948 2796  Dhcp - ok
18:28:18.0994 2796  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:28:19.0072 2796  discache - ok
18:28:19.0119 2796  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:28:19.0150 2796  Disk - ok
18:28:19.0182 2796  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:28:19.0244 2796  Dnscache - ok
18:28:19.0260 2796  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
18:28:19.0322 2796  dot3svc - ok
18:28:19.0369 2796  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
18:28:19.0447 2796  DPS - ok
18:28:19.0494 2796  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
18:28:19.0540 2796  drmkaud - ok
18:28:19.0634 2796  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
18:28:19.0681 2796  DXGKrnl - ok
18:28:19.0712 2796  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
18:28:19.0774 2796  EapHost - ok
18:28:19.0884 2796  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
18:28:19.0946 2796  ebdrv - ok
18:28:19.0977 2796  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
18:28:20.0040 2796  EFS - ok
18:28:20.0133 2796  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
18:28:20.0227 2796  ehRecvr - ok
18:28:20.0258 2796  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
18:28:20.0320 2796  ehSched - ok
18:28:20.0352 2796  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
18:28:20.0398 2796  elxstor - ok
18:28:20.0414 2796  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:28:20.0461 2796  ErrDev - ok
18:28:20.0523 2796  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
18:28:20.0601 2796  EventSystem - ok
18:28:20.0648 2796  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
18:28:20.0710 2796  exfat - ok
18:28:20.0757 2796  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
18:28:20.0835 2796  fastfat - ok
18:28:20.0882 2796  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
18:28:20.0960 2796  Fax - ok
18:28:20.0976 2796  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
18:28:21.0007 2796  fdc - ok
18:28:21.0038 2796  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
18:28:21.0147 2796  fdPHost - ok
18:28:21.0163 2796  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:28:21.0256 2796  FDResPub - ok
18:28:21.0334 2796  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:28:21.0350 2796  FileInfo - ok
18:28:21.0381 2796  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
18:28:21.0428 2796  Filetrace - ok
18:28:21.0444 2796  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:21.0490 2796  flpydisk - ok
18:28:21.0553 2796  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:28:21.0584 2796  FltMgr - ok
18:28:21.0631 2796  [ C4C183E6551084039EC862DA1C945E3D ] FontCache      C:\Windows\system32\FntCache.dll
18:28:21.0693 2796  FontCache - ok
18:28:21.0740 2796  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:28:21.0771 2796  FontCache3.0.0.0 - ok
18:28:21.0787 2796  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
18:28:21.0802 2796  FsDepends - ok
18:28:21.0849 2796  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:28:21.0865 2796  Fs_Rec - ok
18:28:21.0896 2796  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:28:21.0912 2796  fvevol - ok
18:28:21.0943 2796  fvnjrxdx - ok
18:28:21.0958 2796  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:21.0974 2796  gagp30kx - ok
18:28:22.0021 2796  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
18:28:22.0083 2796  gpsvc - ok
18:28:22.0161 2796  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:22.0192 2796  gupdate - ok
18:28:22.0208 2796  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:22.0208 2796  gupdatem - ok
18:28:22.0239 2796  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:28:22.0255 2796  gusvc - ok
18:28:22.0286 2796  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:28:22.0333 2796  hcw85cir - ok
18:28:22.0364 2796  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:28:22.0411 2796  HdAudAddService - ok
18:28:22.0442 2796  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:28:22.0473 2796  HDAudBus - ok
18:28:22.0520 2796  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
18:28:22.0551 2796  HECIx64 - ok
18:28:22.0582 2796  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:22.0629 2796  HidBatt - ok
18:28:22.0660 2796  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:28:22.0692 2796  HidBth - ok
18:28:22.0723 2796  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
18:28:22.0738 2796  HidIr - ok
18:28:22.0754 2796  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
18:28:22.0801 2796  hidserv - ok
18:28:22.0816 2796  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:28:22.0832 2796  HidUsb - ok
18:28:22.0863 2796  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:28:22.0941 2796  hkmsvc - ok
18:28:22.0972 2796  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:28:23.0050 2796  HomeGroupListener - ok
18:28:23.0082 2796  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:28:23.0128 2796  HomeGroupProvider - ok
18:28:23.0160 2796  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:28:23.0175 2796  HpSAMD - ok
18:28:23.0238 2796  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:28:23.0316 2796  HTTP - ok
18:28:23.0378 2796  [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:28:23.0425 2796  hwdatacard - ok
18:28:23.0456 2796  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:28:23.0472 2796  hwpolicy - ok
18:28:23.0503 2796  [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
18:28:23.0550 2796  hwusbdev - ok
18:28:23.0596 2796  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:28:23.0628 2796  i8042prt - ok
18:28:23.0643 2796  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:28:23.0659 2796  iaStor - ok
18:28:23.0737 2796  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:28:23.0752 2796  IAStorDataMgrSvc - ok
18:28:23.0768 2796  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
18:28:23.0799 2796  iaStorV - ok
18:28:23.0862 2796  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:28:23.0893 2796  idsvc - ok
18:28:24.0174 2796  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:28:24.0298 2796  igfx - ok
18:28:24.0330 2796  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
18:28:24.0361 2796  iirsp - ok
18:28:24.0408 2796  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:28:24.0501 2796  IKEEXT - ok
18:28:24.0579 2796  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
18:28:24.0610 2796  Impcd - ok
18:28:24.0735 2796  [ 4E2745DB3ADEF0FFA5E14857666AAE13 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:28:24.0798 2796  IntcAzAudAddService - ok
18:28:24.0844 2796  [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:28:24.0876 2796  IntcDAud - ok
18:28:24.0891 2796  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:28:24.0907 2796  intelide - ok
18:28:24.0938 2796  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:28:24.0985 2796  intelppm - ok
18:28:25.0016 2796  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
18:28:25.0094 2796  IPBusEnum - ok
18:28:25.0125 2796  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:25.0172 2796  IpFilterDriver - ok
18:28:25.0203 2796  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:28:25.0234 2796  iphlpsvc - ok
18:28:25.0266 2796  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
18:28:25.0297 2796  IPMIDRV - ok
18:28:25.0328 2796  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
18:28:25.0406 2796  IPNAT - ok
18:28:25.0437 2796  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:28:25.0484 2796  IRENUM - ok
18:28:25.0515 2796  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:28:25.0531 2796  isapnp - ok
18:28:25.0562 2796  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:28:25.0578 2796  iScsiPrt - ok
18:28:25.0578 2796  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:28:25.0593 2796  kbdclass - ok
18:28:25.0624 2796  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:28:25.0656 2796  kbdhid - ok
18:28:25.0671 2796  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:28:25.0687 2796  KeyIso - ok
18:28:25.0718 2796  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:28:25.0734 2796  KSecDD - ok
18:28:25.0749 2796  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
18:28:25.0765 2796  KSecPkg - ok
18:28:25.0780 2796  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
18:28:25.0827 2796  ksthunk - ok
18:28:25.0874 2796  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
18:28:25.0936 2796  KtmRm - ok
18:28:25.0999 2796  [ 48686C29856F46443952A831424F8D6F ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
18:28:26.0014 2796  L1C - ok
18:28:26.0046 2796  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:28:26.0108 2796  LanmanServer - ok
18:28:26.0139 2796  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:28:26.0217 2796  LanmanWorkstation - ok
18:28:26.0248 2796  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:28:26.0326 2796  lltdio - ok
18:28:26.0358 2796  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
18:28:26.0420 2796  lltdsvc - ok
18:28:26.0451 2796  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
18:28:26.0498 2796  lmhosts - ok
18:28:26.0576 2796  [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:28:26.0607 2796  LMS - ok
18:28:26.0638 2796  lnqsfepf - ok
18:28:26.0670 2796  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:28:26.0685 2796  LSI_FC - ok
18:28:26.0701 2796  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
18:28:26.0716 2796  LSI_SAS - ok
18:28:26.0763 2796  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:28:26.0779 2796  LSI_SAS2 - ok
18:28:26.0794 2796  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:28:26.0810 2796  LSI_SCSI - ok
18:28:26.0841 2796  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
18:28:26.0904 2796  luafv - ok
18:28:26.0919 2796  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
18:28:26.0950 2796  Mcx2Svc - ok
18:28:27.0044 2796  [ 11F714F85530A2BD134074DC30E99FCA ] MDM            C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:28:27.0075 2796  MDM - ok
18:28:27.0091 2796  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
18:28:27.0106 2796  megasas - ok
18:28:27.0138 2796  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:28:27.0169 2796  MegaSR - ok
18:28:27.0184 2796  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
18:28:27.0247 2796  MMCSS - ok
18:28:27.0309 2796  [ B6187C5F104DA7F2519BB996F9653F01 ] mod7764        C:\Windows\system32\DRIVERS\mod77-64.sys
18:28:27.0387 2796  mod7764 - ok
18:28:27.0418 2796  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
18:28:27.0496 2796  Modem - ok
18:28:27.0528 2796  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
18:28:27.0574 2796  monitor - ok
18:28:27.0606 2796  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:28:27.0621 2796  mouclass - ok
18:28:27.0637 2796  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:28:27.0668 2796  mouhid - ok
18:28:27.0699 2796  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:28:27.0715 2796  mountmgr - ok
18:28:27.0746 2796  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:28:27.0762 2796  mpio - ok
18:28:27.0824 2796  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:28:27.0886 2796  mpsdrv - ok
18:28:27.0933 2796  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:28:28.0027 2796  MpsSvc - ok
18:28:28.0058 2796  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:28:28.0120 2796  MRxDAV - ok
18:28:28.0152 2796  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:28.0183 2796  mrxsmb - ok
18:28:28.0245 2796  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:28.0292 2796  mrxsmb10 - ok
18:28:28.0308 2796  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:28.0354 2796  mrxsmb20 - ok
18:28:28.0386 2796  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:28:28.0417 2796  msahci - ok
18:28:28.0448 2796  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
18:28:28.0464 2796  msdsm - ok
18:28:28.0495 2796  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
18:28:28.0526 2796  MSDTC - ok
18:28:28.0573 2796  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:28:28.0635 2796  Msfs - ok
18:28:28.0651 2796  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
18:28:28.0713 2796  mshidkmdf - ok
18:28:28.0744 2796  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:28:28.0760 2796  msisadrv - ok
18:28:28.0791 2796  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
18:28:28.0869 2796  MSiSCSI - ok
18:28:28.0869 2796  msiserver - ok
18:28:28.0900 2796  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
18:28:28.0932 2796  MSKSSRV - ok
18:28:28.0963 2796  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:29.0010 2796  MSPCLOCK - ok
18:28:29.0041 2796  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
18:28:29.0088 2796  MSPQM - ok
18:28:29.0119 2796  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
18:28:29.0134 2796  MsRPC - ok
18:28:29.0166 2796  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:28:29.0181 2796  mssmbios - ok
18:28:29.0197 2796  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
18:28:29.0259 2796  MSTEE - ok
18:28:29.0290 2796  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:28:29.0322 2796  MTConfig - ok
18:28:29.0337 2796  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
18:28:29.0353 2796  Mup - ok
18:28:29.0384 2796  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:28:29.0446 2796  napagent - ok
18:28:29.0462 2796  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
18:28:29.0509 2796  NativeWifiP - ok
18:28:29.0556 2796  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:28:29.0602 2796  NDIS - ok
18:28:29.0618 2796  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:29.0680 2796  NdisCap - ok
18:28:29.0727 2796  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:29.0790 2796  NdisTapi - ok
18:28:29.0821 2796  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:29.0868 2796  Ndisuio - ok
18:28:29.0930 2796  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:29.0977 2796  NdisWan - ok
18:28:30.0008 2796  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
18:28:30.0039 2796  NDProxy - ok
18:28:30.0055 2796  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
18:28:30.0102 2796  NetBIOS - ok
18:28:30.0148 2796  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
18:28:30.0226 2796  NetBT - ok
18:28:30.0242 2796  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:28:30.0258 2796  Netlogon - ok
18:28:30.0289 2796  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:28:30.0382 2796  Netman - ok
18:28:30.0414 2796  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:28:30.0460 2796  netprofm - ok
18:28:30.0492 2796  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:28:30.0523 2796  NetTcpPortSharing - ok
18:28:30.0570 2796  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
18:28:30.0585 2796  nfrd960 - ok
18:28:30.0616 2796  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:28:30.0663 2796  NlaSvc - ok
18:28:30.0679 2796  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:28:30.0726 2796  Npfs - ok
18:28:30.0757 2796  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
18:28:30.0788 2796  nsi - ok
18:28:30.0804 2796  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:28:30.0850 2796  nsiproxy - ok
18:28:30.0913 2796  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:28:30.0960 2796  Ntfs - ok
18:28:30.0975 2796  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:28:31.0069 2796  Null - ok
18:28:31.0131 2796  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:28:31.0178 2796  nusb3hub - ok
18:28:31.0209 2796  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:28:31.0240 2796  nusb3xhc - ok
18:28:31.0474 2796  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:28:31.0662 2796  nvlddmkm - ok
18:28:31.0724 2796  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:28:31.0755 2796  nvraid - ok
18:28:31.0771 2796  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:28:31.0786 2796  nvstor - ok
18:28:31.0802 2796  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:28:31.0818 2796  nv_agp - ok
18:28:31.0880 2796  [ C64097401081D5D641924E8B96332F75 ] NxpCap64        C:\Windows\system32\DRIVERS\NxpCap64.sys
18:28:31.0958 2796  NxpCap64 ( UnsignedFile.Multi.Generic ) - warning
18:28:31.0958 2796  NxpCap64 - detected UnsignedFile.Multi.Generic (1)
18:28:31.0989 2796  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:28:32.0052 2796  ohci1394 - ok
18:28:32.0098 2796  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:28:32.0114 2796  ose - ok
18:28:32.0161 2796  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:28:32.0223 2796  p2pimsvc - ok
18:28:32.0270 2796  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:28:32.0317 2796  p2psvc - ok
18:28:32.0332 2796  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
18:28:32.0364 2796  Parport - ok
18:28:32.0395 2796  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
18:28:32.0410 2796  partmgr - ok
18:28:32.0426 2796  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:28:32.0488 2796  PcaSvc - ok
18:28:32.0551 2796  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
18:28:32.0582 2796  pci - ok
18:28:32.0598 2796  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:28:32.0613 2796  pciide - ok
18:28:32.0629 2796  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:28:32.0644 2796  pcmcia - ok
18:28:32.0691 2796  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
18:28:32.0707 2796  pcw - ok
18:28:32.0738 2796  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:28:32.0785 2796  PEAUTH - ok
18:28:32.0847 2796  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:28:32.0878 2796  PerfHost - ok
18:28:32.0941 2796  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
18:28:33.0019 2796  pla - ok
18:28:33.0050 2796  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:28:33.0097 2796  PlugPlay - ok
18:28:33.0112 2796  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
18:28:33.0159 2796  PNRPAutoReg - ok
18:28:33.0190 2796  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
18:28:33.0206 2796  PNRPsvc - ok
18:28:33.0253 2796  [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64        C:\Windows\system32\DRIVERS\point64.sys
18:28:33.0253 2796  Point64 - ok
18:28:33.0300 2796  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
18:28:33.0378 2796  PolicyAgent - ok
18:28:33.0409 2796  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
18:28:33.0471 2796  Power - ok
18:28:33.0487 2796  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:28:33.0549 2796  PptpMiniport - ok
18:28:33.0580 2796  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
18:28:33.0627 2796  Processor - ok
18:28:33.0658 2796  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
18:28:33.0721 2796  ProfSvc - ok
18:28:33.0721 2796  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:28:33.0736 2796  ProtectedStorage - ok
18:28:33.0783 2796  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:28:33.0846 2796  Psched - ok
18:28:33.0908 2796  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2      c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:28:33.0924 2796  PSI_SVC_2 - ok
18:28:33.0970 2796  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:28:34.0017 2796  ql2300 - ok
18:28:34.0048 2796  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:28:34.0064 2796  ql40xx - ok
18:28:34.0080 2796  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
18:28:34.0111 2796  QWAVE - ok
18:28:34.0111 2796  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:28:34.0158 2796  QWAVEdrv - ok
18:28:34.0173 2796  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:28:34.0204 2796  RasAcd - ok
18:28:34.0236 2796  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:34.0298 2796  RasAgileVpn - ok
18:28:34.0314 2796  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
18:28:34.0376 2796  RasAuto - ok
18:28:34.0423 2796  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:34.0501 2796  Rasl2tp - ok
18:28:34.0532 2796  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:28:34.0579 2796  RasMan - ok
18:28:34.0626 2796  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:34.0688 2796  RasPppoe - ok
18:28:34.0704 2796  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
18:28:34.0782 2796  RasSstp - ok
18:28:34.0844 2796  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
18:28:34.0906 2796  rdbss - ok
18:28:34.0922 2796  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:28:34.0953 2796  rdpbus - ok
18:28:34.0984 2796  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:35.0047 2796  RDPCDD - ok
18:28:35.0078 2796  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:28:35.0125 2796  RDPENCDD - ok
18:28:35.0156 2796  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:28:35.0187 2796  RDPREFMP - ok
18:28:35.0218 2796  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
18:28:35.0281 2796  RDPWD - ok
18:28:35.0312 2796  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:28:35.0359 2796  rdyboost - ok
18:28:35.0374 2796  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:28:35.0437 2796  RemoteAccess - ok
18:28:35.0484 2796  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:28:35.0546 2796  RemoteRegistry - ok
18:28:35.0655 2796  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:28:35.0686 2796  RichVideo ( UnsignedFile.Multi.Generic ) - warning
18:28:35.0686 2796  RichVideo - detected UnsignedFile.Multi.Generic (1)
18:28:35.0718 2796  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:28:35.0780 2796  RpcEptMapper - ok
18:28:35.0811 2796  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:28:35.0827 2796  RpcLocator - ok
18:28:35.0874 2796  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
18:28:35.0936 2796  RpcSs - ok
18:28:35.0952 2796  rqttipne - ok
18:28:35.0967 2796  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:28:36.0030 2796  rspndr - ok
18:28:36.0061 2796  [ 44ED82612403021E36998E1ECB1198F1 ] RSUSBSTOR      C:\Windows\System32\Drivers\RtsUStor.sys
18:28:36.0076 2796  RSUSBSTOR - ok
18:28:36.0108 2796  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
18:28:36.0139 2796  RTL8167 - ok
18:28:36.0217 2796  [ A5986B46C4348CB35EBB98F220948DF7 ] rtl8192se      C:\Windows\system32\DRIVERS\rtl8192se.sys
18:28:36.0264 2796  rtl8192se - ok
18:28:36.0279 2796  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
18:28:36.0295 2796  SamSs - ok
18:28:36.0310 2796  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:28:36.0326 2796  sbp2port - ok
18:28:36.0357 2796  SBRE - ok
18:28:36.0373 2796  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:28:36.0435 2796  SCardSvr - ok
18:28:36.0466 2796  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:28:36.0513 2796  scfilter - ok
18:28:36.0560 2796  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:28:36.0622 2796  Schedule - ok
18:28:36.0638 2796  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
18:28:36.0685 2796  SCPolicySvc - ok
18:28:36.0700 2796  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:28:36.0763 2796  SDRSVC - ok
18:28:36.0794 2796  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:28:36.0872 2796  secdrv - ok
18:28:36.0903 2796  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:28:36.0950 2796  seclogon - ok
18:28:36.0981 2796  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:28:37.0044 2796  SENS - ok
18:28:37.0059 2796  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:28:37.0106 2796  SensrSvc - ok
18:28:37.0122 2796  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
18:28:37.0153 2796  Serenum - ok
18:28:37.0184 2796  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:28:37.0231 2796  Serial - ok
18:28:37.0278 2796  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:28:37.0309 2796  sermouse - ok
18:28:37.0371 2796  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:28:37.0465 2796  SessionEnv - ok
18:28:37.0496 2796  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
18:28:37.0543 2796  sffdisk - ok
18:28:37.0574 2796  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:28:37.0621 2796  sffp_mmc - ok
18:28:37.0621 2796  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
18:28:37.0683 2796  sffp_sd - ok
18:28:37.0714 2796  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
18:28:37.0761 2796  sfloppy - ok
18:28:37.0792 2796  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:28:37.0870 2796  SharedAccess - ok
18:28:37.0902 2796  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:28:37.0948 2796  ShellHWDetection - ok
18:28:37.0964 2796  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:28:37.0980 2796  SiSRaid2 - ok
18:28:38.0011 2796  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:28:38.0042 2796  SiSRaid4 - ok
18:28:38.0073 2796  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
18:28:38.0136 2796  Smb - ok
18:28:38.0151 2796  smsgiqvq - ok
18:28:38.0182 2796  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:28:38.0214 2796  SNMPTRAP - ok
18:28:38.0229 2796  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
18:28:38.0245 2796  spldr - ok
18:28:38.0276 2796  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
18:28:38.0307 2796  Spooler - ok
18:28:38.0416 2796  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:28:38.0526 2796  sppsvc - ok
18:28:38.0588 2796  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
18:28:38.0666 2796  sppuinotify - ok
18:28:38.0728 2796  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
18:28:38.0775 2796  srv - ok
18:28:38.0806 2796  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:28:38.0853 2796  srv2 - ok
18:28:38.0869 2796  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:28:38.0900 2796  srvnet - ok
18:28:38.0947 2796  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
18:28:39.0009 2796  SSDPSRV - ok
18:28:39.0025 2796  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
18:28:39.0056 2796  SstpSvc - ok
18:28:39.0103 2796  [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
18:28:39.0118 2796  ssudmdm - ok
18:28:39.0150 2796  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:28:39.0150 2796  stexstor - ok
18:28:39.0197 2796  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:28:39.0259 2796  stisvc - ok
18:28:39.0290 2796  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:28:39.0306 2796  swenum - ok
18:28:39.0337 2796  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
18:28:39.0415 2796  swprv - ok
18:28:39.0462 2796  [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
18:28:39.0477 2796  SynTP - ok
18:28:39.0540 2796  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
18:28:39.0587 2796  SysMain - ok
18:28:39.0633 2796  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:28:39.0680 2796  TabletInputService - ok
18:28:39.0711 2796  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
18:28:39.0758 2796  TapiSrv - ok
18:28:39.0789 2796  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
18:28:39.0852 2796  TBS - ok
18:28:39.0930 2796  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
18:28:39.0977 2796  Tcpip - ok
18:28:40.0008 2796  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:28:40.0055 2796  TCPIP6 - ok
18:28:40.0086 2796  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:28:40.0117 2796  tcpipreg - ok
18:28:40.0148 2796  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:28:40.0179 2796  TDPIPE - ok
18:28:40.0211 2796  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
18:28:40.0242 2796  TDTCP - ok
18:28:40.0289 2796  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
18:28:40.0335 2796  tdx - ok
18:28:40.0367 2796  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:28:40.0398 2796  TermDD - ok
18:28:40.0429 2796  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
18:28:40.0491 2796  TermService - ok
18:28:40.0523 2796  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:28:40.0554 2796  Themes - ok
18:28:40.0554 2796  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
18:28:40.0585 2796  THREADORDER - ok
18:28:40.0679 2796  [ 023317B4CB35E1E87FC12D43B7BA4864 ] TrdCap64        C:\Windows\system32\DRIVERS\TrdCap64.sys
18:28:40.0725 2796  TrdCap64 - ok
18:28:40.0757 2796  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:28:40.0803 2796  TrkWks - ok
18:28:40.0866 2796  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:28:40.0959 2796  TrustedInstaller - ok
18:28:40.0991 2796  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:41.0069 2796  tssecsrv - ok
18:28:41.0115 2796  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:28:41.0162 2796  TsUsbFlt - ok
18:28:41.0193 2796  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:28:41.0240 2796  tunnel - ok
18:28:41.0256 2796  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:28:41.0271 2796  uagp35 - ok
18:28:41.0303 2796  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:28:41.0349 2796  udfs - ok
18:28:41.0381 2796  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
18:28:41.0396 2796  UI0Detect - ok
18:28:41.0412 2796  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:28:41.0427 2796  uliagpkx - ok
18:28:41.0459 2796  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
18:28:41.0474 2796  umbus - ok
18:28:41.0521 2796  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:28:41.0552 2796  UmPass - ok
18:28:41.0693 2796  [ AF905F4966CFC8B973623AB150CD4B2B ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:28:41.0739 2796  UNS - ok
18:28:41.0802 2796  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:28:41.0864 2796  upnphost - ok
18:28:41.0911 2796  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
18:28:41.0942 2796  usbccgp - ok
18:28:41.0973 2796  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:28:42.0005 2796  usbcir - ok
18:28:42.0051 2796  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
18:28:42.0067 2796  usbehci - ok
18:28:42.0083 2796  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:28:42.0098 2796  usbhub - ok
18:28:42.0129 2796  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
18:28:42.0129 2796  usbohci - ok
18:28:42.0161 2796  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:28:42.0192 2796  usbprint - ok
18:28:42.0223 2796  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
18:28:42.0254 2796  usbscan - ok
18:28:42.0301 2796  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:28:42.0332 2796  USBSTOR - ok
18:28:42.0348 2796  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
18:28:42.0379 2796  usbuhci - ok
18:28:42.0441 2796  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:28:42.0488 2796  usbvideo - ok
18:28:42.0519 2796  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
18:28:42.0582 2796  UxSms - ok
18:28:42.0597 2796  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:28:42.0613 2796  VaultSvc - ok
18:28:42.0644 2796  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:28:42.0660 2796  vdrvroot - ok
18:28:42.0691 2796  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
18:28:42.0738 2796  vds - ok
18:28:42.0769 2796  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
18:28:42.0785 2796  vga - ok
18:28:42.0816 2796  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
18:28:42.0863 2796  VgaSave - ok
18:28:42.0863 2796  vggekkrm - ok
18:28:42.0909 2796  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
18:28:42.0925 2796  vhdmp - ok
18:28:42.0956 2796  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:28:42.0956 2796  viaide - ok
18:28:42.0972 2796  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:28:42.0987 2796  volmgr - ok
18:28:43.0034 2796  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
18:28:43.0065 2796  volmgrx - ok
18:28:43.0097 2796  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
18:28:43.0112 2796  volsnap - ok
18:28:43.0143 2796  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
18:28:43.0143 2796  vsmraid - ok
18:28:43.0206 2796  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
18:28:43.0284 2796  VSS - ok
18:28:43.0331 2796  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:28:43.0393 2796  vwifibus - ok
18:28:43.0424 2796  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:28:43.0455 2796  vwififlt - ok
18:28:43.0487 2796  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
18:28:43.0549 2796  W32Time - ok
18:28:43.0580 2796  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:28:43.0611 2796  WacomPen - ok
18:28:43.0643 2796  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:28:43.0705 2796  WANARP - ok
18:28:43.0705 2796  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:28:43.0736 2796  Wanarpv6 - ok
18:28:43.0799 2796  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:28:43.0877 2796  wbengine - ok
18:28:43.0892 2796  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:28:43.0939 2796  WbioSrvc - ok
18:28:43.0970 2796  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
18:28:44.0017 2796  wcncsvc - ok
18:28:44.0033 2796  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:28:44.0095 2796  WcsPlugInService - ok
18:28:44.0111 2796  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:28:44.0126 2796  Wd - ok
18:28:44.0173 2796  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:28:44.0204 2796  Wdf01000 - ok
18:28:44.0220 2796  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:28:44.0329 2796  WdiServiceHost - ok
18:28:44.0329 2796  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
18:28:44.0360 2796  WdiSystemHost - ok
18:28:44.0391 2796  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
18:28:44.0423 2796  WebClient - ok
18:28:44.0438 2796  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:28:44.0485 2796  Wecsvc - ok
18:28:44.0501 2796  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
18:28:44.0547 2796  wercplsupport - ok
18:28:44.0563 2796  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:28:44.0625 2796  WerSvc - ok
18:28:44.0657 2796  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:28:44.0703 2796  WfpLwf - ok
18:28:44.0719 2796  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:28:44.0735 2796  WIMMount - ok
18:28:44.0766 2796  WinDefend - ok
18:28:44.0766 2796  WinHttpAutoProxySvc - ok
18:28:44.0828 2796  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
18:28:44.0906 2796  Winmgmt - ok
18:28:44.0984 2796  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
18:28:45.0062 2796  WinRM - ok
18:28:45.0125 2796  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:28:45.0156 2796  WinUsb - ok
18:28:45.0234 2796  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
18:28:45.0265 2796  WisLMSvc - ok
18:28:45.0296 2796  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
18:28:45.0343 2796  Wlansvc - ok
18:28:45.0437 2796  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:28:45.0452 2796  wlcrasvc - ok
18:28:45.0530 2796  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:28:45.0577 2796  wlidsvc - ok
18:28:45.0608 2796  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
18:28:45.0655 2796  WmiAcpi - ok
18:28:45.0686 2796  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:28:45.0733 2796  wmiApSrv - ok
18:28:45.0780 2796  WMPNetworkSvc - ok
18:28:45.0795 2796  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:28:45.0842 2796  WPCSvc - ok
18:28:45.0873 2796  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:28:45.0905 2796  WPDBusEnum - ok
18:28:45.0967 2796  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
18:28:46.0029 2796  ws2ifsl - ok
18:28:46.0045 2796  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:28:46.0092 2796  wscsvc - ok
18:28:46.0107 2796  WSearch - ok
18:28:46.0185 2796  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:28:46.0232 2796  wuauserv - ok
18:28:46.0263 2796  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:28:46.0295 2796  WudfPf - ok
18:28:46.0326 2796  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:28:46.0357 2796  WUDFRd - ok
18:28:46.0404 2796  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
18:28:46.0435 2796  wudfsvc - ok
18:28:46.0482 2796  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\Windows\System32\wwansvc.dll
18:28:46.0544 2796  WwanSvc - ok
18:28:46.0560 2796  [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid          C:\Windows\System32\Drivers\x10hid.sys
18:28:46.0575 2796  X10Hid - ok
18:28:46.0622 2796  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets        C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
18:28:46.0638 2796  x10nets ( UnsignedFile.Multi.Generic ) - warning
18:28:46.0638 2796  x10nets - detected UnsignedFile.Multi.Generic (1)
18:28:46.0669 2796  [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF            C:\Windows\System32\Drivers\x10ufx2.sys
18:28:46.0685 2796  XUIF - ok
18:28:46.0731 2796  ================ Scan global ===============================
18:28:46.0763 2796  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:28:46.0794 2796  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:28:46.0809 2796  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:28:46.0825 2796  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:28:46.0872 2796  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:28:46.0872 2796  [Global] - ok
18:28:46.0872 2796  ================ Scan MBR ==================================
18:28:46.0887 2796  [ 8B790A79784018D2B00DC944072570F8 ] \Device\Harddisk0\DR0
18:28:49.0196 2796  \Device\Harddisk0\DR0 - ok
18:28:49.0196 2796  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
18:28:49.0321 2796  \Device\Harddisk1\DR1 - ok
18:28:49.0321 2796  ================ Scan VBR ==================================
18:28:49.0337 2796  [ DF0A5F15B0D2BD459D141162D87652BB ] \Device\Harddisk0\DR0\Partition1
18:28:49.0337 2796  \Device\Harddisk0\DR0\Partition1 - ok
18:28:49.0352 2796  [ C66BDF867758C7427BF47CF42AB5609E ] \Device\Harddisk0\DR0\Partition2
18:28:49.0368 2796  \Device\Harddisk0\DR0\Partition2 - ok
18:28:49.0383 2796  [ D57F010848173F6384103951015AB23C ] \Device\Harddisk0\DR0\Partition3
18:28:49.0383 2796  \Device\Harddisk0\DR0\Partition3 - ok
18:28:49.0383 2796  [ C6E1C70369D39067E02D730B9FEC10C5 ] \Device\Harddisk1\DR1\Partition1
18:28:49.0383 2796  \Device\Harddisk1\DR1\Partition1 - ok
18:28:49.0383 2796  ============================================================
18:28:49.0383 2796  Scan finished
18:28:49.0383 2796  ============================================================
18:28:49.0399 2056  Detected object count: 3
18:28:49.0399 2056  Actual detected object count: 3
18:30:05.0808 2056  NxpCap64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:05.0808 2056  NxpCap64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:05.0808 2056  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:05.0808 2056  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:05.0808 2056  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:05.0808 2056  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:23.0975 0788  Deinitialize success

markusg 11.07.2013 17:38
Sieht gut aus.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

claudia123 11.07.2013 17:54
[CODECombofix Logfile:
Code:
ComboFix 13-07-11.03 - mezgerp 11.07.2013  18:44:33.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3893.2255 [GMT 2:00]
ausgeführt von:: c:\users\mezgerp\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2433f433
c:\users\mezgerp\AppData\Roaming\2433f433
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-11 bis 2013-07-11  ))))))))))))))))))))))))))))))
.
.
2013-07-11 16:50 . 2013-07-11 16:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-11 15:26 . 2013-07-11 15:26        --------        d-----w-        C:\FRST
2013-06-25 13:33 . 2013-06-25 13:33        --------        d-----w-        c:\program files (x86)\MarkAny
2013-06-24 11:39 . 2013-04-25 23:30        1505280        ----a-w-        c:\windows\SysWow64\d3d11.dll
2013-06-24 11:39 . 2013-03-31 22:52        1887232        ----a-w-        c:\windows\system32\d3d11.dll
2013-06-12 14:10 . 2013-05-08 06:39        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 10:00 . 2010-07-07 15:49        75825640        ----a-w-        c:\windows\system32\MRT.exe
2013-05-18 08:20 . 2010-06-24 18:33        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-04 11:47 . 2013-05-04 11:47        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-04 11:47 . 2013-05-04 11:47        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-05-04 11:47 . 2013-05-04 11:47        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-05-04 11:47 . 2013-05-04 11:47        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-04 11:47 . 2013-05-04 11:47        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-05-04 11:47 . 2013-05-04 11:47        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-05-04 11:47 . 2013-05-04 11:47        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-05-04 11:47 . 2013-05-04 11:47        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-05-04 11:47 . 2013-05-04 11:47        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-05-04 11:47 . 2013-05-04 11:47        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-05-04 11:47 . 2013-05-04 11:47        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-05-04 11:47 . 2013-05-04 11:47        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-05-04 11:47 . 2013-05-04 11:47        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-04 11:47 . 2013-05-04 11:47        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-05-04 11:47 . 2013-05-04 11:47        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-05-04 11:47 . 2013-05-04 11:47        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-05-04 11:47 . 2013-05-04 11:47        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-05-04 11:47 . 2013-05-04 11:47        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-05-04 11:47 . 2013-05-04 11:47        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-04 11:47 . 2013-05-04 11:47        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-05-04 11:47 . 2013-05-04 11:47        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-05-04 11:47 . 2013-05-04 11:47        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-05-04 11:47 . 2013-05-04 11:47        441856        ----a-w-        c:\windows\system32\html.iec
2013-05-04 11:47 . 2013-05-04 11:47        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-05-04 11:47 . 2013-05-04 11:47        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-05-04 11:47 . 2013-05-04 11:47        235008        ----a-w-        c:\windows\system32\url.dll
2013-05-04 11:47 . 2013-05-04 11:47        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-05-04 11:47 . 2013-05-04 11:47        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-05-04 11:47 . 2013-05-04 11:47        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-05-04 11:47 . 2013-05-04 11:47        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-04 11:47 . 2013-05-04 11:47        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-05-04 11:47 . 2013-05-04 11:47        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-04 11:47 . 2013-05-04 11:47        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-05-04 11:47 . 2013-05-04 11:47        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-04 11:47 . 2013-05-04 11:47        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-05-04 11:47 . 2013-05-04 11:47        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-04 11:47 . 2013-05-04 11:47        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-04 11:47 . 2013-05-04 11:47        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-04 11:47 . 2013-05-04 11:47        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-05-04 11:47 . 2013-05-04 11:47        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-04 11:47 . 2013-05-04 11:47        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-04 11:47 . 2013-05-04 11:47        149504        ----a-w-        c:\windows\system32\occache.dll
2013-05-04 11:47 . 2013-05-04 11:47        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-05-04 11:47 . 2013-05-04 11:47        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-05-04 11:47 . 2013-05-04 11:47        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-05-04 11:47 . 2013-05-04 11:47        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-04 11:47 . 2013-05-04 11:47        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-05-04 11:47 . 2013-05-04 11:47        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-05-04 11:47 . 2013-05-04 11:47        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-04 11:30 . 2013-05-04 11:30        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2013-05-04 11:30 . 2013-05-04 11:30        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-04 11:30 . 2013-05-04 11:30        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-04 11:30 . 2013-05-04 11:30        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-05-04 11:30 . 2013-05-04 11:30        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-05-04 11:30 . 2013-05-04 11:30        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-05-04 11:30 . 2013-05-04 11:30        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2013-05-04 11:30 . 2013-05-04 11:30        363008        ----a-w-        c:\windows\system32\dxgi.dll
2013-05-04 11:30 . 2013-05-04 11:30        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-05-04 11:30 . 2013-05-04 11:30        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-05-04 11:30 . 2013-05-04 11:30        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2013-05-04 11:30 . 2013-05-04 11:30        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-04 11:30 . 2013-05-04 11:30        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll
2013-05-04 11:30 . 2013-05-04 11:30        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-04 11:30 . 2013-05-04 11:30        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-05-04 11:30 . 2013-05-04 11:30        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-05-04 11:30 . 2013-05-04 11:30        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2013-05-04 11:30 . 2013-05-04 11:30        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-05-04 11:30 . 2013-05-04 11:30        1175552        ----a-w-        c:\windows\system32\FntCache.dll
2013-05-04 11:30 . 2013-05-04 11:30        1080832        ----a-w-        c:\windows\SysWow64\d3d10.dll
2013-05-04 11:30 . 2013-05-04 11:30        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2013-05-04 11:30 . 2013-05-04 11:30        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-05-04 11:30 . 2013-05-04 11:30        3419136        ----a-w-        c:\windows\SysWow64\d2d1.dll
2013-05-04 11:30 . 2013-05-04 11:30        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-05-04 11:30 . 2013-05-04 11:30        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2013-05-04 11:30 . 2013-05-04 11:30        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll
2013-05-04 11:30 . 2013-05-04 11:30        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-05-04 11:30 . 2013-05-04 11:30        221184        ----a-w-        c:\windows\system32\UIAnimation.dll
2013-05-04 11:30 . 2013-05-04 11:30        1988096        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2013-05-04 11:30 . 2013-05-04 11:30        194560        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-05-04 11:30 . 2013-05-04 11:30        187392        ----a-w-        c:\windows\SysWow64\UIAnimation.dll
2013-05-04 11:30 . 2013-05-04 11:30        1238528        ----a-w-        c:\windows\system32\d3d10.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08        87440        ----a-w-        c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-05-30 253952]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 fvnjrxdx;fvnjrxdx;c:\windows\system32\drivers\fvnjrxdx.sys;c:\windows\SYSNATIVE\drivers\fvnjrxdx.sys [x]
R1 lnqsfepf;lnqsfepf;c:\windows\system32\drivers\lnqsfepf.sys;c:\windows\SYSNATIVE\drivers\lnqsfepf.sys [x]
R1 rqttipne;rqttipne;c:\windows\system32\drivers\rqttipne.sys;c:\windows\SYSNATIVE\drivers\rqttipne.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R1 smsgiqvq;smsgiqvq;c:\windows\system32\drivers\smsgiqvq.sys;c:\windows\SYSNATIVE\drivers\smsgiqvq.sys [x]
R1 vggekkrm;vggekkrm;c:\windows\system32\drivers\vggekkrm.sys;c:\windows\SYSNATIVE\drivers\vggekkrm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x]
R3 NxpCap64;CTX capture service;c:\windows\system32\DRIVERS\NxpCap64.sys;c:\windows\SYSNATIVE\DRIVERS\NxpCap64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TrdCap64;CTX's capture service;c:\windows\system32\DRIVERS\TrdCap64.sys;c:\windows\SYSNATIVE\DRIVERS\TrdCap64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 19638516
*NewlyCreated* - 89294560
*Deregistered* - 19638516
*Deregistered* - 89294560
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-24 11:32        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 12:27]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 12:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11548264]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-11  18:53:29
ComboFix-quarantined-files.txt  2013-07-11 16:53
.
Vor Suchlauf: 9 Verzeichnis(se), 330.300.637.184 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 331.115.110.400 Bytes frei
.
- - End Of File - - 279468349A29BB449AE2177A8564CC45
--- --- ---
D41D8CD98F00B204E9800998ECF8427E
][/CODE]

markusg 11.07.2013 18:09
Hi,
es sind 2 Logs zu erstellen, poste sie möglichst gleichzeitig.
1.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.


neustarten.
2.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

claudia123 11.07.2013 18:11
was soll ich noch machen?

markusg 11.07.2013 18:23
steht doch da oder nicht...

claudia123 11.07.2013 18:24
in Arbeit!

markusg 11.07.2013 18:25
lass bitte solche zwischenposts weg, da weitere an den angehangen werden

claudia123 11.07.2013 20:24
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
mezgerp :: MEZGERP-PC [Administrator]

Schutz: Aktiviert

11.07.2013 19:23:22
mbam-log-2013-07-11 (19-23-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395356
Laufzeit: 1 Stunde(n), 48 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\mezgerp\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 11.07.2013 20:51
Hi
hatte ich dich nicht gebeten, beide Logs gleichzeitig zu posten, gab es Probleme dabei oder warum hast du das nicht so gemacht?
Denn wie ich oben gesagt hatte, wenn du die Logs bzw antworten einzeln postest, wird dann das nächste Mal weiteres an den vorherigen Post angehangen, und ich muss dann immer hier reingucken.
lies also bitte meine Anweisungen vernünftig durch.

claudia123 11.07.2013 21:12
Code:
ALLE pROGRAMME WERDEN BENÖTIGT!!!!!


Acrobat.com        Adobe Systems Incorporated        13.10.2010        1,60MB        1.6.65 alle werden benötigt!!  alle werden benötigt!!  alle werden benötigt!!
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh        Microsoft Corporation        05.11.2010        5,57MB        15.4.5722.2
Ad-Aware Browsing Protection        Lavasoft        16.06.2012                0.9.0.2
Ad-Aware Security Toolbar        Lavasoft        16.06.2012                2.1.0.20
Adobe AIR        Adobe Systems Inc.        27.10.2010                2.5.0.16600
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        21.01.2011        6,00MB        10.1.85.3
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        21.01.2011        6,00MB        10.1.85.3
Adobe Reader 9.5.5 MUI        Adobe Systems Incorporated        18.05.2013        656MB        9.5.5
ALDI SÜD Mah Jong                21.01.2011               
Ashampoo Burning Studio        ashampoo GmbH & Co. KG        02.11.2010        130MB        9.23.0
Ashampoo Photo Commander        ashampoo GmbH & Co. KG        02.11.2010        115MB        8.3.2
Ashampoo Photo Optimizer        ashampoo GmbH & Co. KG        02.11.2010        37,1MB        3.12.0
Ashampoo Snap        ashampoo GmbH & Co. KG        02.11.2010        29,7MB        3.4.1
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver        Atheros Communications Inc.        02.11.2010                1.0.0.27
AVG 2013        AVG Technologies        11.07.2013                2013.0.3349
CCleaner        Piriform        19.06.2013                4.03
Cisco EAP-FAST Module        Cisco Systems, Inc.        02.11.2010        1,55MB        2.2.14
Cisco LEAP Module        Cisco Systems, Inc.        02.11.2010        644KB        1.0.19
Cisco PEAP Module        Cisco Systems, Inc.        02.11.2010        1,23MB        1.1.6
Control ActiveX de Windows Live Mesh para conexiones remotas        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Controlo ActiveX do Windows Live Mesh para Ligações Remotas        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Contrôle ActiveX Windows Live Mesh pour connexions à distance        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
CorelDRAW Essentials 4        Corel Corporation        21.01.2011               
CorelDRAW Essentials 4 - Windows Shell Extension        Corel Corporation        21.01.2011        2,93MB       
CyberLink LabelPrint        CyberLink Corp.        06.11.2010        148MB        2.5.3418
CyberLink MediaShow        CyberLink Corp.        06.11.2010        251MB        5.0.1410a
CyberLink MediaShow Espresso        CyberLink Corp.        06.11.2010        82,0MB        5.5.1412_24021a
CyberLink PhotoNow        CyberLink Corp.        06.11.2010        21,8MB        1.1.0.6904
CyberLink Power2Go        CyberLink Corp.        06.11.2010        115MB        6.1.3802
CyberLink PowerDirector        CyberLink Corp.        06.11.2010        356MB        8.0.3224a
CyberLink PowerDVD 10        CyberLink Corp.        06.11.2010        184MB        10.0.2225
CyberLink PowerDVD Copy        CyberLink Corp.        06.11.2010        30,9MB        1.5.1306
CyberLink PowerProducer        CyberLink Corp.        06.11.2010        166MB        5.0.2.2429
CyberLink YouCam        CyberLink Corp.        06.11.2010        135MB        3.1.3428
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Google Chrome        Google Inc.        21.01.2011                28.0.1500.71
Google Toolbar for Internet Explorer        Google Inc.        25.06.2013                7.5.4209.2358
Haali Media Splitter                21.01.2011               
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        12.02.2011                8.15.10.2189
Intel(R) Management Engine Components        Intel Corporation        02.11.2010                6.0.0.1179
Intel(R) Rapid Storage Technology        Intel Corporation        02.11.2010                9.6.0.1014
Java(TM) 6 Update 22        Oracle        13.10.2010        97,0MB        6.0.220
Java(TM) 6 Update 22 (64-bit)        Oracle        13.10.2010        90,6MB        6.0.220
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Launch Manager        Wistron Corp.        02.11.2010                1.5.1.2
Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        11.07.2013        19,2MB        1.75.0.1300
Medion Home Cinema        CyberLink Corp.        06.11.2010        36,5MB        8.0.2213
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        26.03.2013        38,8MB        4.0.30320
Microsoft IntelliPoint 8.0        Microsoft        12.02.2011        37,9MB        8.0.225.0
Microsoft Office File Validation Add-In        Microsoft Corporation        18.12.2011        7,95MB        14.0.5130.5003
Microsoft Office Live Add-in 1.5        Microsoft Corporation        21.04.2012        508KB        2.0.4024.1
Microsoft Office Standard Edition 2003        Microsoft Corporation        11.07.2013        1,48GB        11.0.8173.0
Microsoft Silverlight        Microsoft Corporation        11.07.2013        100MB        5.1.20513.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        27.10.2010        1,69MB        3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        07.07.2010        260KB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        22.06.2011        300KB        8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        12.02.2011        212KB        9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        12.02.2011        200KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        16.06.2011        790KB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        16.06.2011        598KB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        06.11.2010        788KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        22.06.2011        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        06.11.2010        596KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        22.06.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.02.2012        16,5MB        10.0.40219
Moorhuhn Remake                12.02.2011                1.00.0000
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        07.07.2010        1,34MB        4.20.9876.0
MyFreeCodec                26.03.2013               
PlayReady PC Runtime amd64        Microsoft Corporation        21.01.2011        2,05MB        1.3.0
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        11.11.2010                6.0.1.6237
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        02.11.2010                6.1.7600.30121
REALTEK Wireless LAN Driver        REALTEK Semiconductor Corp.        02.11.2010                1.00.0148
Renesas Electronics USB 3.0 Host Controller Driver        Renesas Electronics Corporation        02.11.2010        1,00MB        2.0.26.0
Samsung Kies        Samsung Electronics Co., Ltd.        26.03.2013        158MB        2.5.2.13021_10
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        26.03.2013        33,8MB        1.5.18.0
Synaptics Pointing Device Driver        Synaptics Incorporated        02.11.2010                14.0.19.0
T-Mobile Internet Manager        Huawei Technologies Co.,Ltd        30.05.2011                11.301.05.00.108
Total Commander (Remove or Repair)        Ghisler Software GmbH        12.02.2011                7.50a
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Visual Studio 2010 x64 Redistributables        AVG Technologies        08.05.2013        12,4MB        13.0.0.1
Windows Live Essentials        Microsoft Corporation        27.10.2010                15.4.3502.0922
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Windows Live Mesh ActiveX Control for Remote Connections        Microsoft Corporation        27.10.2010        5,37MB        15.4.5722.2
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger        Microsoft Corporation        05.11.2010        5,57MB        15.4.5722.2
Windows Live Mesh ActiveX-objekt til fjernforbindelser        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz        Microsoft Corporation        27.10.2010        5,57MB        15.4.5722.2
Windows Live Meshin etäyhteyksien ActiveX-komponentti        Microsoft Corporation        05.11.2010        5,57MB        15.4.5722.2
Windows Media Encoder 9 Series                02.11.2010               
X10 Hardware(TM)                21.01.2011               
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις        Microsoft Corporation        27.10.2010        5,38MB        15.4.5722.2

markusg 11.07.2013 21:17
Hi, es sind wieder mehrere Arbeisschritte zu erledigen und Logs zu erstellen, poste sie gleichzeitig, in einem Post.

1.
das du dir Schadsoftware eingefangen hast, ist kein Wunder, da du einiges an veralteter Software nutzt, und damit sicherheitslücken offen hast.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
2.
Google Toolbar : Bitte nutze keine Toolbars, sie sind nur ein zusätzliches Risiko.
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:

Öffne bitte CCleaner, analysieren, starten, PC neustarten.

2.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Neustarten.
3.
HitmanPro - Download - Filepony
Hitmanpro laden, doppelklicken, Scan klicken.
Nichts löschen.
Weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen.

claudia123 11.07.2013 22:16
Code:
# AdwCleaner v2.303 - Datei am 11/07/2013 um 23:08:46 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : mezgerp - MEZGERP-PC
# Bootmodus : Normal
# Ausgeführt unter : F:\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.71

Datei : C:\Users\mezgerp\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [702 octets] - [11/07/2013 23:08:46]

########## EOF - C:\AdwCleaner[S2].txt - [761 octets] ##########

markusg 11.07.2013 22:16
hi
warum liest du meine Anleitungen nicht volslstnidg?

claudia123 11.07.2013 22:48
bekomme von HitmanPro den log nicht gespeichert.
Log speichern und posten, bzw als XML exportieren, packen und anhängen.
bin bei entfernungsergebnisse!

muss jetzt ins bett, werde morgen früh weiter machen. hitman pro is gelaufen bekomme es nicht hin mit der logfile.es ist auch nicht mein, rechner sondern der meiner schwester.
wenn ich darf, melde ich mich morgen wieder. vielen dank für ihre hilfe!

markusg 11.07.2013 23:23
Ja, aber ich hatte dich, auch schon vorhin, gebeten, die Logs immer gleichzeitig zu posten.
ok, dann also noch hitmanpro bitte :-)

claudia123 12.07.2013 09:11
[CODE
Code:
HitmanPro 3.7.6.201
www.hitmanpro.com

  Computer name . . . . : MEZGERP-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : mezgerp-PC\mezgerp
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-07-12 00:02:14
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 5m 32s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 8

  Objects scanned . . . : 1.590.021
  Files scanned . . . . : 22.879
  Remnants scanned  . . : 468.503 files / 1.098.639 keys

Cookies _____________________________________________________________________

  C:\Users\mezgerp\AppData\Roaming\Microsoft\Windows\Cookies\SK0IPAH4.txt
]AdwCleaner Logfile:
Code:
# AdwCleaner v2.305 - Datei am 12/07/2013 um 09:48:32 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : mezgerp - MEZGERP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\mezgerp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9AR1S7ZQ\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.71

Datei : C:\Users\mezgerp\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.27] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Gelöscht [l.30] : keyword = "isearch.avg.com",
Gelöscht [l.34] : search_url = "hxxp://isearch.avg.com/search?cid={857CE5D9-0EAD-4EEC-A296-57F60464797A}&mid=18[...]

*************************

AdwCleaner[S2].txt - [829 octets] - [11/07/2013 23:08:46]
AdwCleaner[S3].txt - [1059 octets] - [12/07/2013 09:48:32]

########## EOF - C:\AdwCleaner[S3].txt - [1119 octets] ##########
--- --- ---

markusg 12.07.2013 11:25
Sieht gut aus.
abschließener Scan:


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

claudia123 12.07.2013 14:39
Code:
OTL logfile created on: 12.07.2013 15:15:52 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mezgerp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 66,19% Memory free
7,60 Gb Paging File | 6,18 Gb Available in Paging File | 81,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350,86 Gb Total Space | 309,45 Gb Free Space | 88,20% Space Free | Partition Type: NTFS
Drive D: | 244,21 Gb Total Space | 152,87 Gb Free Space | 62,60% Space Free | Partition Type: NTFS
 
Computer Name: MEZGERP-PC | User Name: mezgerp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.12 15:05:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mezgerp\Downloads\OTL.exe
PRC - [2013.05.23 08:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.05.23 08:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.05.30 19:51:55 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2010.06.21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2010.04.27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\mezgerp\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009.12.14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2009.12.12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.11 20:14:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\83cfe0422e7e54f3f00107c15a63f1b4\System.ServiceProcess.ni.dll
MOD - [2013.07.11 20:12:14 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6da2afd0e57708d41892d9d3e32ba5a3\System.Xaml.ni.dll
MOD - [2013.07.11 19:10:50 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f3770f9a13d7516e4c03f23dbd319cba\PresentationFramework.ni.dll
MOD - [2013.07.11 19:10:38 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4572de8445038600e4552429b18fbe32\PresentationCore.ni.dll
MOD - [2013.07.11 19:10:30 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\64b92e2a22bb8c1e86486bd22828acc5\System.Core.ni.dll
MOD - [2013.07.11 19:10:26 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c1c41a9e1a25999e74defafecb2aa0bc\System.Xml.ni.dll
MOD - [2013.07.11 19:10:25 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\112f6448b7434699af4bcc05f25ce12b\WindowsBase.ni.dll
MOD - [2013.07.11 19:10:22 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7546a01feb9d477570b883eec56cc673\System.Configuration.ni.dll
MOD - [2013.07.11 19:10:21 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\89445d5b924ad94744d00f1b6cd2285d\System.ni.dll
MOD - [2013.07.11 19:01:45 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.07.11 23:19:56 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013.07.11 23:37:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009.10.23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.07.12 11:01:31 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.07.12 11:01:31 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.07.12 11:01:31 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.29 05:07:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.09.30 13:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 13:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.21 17:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.06.21 15:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.09 14:00:50 | 001,887,528 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TrdCap64.sys -- (TrdCap64)
DRV:64bit: - [2010.05.24 15:46:36 | 000,246,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.04 17:53:02 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.02 13:25:26 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.02.27 05:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.04 13:54:32 | 001,888,864 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NxpCap64.sys -- (NxpCap64)
DRV:64bit: - [2009.12.11 05:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.24 11:52:34 | 000,913,888 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2009.09.18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 21:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009.05.13 21:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {2076543D-4ACB-4501-99AF-DC0E40F9E09A}
IE - HKCU\..\SearchScopes\{2076543D-4ACB-4501-99AF-DC0E40F9E09A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\mezgerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\mezgerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\mezgerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Google Mail = C:\Users\mezgerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.07.11 18:50:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A58F1BE4-2027-4CFF-B157-6343B05A3205}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8106F6C-9E37-4D23-854A-30BD648D9ED5}: DhcpNameServer = 192.168.179.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACDDD6D-7582-439D-BAF8-D10DF1EC4919}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.12 11:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.07.12 11:01:23 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.07.12 11:01:21 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.07.12 11:01:19 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.07.12 11:01:17 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.07.12 11:01:17 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.07.12 11:01:17 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.07.12 11:01:17 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.07.12 11:00:59 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.07.12 11:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.07.12 11:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.07.12 10:42:40 | 000,000,000 | ---D | C] -- C:\Users\mezgerp\AppData\Local\Avg2013
[2013.07.12 08:31:06 | 000,000,000 | ---D | C] -- C:\Users\mezgerp\AVM_Driver
[2013.07.12 08:29:25 | 000,000,000 | ---D | C] -- C:\Users\mezgerp\AppData\Local\ElevatedDiagnostics
[2013.07.11 23:37:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.07.11 23:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.11 23:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.07.11 23:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.07.11 23:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.07.11 21:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.07.11 21:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.07.11 21:24:52 | 004,396,440 | ---- | C] (Piriform Ltd) -- C:\Users\mezgerp\Desktop\ccsetup403.exe
[2013.07.11 19:21:17 | 000,000,000 | ---D | C] -- C:\Users\mezgerp\AppData\Roaming\Malwarebytes
[2013.07.11 19:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.11 19:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.11 19:21:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.11 19:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.11 19:20:38 | 000,000,000 | ---D | C] -- C:\Users\mezgerp\AppData\Local\Programs
[2013.07.11 19:19:11 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\mezgerp\Desktop\mbam-setup-1.75.0.1300.exe
[2013.07.11 19:15:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.11 18:53:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.11 18:43:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.11 18:43:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.11 18:43:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.11 18:43:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.11 18:43:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.11 18:40:14 | 005,087,831 | R--- | C] (Swearware) -- C:\Users\mezgerp\Desktop\ComboFix.exe
[2013.07.11 18:25:46 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mezgerp\Desktop\tdsskiller.exe
[2013.07.11 17:26:02 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.25 16:28:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.06.25 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.12 14:43:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.12 14:42:06 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.12 14:42:06 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.12 14:34:43 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.12 14:32:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.12 14:32:34 | 3061,960,704 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.12 11:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.12 11:01:31 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.07.12 11:01:31 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.07.12 11:01:31 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.07.12 11:01:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.07.12 11:01:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.07.12 11:01:31 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.07.12 11:01:25 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.07.12 11:01:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.07.12 11:00:35 | 117,478,104 | ---- | M] () -- C:\Users\mezgerp\Desktop\avast_free_antivirus_setup_8.0.1489.300.exe
[2013.07.12 10:39:57 | 000,000,000 | ---- | M] () -- C:\Users\mezgerp\Desktop\9-delfix.cyxtyc7.partial
[2013.07.12 00:02:14 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.11 23:34:03 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.11 21:26:11 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.11 21:25:20 | 004,396,440 | ---- | M] (Piriform Ltd) -- C:\Users\mezgerp\Desktop\ccsetup403.exe
[2013.07.11 20:52:00 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.11 19:21:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.11 19:20:29 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\mezgerp\Desktop\mbam-setup-1.75.0.1300.exe
[2013.07.11 19:15:26 | 000,323,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 19:09:23 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.11 19:09:23 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.11 19:09:23 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.11 19:09:23 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.11 19:09:23 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 18:50:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.11 18:40:52 | 005,087,831 | R--- | M] (Swearware) -- C:\Users\mezgerp\Desktop\ComboFix.exe
[2013.07.11 18:25:55 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mezgerp\Desktop\tdsskiller.exe
 
========== Files Created - No Company Name ==========
 
[2013.07.12 11:01:31 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.07.12 11:01:31 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.07.12 11:01:31 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.07.12 11:01:25 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.07.12 11:01:17 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.07.12 11:01:17 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.07.12 11:01:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.07.12 10:50:57 | 117,478,104 | ---- | C] () -- C:\Users\mezgerp\Desktop\avast_free_antivirus_setup_8.0.1489.300.exe
[2013.07.12 10:39:57 | 000,000,000 | ---- | C] () -- C:\Users\mezgerp\Desktop\9-delfix.cyxtyc7.partial
[2013.07.11 23:37:41 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.11 23:34:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.07.11 23:34:03 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.11 23:19:56 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.11 21:26:11 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.11 19:21:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.11 18:43:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.11 18:43:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.11 18:43:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.11 18:43:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.11 18:43:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.07.05 12:26:26 | 000,033,134 | ---- | C] () -- C:\Users\mezgerp\AppData\Roaming\UserTile.png
[2011.06.02 08:20:14 | 000,000,000 | ---- | C] () -- C:\Users\mezgerp\AppData\Local\{73F18130-707F-4AE0-BF78-546CDFB9FA16}
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.23 17:04:50 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\Ad-Aware Antivirus
[2012.06.16 14:15:49 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\GHISLER
[2013.05.27 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\Samsung
[2011.02.12 15:25:14 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\SoftGrid Client
[2011.05.30 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\T-Mobile
[2012.06.16 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\T-Mobile Internet Manager
[2011.12.07 10:47:22 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\Tific
[2011.02.12 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\TP
[2012.02.13 21:06:07 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\TuneUp Software
[2011.02.14 12:45:58 | 000,000,000 | ---D | M] -- C:\Users\mezgerp\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.07.11 19:15:39 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.03.09 20:23:46 | 000,000,000 | ---D | M] -- C:\21647856bb5ac8cf5701
[2013.07.12 11:02:07 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011.01.21 14:24:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.07.11 17:26:02 | 000,000,000 | ---D | M] -- C:\FRST
[2010.11.11 12:12:26 | 000,000,000 | ---D | M] -- C:\Intel
[2011.02.12 13:49:14 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013.07.12 11:00:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.12 11:02:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.07.12 11:00:39 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013.07.11 18:53:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.01.21 14:24:45 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.07.12 15:17:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.12 12:35:58 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011.01.21 14:29:49 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.12 11:00:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.21 14:27:14 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.01.21 14:27:15 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.07.11 23:37:41 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.07.12 15:30:40 | 002,097,152 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat
[2013.07.12 15:30:40 | 000,262,144 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat.LOG1
[2011.01.21 14:29:52 | 000,000,000 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat.LOG2
[2011.04.16 01:01:13 | 000,065,536 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat{00153b60-679e-11e0-8679-00262dc3a34d}.TM.blf
[2011.04.16 01:01:13 | 000,524,288 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat{00153b60-679e-11e0-8679-00262dc3a34d}.TMContainer00000000000000000001.regtrans-ms
[2011.04.16 01:01:13 | 000,524,288 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat{00153b60-679e-11e0-8679-00262dc3a34d}.TMContainer00000000000000000002.regtrans-ms
[2011.01.21 14:56:32 | 000,065,536 | -HS- | M] () -- C:\Users\mezgerp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.01.21 14:56:32 | 000,524,288 | -HS- | M] () -- C:\Users\mezgerp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.01.21 14:56:32 | 000,524,288 | -HS- | M] () -- C:\Users\mezgerp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.16 14:42:22 | 000,065,536 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat{59ff0022-b7ab-11e1-8078-485d60d3d1c6}.TM.blf
[2012.06.16 14:42:22 | 000,524,288 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat{59ff0022-b7ab-11e1-8078-485d60d3d1c6}.TMContainer00000000000000000001.regtrans-ms
[2012.06.16 14:42:22 | 000,524,288 | -HS- | M] () -- C:\Users\mezgerp\ntuser.dat{59ff0022-b7ab-11e1-8078-485d60d3d1c6}.TMContainer00000000000000000002.regtrans-ms
[2011.01.21 14:29:52 | 000,000,020 | -HS- | M] () -- C:\Users\mezgerp\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
Code:
OTL Extras logfile created on: 12.07.2013 15:15:52 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mezgerp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 66,19% Memory free
7,60 Gb Paging File | 6,18 Gb Available in Paging File | 81,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350,86 Gb Total Space | 309,45 Gb Free Space | 88,20% Space Free | Partition Type: NTFS
Drive D: | 244,21 Gb Total Space | 152,87 Gb Free Space | 62,60% Space Free | Partition Type: NTFS
 
Computer Name: MEZGERP-PC | User Name: mezgerp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009DC3FC-6E55-4183-AE16-7F08FC3414F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{110E8BBD-D637-4E8C-9D43-49F68FD57C6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1459A167-ED94-4B5A-99AE-B166ADA7C322}" = lport=138 | protocol=17 | dir=in | app=system |
"{2327F669-8C9A-4F91-876D-900D9D7A5F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{256166FC-8950-4696-BF8C-9072A665B114}" = lport=139 | protocol=6 | dir=in | app=system |
"{30CDB51D-1CCC-4299-BCC5-3674998A10E4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{486BE303-6B44-4C37-BEF2-38328157620B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49946918-FD32-45DF-9EB6-E24573F376F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FBDFE19-0582-43E2-90BD-156014D68405}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{501BF770-DA3C-48D9-9476-A85B30D15AD6}" = rport=138 | protocol=17 | dir=out | app=system |
"{57116D19-EFFC-497C-85AE-FFB77C38D2B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5959C801-B7DC-4811-9474-8B4051834EB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{60C3B770-09BC-4C7B-8668-B8021CCCFD03}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{73F8D6C3-DE13-442A-8C2B-AE68AD8D721C}" = rport=445 | protocol=6 | dir=out | app=system |
"{8BC201FE-80E1-4144-B4C6-9C7FEA8182CA}" = rport=137 | protocol=17 | dir=out | app=system |
"{8D53133A-072D-448E-909E-BB931FB8479F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0C666EC-FE94-454A-A07F-7631BD403C3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC44035D-C533-4BBE-97C6-87608AFB0342}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA4C736D-409D-48DE-8DE9-919473C1EC61}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DE2D0AD6-18D3-4B26-9538-1A1EAF159752}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE6F2536-2344-415C-B08F-326EBFD4E00C}" = lport=445 | protocol=6 | dir=in | app=system |
"{F5216918-F426-4B71-AC62-E0B2B6EB1EB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{FDA97021-57D3-4AFC-A741-1A664B39A26D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08998524-E564-46A9-8D32-7DC563FB0AF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09792218-C1B5-4AA1-B323-C2C8817423C0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0A9B634A-8CBA-40B2-96A6-CCE5B5D1BD41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1148C6A1-7F94-4698-9390-BFCA9EE07263}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{1239EB51-E31D-408F-B4B4-53A7FFCE77AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1FA3154B-A34A-4B1C-937B-74527E51BD9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32D707E3-FAB1-4573-8865-2E37C95DB51F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3CAFD0B2-3EFA-4576-85BC-49160180B441}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E8CFA13-042D-499B-AE59-0128C038DD36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{426313A8-440C-4C53-9394-51F52B67720B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52071203-D766-4782-8E4A-B00C325D9683}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{527D6255-00C0-4DA0-8334-B34021A78472}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57A9E411-0F35-402C-A8F5-AB0AB45EBFF8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F4CAED1-83C6-4ED3-AE28-70FBB9939F85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{76E998E6-3104-4769-AD32-EF6E6AE7073C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7C2B645B-A371-4813-9933-7635508D8E29}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C8D34E4-B38B-4614-82A1-94C74ECBBE9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A517735B-807B-47FE-927D-F8A14C0AD1E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A58F06D3-A7B0-43C4-BF37-3E26D253662B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{BFB92C75-8301-4DF2-BCEA-EBAE46CCE371}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{D9940365-25D1-4334-A74B-FEE76F0CD387}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E0893900-E3DC-4855-AFEF-1D062A8B4001}" = protocol=6 | dir=out | app=system |
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EB2FF2F4-32CC-4D3C-896C-6CFE876B9FEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC558448-ED9C-434D-9173-59FDC2748551}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{F74BFBA8-DFD6-464B-88C4-CC67614CD723}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F74E336B-699E-4631-B9FF-CE716BD89FA7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.09.2012 05:21:20 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 01.10.2012 04:35:24 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 10.10.2012 09:12:57 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 16.10.2012 09:31:25 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 21.10.2012 17:05:50 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 29.10.2012 02:32:35 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 05.11.2012 00:36:05 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 13.11.2012 08:38:40 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 21.11.2012 00:06:55 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 26.11.2012 10:06:41 | Computer Name = mezgerp-PC | Source = Windows Backup | ID = 4103
Description =
 
[ System Events ]
Error - 12.07.2013 02:13:39 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 12.07.2013 03:23:21 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 12.07.2013 03:24:49 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 12.07.2013 03:36:52 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 12.07.2013 03:38:19 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 12.07.2013 03:49:09 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 12.07.2013 03:50:37 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 12.07.2013 04:37:33 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 12.07.2013 04:47:04 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 12.07.2013 08:34:02 | Computer Name = mezgerp-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
 
< End of report >

markusg 12.07.2013 14:50
Hi,
1.
bitte mal AVGsearch aus google löschen:
https://support.google.com/chrome/answer/95653?hl=en
sodass nur noch google angezeigt wird.
2. adaware kann auf jeden fall auch weg. es ist nutzlos sich möglichst viel Sicherheitssoftware zu instalieren, wenn man z.B. keine Sicherheitslücken schließt...
und wenn man das tut, braucht man auch nicht mehr viel Sicherheitssoftware :-)
wieso wurde heute avg und avast instaliert...? davon stand hier nichts.

3.
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

claudia123 12.07.2013 15:55
AVG wurde deinstalliert!
dafür AVST rauf ist besser!

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
File hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
File hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: mezgerp
->Temp folder emptied: 416703 bytes
->Temporary Internet Files folder emptied: 8755343 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 15199214 bytes
->Flash cache emptied: 506 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9563 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 23,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07122013_164221

Files\Folders moved on Reboot...
C:\Users\mezgerp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\mezgerp\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
GoogleToolbarNotifier in Google!

läuft alles gut!

markusg 12.07.2013 17:14
Hi,
schau mal ob du die noch deinstaliert bekommst:
https://support.google.com/toolbar/answer/9231?hl=de

claudia123 12.07.2013 17:32
hab ich doch geloschen!
in die mails komme ich nicht rein!
es ist nicht mein pc! denke aber das diese
alle gelöschen sind! kann man sie was auch fragen
über pc Sicherheit?

markusg 12.07.2013 17:39
Hi,
frag erst mal den Nutzer, ob ihm noch was auffällt, absichern werden wir dann noch :-)
Und sie ist auch nicht nötig, du geht klar.

claudia123 12.07.2013 18:04
wie sichert man einen rechner ab, wenn der jenige
immer wieder in seiten rein geht(pxxxo,xude, usw..)
obwohl man es im das er fängt sich nur Trojaner und vieren
damit einfängt! die email sind geloschen worden!

man kann es ihm auch nicht verbieten! muss er selber wissen!
wenn der rechner jetzt clean ist, und das Laptop läuft, werden
bestimmt wieder solche(normale pxxno) seiten aufgerufen! wie sichert man den am besten ab?

der kennt sich sowieso nicht aus, dem fällt nichts auf.
mir selber fällt auch nichts mehr auf, der rechner läuft
einwandfrei!

wie sichert man einen rechner ab, wenn der jenige
immer wieder in seiten rein geht(pxxxo,xude, usw..)
obwohl man es im sagt: das er sich nur trojaner und vieren
damit einfängt!

das ist meiner schwester ihr mann, der schämt
sich natürlich bei mir und würde das mir nicht sagen,
dass er in solchen seiten immer wieder reinschaut. davon
abgesehen, darf ich das garnicht wissen! der pc
ist bis vor 2 Monaten immer gut gelaufen und hatte keine
sicherheitslücken, vor 1 Monat hatte er das erstemal so
einen Trojaner drauf, dem ihm ein pc-fachmann wieder clean
gemacht hat. aber nicht die softwear aktualiesiert hat wie
du berichtet hast. anscheinend muss er auch den pc total
abgesichert haben wie meine schwester mir sagte? avg war
drauf das ich deinstalliert habe
und dafür avast geladen habe und auch einen schlüssel für
ihm kaufen muss! was meinst du dazu?

sind wir fertig?

das ich, das laptop mit deiner hilfe reinige weiß er! ist auch sehr dankbar für deine hilfe. der fachmann war kein fachmann, sonder einer so wie ich, hat er mir gebeichtet.

danke!

der rechner läuft ganz normal wieder, hast du noch
tips für den rechner zwecks vieren und trojaner
(absichern angriffe). wenn nicht, werde ich heute
das laptop den eigentümer zurückbringen. danke

Tr... Mi... Maximum Sec..... ist das zum empfehlen, oder doch Av...?
endschuldigung wenn ich irgendwas geschrieben habe was hier nicht
hingehört, kenne mich noch nicht so aus. meine des ja nur weil du dich nicht mehr meldest!

claudia123 15.07.2013 17:32
was ist los?????? warum meldest du dich nicht mehr?

schrauber 20.07.2013 10:17
Hi,

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30