Trojaner-Board - Entfernung des Ukash Trojaners und Dateiwiederherstellung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Entfernung des Ukash Trojaners und Dateiwiederherstellung (https://www.trojaner-board.de/117336-entfernung-ukash-trojaners-dateiwiederherstellung.html)

Entfernung des Ukash Trojaners und Dateiwiederherstellung

Hallo ich habe seit kurzem einen Ukash Trojaner der Versoin 2.06. Ich habe bereits einige Schritte eingeleitet bevor ich auf dieses Forum gestoßen bin und bräuchte jetzt weitere Hilfe da ich befürchte das der Trojaner nicht ganz erledigt ist. Mein Virenprogramm Microsoft Security Essential hab im abgesicherten Modus mit Eingabe bereits die Ausführung des Trojaners nach einem vollständigen Scan unterbunden. So konnte ich meinen Rechner normal starten und theoretisch wieder mit ihm arbeiten. Nach einer Aktualisierung des Scanners und einem weiteren vollständigen Scan habe ich alle gefundenen Elemente gelöscht.
Jetzt habe ich aus Angst das der Trojaner noch da ist die beschriebenen Schritte durchgeführt..
Im Anhang sind die entsprechenden Datein. Was soll ich jetzt tun????:confused: :heulen:LG Lisa

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Ok erstmal vielen Dank für die Antwort, habe alles so gamacht wie beschrieben hier die Logs. Hoffe es geht so manchmal bin ich leider etwas unbrauchbar daher kein Code-Tag. Ich habs als Anhang..

Code:

C:\Users\Liz\AppData\Local\Temp\miaE282.tmp\data\OFFLINE\873987EB\53DCF9F9\registrybooster.exe

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Code:

C:\Bildbearbeitung\SoftonicDownloader_fuer_gimp.exe

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Also auf dem Desktop vermisse ich weder Ordner noch Anwendungen oder Ordnerinhalte. Ich kann den normalen Modus von Windows wieder benutzen. Soweit ich weiß funktionieren alle Anwendungen wobei ich bei meinem Bildbearbeitungsprogramm also Gimp (das ich mit Softonic runtergeladen habe) eine kleine Aufbauveränderung bemerkt habe (kein Fuktionsverlust sieht eher nach ner neueren Version aus). Aber alle Datein also Bilder, Dokumente und Musik in verschiedensten Ordner sind locked und somit nicht zu öffnen. Auch neu angelegte Dokumente beispielsweise werden sofort nach dem abspeichern locked.

Noch kurz zum registry cleaner ich hab ehrlich gesagt keine Ahnung wo der herkommt. Wissentlich also mutwillig oder ähnliches hab ich den mir sicher nicht geholt. Hängt der bei irgendwas mir dran sodass er einfach mit gedownloaded wird bei einer Anwendung oder etc.??

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ok hier ist es:

Code:

OTL logfile created on: 20.06.2012 16:22:39 - Run 2

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Liz\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,87 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 33,64% Memory free

7,73 Gb Paging File | 4,16 Gb Available in Paging File | 53,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284,90 Gb Total Space | 84,87 Gb Free Space | 29,79% Space Free | Partition Type: NTFS

Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS

Drive E: | 99,34 Mb Total Space | 95,41 Mb Free Space | 96,05% Space Free | Partition Type: FAT32

Unable to calculate disk information.

 

Computer Name: LIZ-PC | User Name: Liz | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.14 17:20:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe

PRC - [2012.05.04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.14 20:36:25 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll

MOD - [2012.06.14 20:35:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012.06.14 20:35:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012.06.14 20:35:15 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll

MOD - [2012.05.18 12:52:59 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll

MOD - [2012.05.09 16:50:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll

MOD - [2012.05.09 16:50:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll

MOD - [2012.05.09 16:50:04 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll

MOD - [2012.05.09 16:49:29 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5e398c245811fe932ce6bcf68664e307\UIAutomationTypes.ni.dll

MOD - [2012.05.09 16:49:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll

MOD - [2012.05.09 16:49:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012.05.09 16:49:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012.05.09 16:49:07 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012.05.09 16:49:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2011.09.18 13:19:32 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2010.01.24 12:30:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll

MOD - [2010.01.24 12:30:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll

MOD - [2010.01.24 12:30:15 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.10.16 13:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2009.10.16 13:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2009.10.16 13:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2009.09.29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2009.09.29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2009.09.29 16:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2009.09.29 16:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2009.09.29 16:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2009.09.29 16:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2009.09.29 16:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2009.09.29 16:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011.06.21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)

SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.11.03 20:59:04 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.10.24 03:53:00 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009.10.05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006&st=10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gerhart-hauptmann-gymnasium.de/

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=7a2ec57c00000000000078e400168768

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=931b3d9c-75d5-440a-a6d3-6063ede3a1b7&apn_sauid=74633C05-283D-4941-9754-8972F9C550ED

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Liz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.25 19:39:58 | 000,000,000 | ---D | M]

 

[2012.05.29 16:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 File not found

O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 40.8.1.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7AC60A-6F36-452C-83E6-B7276A634670}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{34A028E3-EB05-4902-83B8-5AAE0C5EDB32} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)

Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)

Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yvu9 - C:\Windows\SysWow64\Iyvu9_32.dll ()

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.18 18:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.18 14:48:13 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Malwarebytes

[2012.06.18 14:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.18 14:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.18 14:47:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.18 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.14 18:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.06.14 18:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.06.14 17:40:15 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com

[2012.06.14 17:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer

[2012.06.14 17:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer

[2012.06.14 17:37:27 | 000,937,024 | ---- | C] (ShadowExplorer.com                                          ) -- C:\Users\Liz\Desktop\ShadowExplorer-0.8-setup.exe

[2012.06.14 17:20:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe

[2012.05.29 18:50:48 | 000,000,000 | ---D | C] -- C:\Users\Liz\Desktop\Hausarbeit GEO

[2012.05.29 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\Sony

[2012.05.29 16:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic

[2012.05.29 16:34:18 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll

[2012.05.29 16:33:00 | 001,671,128 | ---- | C] (Softonic) -- C:\Users\Liz\Desktop\Softonic_ggl_1.5.21.0.exe

[2012.05.29 16:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

[2012.05.29 16:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

[2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony

[2012.05.29 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Local\APN

[2012.05.29 16:27:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Sony

[2012.05.28 18:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM

[2012.05.28 18:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.20 16:25:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.20 16:25:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.20 16:18:38 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.20 16:18:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.20 16:18:18 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.19 19:35:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.18 18:09:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLiz.job

[2012.06.18 14:48:01 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.18 14:13:23 | 000,000,147 | ---- | M] () -- C:\Windows\system32err.xml

[2012.06.14 20:34:15 | 000,394,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.14 18:21:48 | 000,015,363 | ---- | M] () -- C:\Users\Liz\Desktop\Extras.rar

[2012.06.14 18:06:22 | 001,110,476 | ---- | M] () -- C:\Users\Liz\Desktop\7z920.exe

[2012.06.14 17:39:58 | 000,001,845 | ---- | M] () -- C:\Users\Liz\Desktop\ShadowExplorer.lnk

[2012.06.14 17:37:27 | 000,937,024 | ---- | M] (ShadowExplorer.com                                          ) -- C:\Users\Liz\Desktop\ShadowExplorer-0.8-setup.exe

[2012.06.14 17:20:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe

[2012.06.14 17:19:37 | 000,000,000 | ---- | M] () -- C:\Users\Liz\defogger_reenable

[2012.06.14 09:55:49 | 001,478,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.14 09:55:49 | 000,645,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.14 09:55:49 | 000,609,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.14 09:55:49 | 000,127,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.14 09:55:49 | 000,104,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.07 15:18:22 | 000,000,680 | ---- | M] () -- C:\Users\Liz\locked-ntuser.pol.bzis

[2012.06.07 15:17:37 | 000,010,240 | ---- | M] () -- C:\Users\Liz\Documents\locked-Öffnungszeiten Bahnhof WR.wps.pnsc

[2012.06.07 15:17:33 | 000,025,770 | ---- | M] () -- C:\Users\Liz\Documents\locked-Weil ich das Herz dazu habe!.odt.lbhr

[2012.06.07 15:17:33 | 000,002,676 | ---- | M] () -- C:\Users\Liz\Documents\locked-Vegas Pro registrieren.htm.bzbz

[2012.06.07 15:17:32 | 000,027,136 | ---- | M] () -- C:\Users\Liz\Documents\locked-Turba Insula-Primo Aduento Menses.wps.xxon

[2012.06.07 15:17:30 | 000,673,280 | ---- | M] () -- C:\Users\Liz\Documents\locked-sbk-we in werni.wps.irbi

[2012.06.07 15:17:30 | 000,194,540 | ---- | M] () -- C:\Users\Liz\Documents\locked-Schueler-Test-Ergebnis_Hofmann.pdf.xjox

[2012.06.07 15:17:28 | 000,016,896 | ---- | M] () -- C:\Users\Liz\Documents\locked-Praktikumsbericht.wps.zzhz

[2012.06.07 15:17:20 | 000,175,599 | ---- | M] () -- C:\Users\Liz\Documents\locked-Muttizettel.pdf.tqxq

[2012.06.07 15:17:20 | 000,002,301 | ---- | M] () -- C:\Users\Liz\Documents\locked-Neue Datenbank.odb.lrhr

[2012.06.07 15:16:17 | 000,040,448 | ---- | M] () -- C:\Users\Liz\Documents\locked-Mein Leben mit dem Herr.wps.qonj

[2012.06.07 15:16:16 | 000,020,489 | ---- | M] () -- C:\Users\Liz\Documents\locked-hörspiel.odt.qnnf

[2012.06.07 15:16:16 | 000,009,728 | ---- | M] () -- C:\Users\Liz\Documents\locked-Gedicht.wps.aeaa

[2012.06.07 15:15:44 | 000,013,312 | ---- | M] () -- C:\Users\Liz\Documents\locked-Bewerbung.wps.nrss

[2012.06.07 15:15:44 | 000,012,288 | ---- | M] () -- C:\Users\Liz\Documents\locked-Christologie.wps.libi

[2012.06.07 15:15:42 | 001,671,128 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Softonic_ggl_1.5.21.0.exe.eglu

[2012.06.07 15:15:42 | 000,033,551 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Rinces Gewichtstabelle Damen.ods.apal

[2012.06.07 15:15:42 | 000,013,596 | ---- | M] () -- C:\Users\Liz\Desktop\locked-reisevollmacht_deutsch.pdf.puar

[2012.06.07 15:15:42 | 000,010,752 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Reisevollmacht.wps.kkyp

[2012.06.07 15:15:42 | 000,000,195 | ---- | M] () -- C:\Users\Liz\Desktop\locked-SweetPcFix.url.znhb

[2012.06.07 15:15:41 | 665,127,020 | ---- | M] () -- C:\Users\Liz\Desktop\locked-P1280038.AVI.dofq

[2012.06.07 15:15:41 | 1179,021,868 | ---- | M] () -- C:\Users\Liz\Desktop\locked-P5280045.AVI.ggru

[2012.06.07 15:15:41 | 000,011,497 | ---- | M] () -- C:\Users\Liz\Desktop\locked-reisevollmacht TAB.odt.ulvr

[2012.06.07 15:15:34 | 003,894,873 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Deutsch Romantik.odp.shli

[2012.06.07 15:15:34 | 002,682,410 | ---- | M] () -- C:\Users\Liz\locked-Derenburg neu Dari.jpg.tojf

[2012.06.07 15:15:34 | 000,010,267 | ---- | M] () -- C:\Users\Liz\Desktop\locked-Abnehmen.ods.wfwe

[2012.06.07 15:15:02 | 000,001,854 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\locked-GhostObjGAFix.xml.lblr

[2012.06.07 15:12:50 | 000,072,185 | ---- | M] () -- C:\Users\Liz\locked-.recently-used.xbel.vgpe

[2012.05.29 16:35:37 | 000,000,111 | ---- | M] () -- C:\user.js

[2012.05.29 16:34:18 | 000,001,199 | ---- | M] () -- C:\Users\Liz\Desktop\DVDVideoSoft Free Studio.lnk

[2012.05.29 16:34:18 | 000,001,188 | ---- | M] () -- C:\Users\Liz\Desktop\Free Video Dub.lnk

[2012.05.29 16:33:31 | 001,671,128 | ---- | M] (Softonic) -- C:\Users\Liz\Desktop\Softonic_ggl_1.5.21.0.exe

[2012.05.29 11:45:17 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLIZ-PC$.job

[2012.05.27 15:45:07 | 000,011,788 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\wklnhst.dat

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.18 14:48:01 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.14 18:21:45 | 000,015,363 | ---- | C] () -- C:\Users\Liz\Desktop\Extras.rar

[2012.06.14 18:06:21 | 001,110,476 | ---- | C] () -- C:\Users\Liz\Desktop\7z920.exe

[2012.06.14 17:39:58 | 000,001,845 | ---- | C] () -- C:\Users\Liz\Desktop\ShadowExplorer.lnk

[2012.06.14 17:19:37 | 000,000,000 | ---- | C] () -- C:\Users\Liz\defogger_reenable

[2012.06.04 18:13:30 | 000,072,185 | ---- | C] () -- C:\Users\Liz\locked-.recently-used.xbel.vgpe

[2012.06.03 17:35:38 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLiz.job

[2012.06.02 15:04:01 | 000,002,301 | ---- | C] () -- C:\Users\Liz\Documents\locked-Neue Datenbank.odb.lrhr

[2012.05.29 16:59:50 | 000,002,676 | ---- | C] () -- C:\Users\Liz\Documents\locked-Vegas Pro registrieren.htm.bzbz

[2012.05.29 16:35:37 | 000,000,111 | ---- | C] () -- C:\user.js

[2012.05.29 16:34:18 | 000,001,199 | ---- | C] () -- C:\Users\Liz\Desktop\DVDVideoSoft Free Studio.lnk

[2012.05.29 16:34:18 | 000,001,188 | ---- | C] () -- C:\Users\Liz\Desktop\Free Video Dub.lnk

[2012.05.29 16:33:00 | 001,671,128 | ---- | C] () -- C:\Users\Liz\Desktop\locked-Softonic_ggl_1.5.21.0.exe.eglu

[2012.05.28 18:44:01 | 000,000,195 | ---- | C] () -- C:\Users\Liz\Desktop\locked-SweetPcFix.url.znhb

[2012.05.28 12:40:16 | 1179,021,868 | ---- | C] () -- C:\Users\Liz\Desktop\locked-P5280045.AVI.ggru

[2011.07.19 18:08:50 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011.02.27 16:47:29 | 000,001,854 | ---- | C] () -- C:\Users\Liz\AppData\Roaming\locked-GhostObjGAFix.xml.lblr

[2011.01.26 16:12:54 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.10 11:52:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll

[2010.09.06 21:53:46 | 000,005,120 | ---- | C] () -- C:\Users\Liz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.04 11:48:12 | 000,216,695 | ---- | C] () -- C:\Users\Liz\AppData\Roaming\mdbu.bin

[2010.06.28 17:37:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

 
 ========== LOP Check ==========

 

[2012.06.11 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\.minecraft

[2012.06.07 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Babylon

[2011.06.25 12:43:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.05.29 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoft

[2012.06.07 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.06.19 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\gtk-2.0

[2012.06.07 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ICQ

[2010.06.20 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\newfolder3

[2010.09.21 21:24:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\OpenOffice.org

[2012.06.07 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Sony

[2010.05.15 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Template

[2011.10.21 00:03:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\wargaming.net

[2012.06.14 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com

[2012.04.15 20:00:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.11 20:17:48 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\.minecraft

[2011.06.25 12:42:25 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Adobe

[2012.01.13 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Apple Computer

[2010.05.14 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ATI

[2012.06.07 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Babylon

[2011.06.25 12:43:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011.02.20 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\CyberLink

[2010.08.22 16:35:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DivX

[2012.05.29 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoft

[2012.06.07 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.06.14 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Google

[2012.06.19 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\gtk-2.0

[2011.05.08 11:28:04 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Hewlett-Packard

[2012.06.07 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\HP Support Assistant

[2012.06.11 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\hpqLog

[2012.06.07 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\HpUpdate

[2012.06.07 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ICQ

[2010.05.14 17:59:17 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Identities

[2010.05.18 17:17:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Macromedia

[2012.06.18 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Malwarebytes

[2010.02.11 11:07:50 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Media Center Programs

[2012.01.09 21:57:17 | 000,000,000 | --SD | M] -- C:\Users\Liz\AppData\Roaming\Microsoft

[2012.06.11 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla

[2012.06.11 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\NCH Software

[2010.06.20 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\newfolder3

[2010.09.21 21:24:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\OpenOffice.org

[2012.06.11 20:20:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Skype

[2012.06.07 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Sony

[2010.05.15 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Template

[2012.06.05 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\vlc

[2011.10.21 00:03:36 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\wargaming.net

[2011.03.10 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\WinRAR

[2012.06.14 17:40:15 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\www.shadowexplorer.com

 
 < %APPDATA%\*.exe /s >

[2011.06.25 12:42:23 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Liz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2007.11.27 08:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys

[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/br/ie9_startpage

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gerhart-hauptmann-gymnasium.de/

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = http://go.1und1.de/br/ie9_search_web/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=7a2ec57c00000000000078e400168768

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = http://go.web.de/br/ie9_search_pic/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = http://go.gmx.net/br/ie9_search_web/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = http://go.web.de/br/ie9_search_web/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = http://go.web.de/br/ie9_search_produkte/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=931b3d9c-75d5-440a-a6d3-6063ede3a1b7&apn_sauid=74633C05-283D-4941-9754-8972F9C550ED

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = http://go.web.de/br/ie9_search_maps/?su={searchTerms}

IE - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&st=10&q={searchTerms}

[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl

CHR - Extension: No name found = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (FreeSoundRecorder Toolbar) - {32b29df0-2237-4370-9a29-37cebb730e9b} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files (x86)\FreeSoundRecorder\tbFree.dll File not found

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 40.8.1.100

:Files

C:\Program Files (x86)\Softonic

C:\Program Files (x86)\SweetIM

C:\Program Files (x86)\Ask.com

C:\ProgramData\SweetIM

C:\Windows\system32err.xml

C:\user.js

C:\Users\Liz\AppData\Roaming\Babylon

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hier ist die Datei:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.

HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09038620-190C-402B-A92F-18864E6AB22F}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40064957-18EB-412d-9146-3F57E8D92EEC}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57D9654D-C33C-43F5-A8E4-AA77DD70F2B3}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D27B32E-89EE-460e-82D2-5FC354078EAD}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4CB8335-3F4C-4B88-B419-C754B7E5D09D}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}\ not found.

Registry key HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml moved successfully.

File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl not found.

File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv not found.

File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\locked-.rbsl not found.

File C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\locked-.gllv not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.

C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.

File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.

C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.

File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

64bit-Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}\ not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.

File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.

File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.

C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.

Registry value HKEY_USERS\S-1-5-21-782303453-1589293233-1451671137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}\\DhcpNameServer| /E : value set successfully!

========== FILES ==========

C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh folder moved successfully.

C:\Program Files (x86)\Softonic\Softonic\1.5.21.0 folder moved successfully.

C:\Program Files (x86)\Softonic\Softonic folder moved successfully.

C:\Program Files (x86)\Softonic folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.

C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully.

C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.

C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.

C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.

C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.

C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.

C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.

C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.

C:\Program Files (x86)\SweetIM folder moved successfully.

C:\Program Files (x86)\Ask.com\Updater folder moved successfully.

C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.

C:\Program Files (x86)\Ask.com\assets folder moved successfully.

C:\Program Files (x86)\Ask.com folder moved successfully.

C:\ProgramData\SweetIM\Messenger\update folder moved successfully.

C:\ProgramData\SweetIM\Messenger\logs folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data folder moved successfully.

C:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.

C:\ProgramData\SweetIM\Messenger\conf folder moved successfully.

C:\ProgramData\SweetIM\Messenger folder moved successfully.

C:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.

C:\ProgramData\SweetIM\Communicator\conf folder moved successfully.

C:\ProgramData\SweetIM\Communicator folder moved successfully.

C:\ProgramData\SweetIM folder moved successfully.

C:\Windows\system32err.xml moved successfully.

C:\user.js moved successfully.

C:\Users\Liz\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Franz

 

User: Liz

->Temp folder emptied: 614877201 bytes

->Temporary Internet Files folder emptied: 4463834988 bytes

->Java cache emptied: 18727 bytes

->Google Chrome cache emptied: 6679271 bytes

->Flash cache emptied: 81493 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 106859823 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes

RecycleBin emptied: 98506496 bytes

 

Total Files Cleaned = 5.046,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: AppData

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Franz

 

User: Liz

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.48.0 log created on 06222012_194655
 

Files\Folders moved on Reboot...

C:\Users\Liz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\MpCmdRun.log moved successfully.
 

Registry entries deleted on Reboot...

Hat soweit alles gut funktioniert. Wie gehts weiter? Kann ich auch in den anderen Sachen Malware und Eset die infizierten Datein jetzt löschen?
LG LisaMarie

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hier das Log:

Code:

18:33:13.0650 6064        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

18:33:13.0884 6064        ============================================================

18:33:13.0884 6064        Current date / time: 2012/06/24 18:33:13.0884

18:33:13.0884 6064        SystemInfo:

18:33:13.0884 6064        

18:33:13.0884 6064        OS Version: 6.1.7600 ServicePack: 0.0

18:33:13.0884 6064        Product type: Workstation

18:33:13.0884 6064        ComputerName: LIZ-PC

18:33:13.0884 6064        UserName: Liz

18:33:13.0884 6064        Windows directory: C:\Windows

18:33:13.0884 6064        System windows directory: C:\Windows

18:33:13.0884 6064        Running under WOW64

18:33:13.0884 6064        Processor architecture: Intel x64

18:33:13.0884 6064        Number of processors: 4

18:33:13.0884 6064        Page size: 0x1000

18:33:13.0884 6064        Boot type: Normal boot

18:33:13.0884 6064        ============================================================

18:33:14.0305 6064        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:33:14.0305 6064        ============================================================

18:33:14.0305 6064        \Device\Harddisk0\DR0:

18:33:14.0305 6064        MBR partitions:

18:33:14.0305 6064        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

18:33:14.0305 6064        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239CC000

18:33:14.0305 6064        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A30000, BlocksNum 0x19CA800

18:33:14.0305 6064        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

18:33:14.0305 6064        ============================================================

18:33:14.0321 6064        C: <-> \Device\Harddisk0\DR0\Partition1

18:33:14.0367 6064        D: <-> \Device\Harddisk0\DR0\Partition2

18:33:14.0383 6064        E: <-> \Device\Harddisk0\DR0\Partition3

18:33:14.0383 6064        ============================================================

18:33:14.0383 6064        Initialize success

18:33:14.0383 6064        ============================================================

18:33:27.0643 5396        ============================================================

18:33:27.0643 5396        Scan started

18:33:27.0643 5396        Mode: Manual; SigCheck; TDLFS; 

18:33:27.0643 5396        ============================================================

18:33:28.0220 5396        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

18:33:28.0361 5396        1394ohci - ok

18:33:28.0439 5396        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

18:33:28.0470 5396        ACPI - ok

18:33:28.0517 5396        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

18:33:28.0610 5396        AcpiPmi - ok

18:33:28.0719 5396        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:33:28.0735 5396        AdobeARMservice - ok

18:33:28.0844 5396        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:33:28.0891 5396        adp94xx - ok

18:33:28.0969 5396        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:33:29.0016 5396        adpahci - ok

18:33:29.0047 5396        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:33:29.0094 5396        adpu320 - ok

18:33:29.0125 5396        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:33:29.0297 5396        AeLookupSvc - ok

18:33:29.0375 5396        AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

18:33:29.0406 5396        AERTFilters - ok

18:33:29.0499 5396        AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

18:33:29.0577 5396        AFD - ok

18:33:29.0718 5396        AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

18:33:29.0827 5396        AgereSoftModem - ok

18:33:29.0889 5396        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

18:33:29.0905 5396        agp440 - ok

18:33:29.0952 5396        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:33:30.0045 5396        ALG - ok

18:33:30.0108 5396        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

18:33:30.0123 5396        aliide - ok

18:33:30.0201 5396        AMD External Events Utility (1d317ea326423ff7630cf1da3bd46a1c) C:\Windows\system32\atiesrxx.exe

18:33:30.0295 5396        AMD External Events Utility - ok

18:33:30.0311 5396        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

18:33:30.0326 5396        amdide - ok

18:33:30.0404 5396        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:33:30.0467 5396        AmdK8 - ok

18:33:30.0498 5396        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:33:30.0545 5396        AmdPPM - ok

18:33:30.0591 5396        amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

18:33:30.0623 5396        amdsata - ok

18:33:30.0685 5396        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:33:30.0716 5396        amdsbs - ok

18:33:30.0732 5396        amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

18:33:30.0747 5396        amdxata - ok

18:33:30.0810 5396        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

18:33:30.0919 5396        AppID - ok

18:33:30.0935 5396        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:33:30.0997 5396        AppIDSvc - ok

18:33:31.0044 5396        Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

18:33:31.0091 5396        Appinfo - ok

18:33:31.0137 5396        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:33:31.0169 5396        arc - ok

18:33:31.0184 5396        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:33:31.0215 5396        arcsas - ok

18:33:31.0262 5396        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:33:31.0325 5396        AsyncMac - ok

18:33:31.0371 5396        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

18:33:31.0387 5396        atapi - ok

18:33:31.0543 5396        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

18:33:31.0652 5396        athr - ok

18:33:31.0824 5396        AtiHdmiService  (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys

18:33:31.0871 5396        AtiHdmiService - ok

18:33:32.0339 5396        atikmdag        (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys

18:33:32.0479 5396        atikmdag - ok

18:33:32.0651 5396        AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

18:33:32.0791 5396        AudioEndpointBuilder - ok

18:33:32.0807 5396        AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

18:33:32.0853 5396        AudioSrv - ok

18:33:32.0885 5396        AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

18:33:32.0994 5396        AxInstSV - ok

18:33:33.0087 5396        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:33:33.0150 5396        b06bdrv - ok

18:33:33.0228 5396        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:33:33.0275 5396        b57nd60a - ok

18:33:33.0306 5396        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:33:33.0368 5396        BDESVC - ok

18:33:33.0368 5396        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:33:33.0446 5396        Beep - ok

18:33:33.0540 5396        BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

18:33:33.0618 5396        BFE - ok

18:33:33.0696 5396        BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

18:33:33.0774 5396        BITS - ok

18:33:33.0852 5396        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:33:33.0883 5396        blbdrive - ok

18:33:33.0930 5396        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

18:33:34.0008 5396        bowser - ok

18:33:34.0055 5396        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:33:34.0086 5396        BrFiltLo - ok

18:33:34.0101 5396        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:33:34.0117 5396        BrFiltUp - ok

18:33:34.0164 5396        Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

18:33:34.0257 5396        Browser - ok

18:33:34.0304 5396        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:33:34.0335 5396        Brserid - ok

18:33:34.0367 5396        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:33:34.0413 5396        BrSerWdm - ok

18:33:34.0429 5396        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:33:34.0476 5396        BrUsbMdm - ok

18:33:34.0491 5396        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:33:34.0538 5396        BrUsbSer - ok

18:33:34.0569 5396        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:33:34.0616 5396        BTHMODEM - ok

18:33:34.0647 5396        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:33:34.0725 5396        bthserv - ok

18:33:34.0772 5396        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:33:34.0866 5396        cdfs - ok

18:33:34.0913 5396        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

18:33:34.0959 5396        cdrom - ok

18:33:35.0006 5396        CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

18:33:35.0069 5396        CertPropSvc - ok

18:33:35.0115 5396        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:33:35.0162 5396        circlass - ok

18:33:35.0225 5396        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:33:35.0256 5396        CLFS - ok

18:33:35.0318 5396        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:33:35.0334 5396        clr_optimization_v2.0.50727_32 - ok

18:33:35.0381 5396        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:33:35.0396 5396        clr_optimization_v2.0.50727_64 - ok

18:33:35.0459 5396        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:33:35.0474 5396        CmBatt - ok

18:33:35.0490 5396        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

18:33:35.0505 5396        cmdide - ok

18:33:35.0568 5396        CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

18:33:35.0646 5396        CNG - ok

18:33:35.0771 5396        Com4QLBEx       (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

18:33:35.0786 5396        Com4QLBEx - ok

18:33:35.0833 5396        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:33:35.0849 5396        Compbatt - ok

18:33:35.0911 5396        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

18:33:35.0958 5396        CompositeBus - ok

18:33:35.0973 5396        COMSysApp - ok

18:33:35.0989 5396        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:33:36.0005 5396        crcdisk - ok

18:33:36.0067 5396        CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

18:33:36.0161 5396        CryptSvc - ok

18:33:36.0223 5396        DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

18:33:36.0317 5396        DcomLaunch - ok

18:33:36.0379 5396        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:33:36.0457 5396        defragsvc - ok

18:33:36.0519 5396        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

18:33:36.0551 5396        DfsC - ok

18:33:36.0613 5396        Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

18:33:36.0707 5396        Dhcp - ok

18:33:36.0738 5396        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:33:36.0800 5396        discache - ok

18:33:36.0847 5396        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:33:36.0878 5396        Disk - ok

18:33:36.0925 5396        Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

18:33:36.0972 5396        Dnscache - ok

18:33:37.0003 5396        dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

18:33:37.0097 5396        dot3svc - ok

18:33:37.0128 5396        DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

18:33:37.0190 5396        DPS - ok

18:33:37.0221 5396        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:33:37.0253 5396        drmkaud - ok

18:33:37.0346 5396        DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

18:33:37.0393 5396        DXGKrnl - ok

18:33:37.0455 5396        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:33:37.0549 5396        EapHost - ok

18:33:37.0799 5396        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:33:37.0892 5396        ebdrv - ok

18:33:38.0017 5396        EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

18:33:38.0064 5396        EFS - ok

18:33:38.0189 5396        ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

18:33:38.0267 5396        ehRecvr - ok

18:33:38.0313 5396        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:33:38.0376 5396        ehSched - ok

18:33:38.0485 5396        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:33:38.0516 5396        elxstor - ok

18:33:38.0532 5396        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

18:33:38.0563 5396        ErrDev - ok

18:33:38.0641 5396        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:33:38.0735 5396        EventSystem - ok

18:33:38.0797 5396        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:33:38.0891 5396        exfat - ok

18:33:38.0922 5396        ezSharedSvc - ok

18:33:38.0953 5396        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:33:39.0047 5396        fastfat - ok

18:33:39.0125 5396        Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

18:33:39.0187 5396        Fax - ok

18:33:39.0234 5396        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:33:39.0281 5396        fdc - ok

18:33:39.0296 5396        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:33:39.0359 5396        fdPHost - ok

18:33:39.0390 5396        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:33:39.0437 5396        FDResPub - ok

18:33:39.0468 5396        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:33:39.0483 5396        FileInfo - ok

18:33:39.0499 5396        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:33:39.0546 5396        Filetrace - ok

18:33:39.0577 5396        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:33:39.0608 5396        flpydisk - ok

18:33:39.0624 5396        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

18:33:39.0639 5396        FltMgr - ok

18:33:39.0764 5396        FontCache       (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll

18:33:39.0858 5396        FontCache - ok

18:33:39.0889 5396        FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:33:39.0920 5396        FontCache3.0.0.0 - ok

18:33:39.0936 5396        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:33:39.0951 5396        FsDepends - ok

18:33:39.0983 5396        Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

18:33:39.0998 5396        Fs_Rec - ok

18:33:40.0061 5396        fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

18:33:40.0092 5396        fvevol - ok

18:33:40.0139 5396        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:33:40.0154 5396        gagp30kx - ok

18:33:40.0248 5396        gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

18:33:40.0326 5396        gpsvc - ok

18:33:40.0419 5396        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:33:40.0451 5396        gupdate - ok

18:33:40.0482 5396        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:33:40.0482 5396        gupdatem - ok

18:33:40.0513 5396        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

18:33:40.0529 5396        gusvc - ok

18:33:40.0591 5396        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:33:40.0653 5396        hcw85cir - ok

18:33:40.0716 5396        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

18:33:40.0778 5396        HdAudAddService - ok

18:33:40.0825 5396        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:33:40.0872 5396        HDAudBus - ok

18:33:40.0887 5396        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

18:33:40.0903 5396        HECIx64 - ok

18:33:40.0919 5396        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:33:40.0950 5396        HidBatt - ok

18:33:40.0981 5396        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:33:41.0028 5396        HidBth - ok

18:33:41.0059 5396        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:33:41.0106 5396        HidIr - ok

18:33:41.0137 5396        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

18:33:41.0231 5396        hidserv - ok

18:33:41.0246 5396        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

18:33:41.0262 5396        HidUsb - ok

18:33:41.0277 5396        hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

18:33:41.0371 5396        hkmsvc - ok

18:33:41.0402 5396        HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

18:33:41.0465 5396        HomeGroupListener - ok

18:33:41.0511 5396        HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

18:33:41.0543 5396        HomeGroupProvider - ok

18:33:41.0667 5396        HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

18:33:41.0683 5396        HP Support Assistant Service - ok

18:33:41.0745 5396        HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

18:33:41.0777 5396        HPDrvMntSvc.exe - ok

18:33:41.0823 5396        HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

18:33:41.0870 5396        HpqKbFiltr - ok

18:33:41.0979 5396        hpqwmiex        (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

18:33:42.0026 5396        hpqwmiex - ok

18:33:42.0073 5396        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

18:33:42.0104 5396        HpSAMD - ok

18:33:42.0213 5396        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

18:33:42.0291 5396        HTTP - ok

18:33:42.0323 5396        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

18:33:42.0323 5396        hwpolicy - ok

18:33:42.0369 5396        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

18:33:42.0385 5396        i8042prt - ok

18:33:42.0432 5396        iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

18:33:42.0447 5396        iaStor - ok

18:33:42.0510 5396        iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

18:33:42.0541 5396        iaStorV - ok

18:33:42.0650 5396        idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:33:42.0697 5396        idsvc - ok

18:33:43.0134 5396        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:33:43.0274 5396        igfx - ok

18:33:43.0383 5396        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:33:43.0399 5396        iirsp - ok

18:33:43.0493 5396        IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

18:33:43.0586 5396        IKEEXT - ok

18:33:43.0805 5396        IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys

18:33:43.0883 5396        IntcAzAudAddService - ok

18:33:43.0992 5396        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

18:33:44.0007 5396        intelide - ok

18:33:44.0070 5396        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:33:44.0101 5396        intelppm - ok

18:33:44.0132 5396        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:33:44.0210 5396        IPBusEnum - ok

18:33:44.0257 5396        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:33:44.0319 5396        IpFilterDriver - ok

18:33:44.0397 5396        iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

18:33:44.0491 5396        iphlpsvc - ok

18:33:44.0507 5396        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

18:33:44.0538 5396        IPMIDRV - ok

18:33:44.0553 5396        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:33:44.0616 5396        IPNAT - ok

18:33:44.0647 5396        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:33:44.0663 5396        IRENUM - ok

18:33:44.0694 5396        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

18:33:44.0709 5396        isapnp - ok

18:33:44.0741 5396        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

18:33:44.0787 5396        iScsiPrt - ok

18:33:44.0803 5396        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:33:44.0819 5396        kbdclass - ok

18:33:44.0865 5396        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

18:33:44.0912 5396        kbdhid - ok

18:33:44.0943 5396        KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:33:44.0959 5396        KeyIso - ok

18:33:44.0975 5396        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

18:33:45.0006 5396        KSecDD - ok

18:33:45.0037 5396        KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

18:33:45.0053 5396        KSecPkg - ok

18:33:45.0068 5396        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:33:45.0146 5396        ksthunk - ok

18:33:45.0193 5396        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:33:45.0271 5396        KtmRm - ok

18:33:45.0318 5396        LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

18:33:45.0396 5396        LanmanServer - ok

18:33:45.0427 5396        LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

18:33:45.0489 5396        LanmanWorkstation - ok

18:33:45.0583 5396        LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

18:33:45.0599 5396        LightScribeService ( UnsignedFile.Multi.Generic ) - warning

18:33:45.0599 5396        LightScribeService - detected UnsignedFile.Multi.Generic (1)

18:33:45.0630 5396        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:33:45.0692 5396        lltdio - ok

18:33:45.0739 5396        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:33:45.0801 5396        lltdsvc - ok

18:33:45.0848 5396        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:33:45.0879 5396        lmhosts - ok

18:33:45.0973 5396        LMS             (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

18:33:46.0004 5396        LMS - ok

18:33:46.0067 5396        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:33:46.0098 5396        LSI_FC - ok

18:33:46.0129 5396        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:33:46.0160 5396        LSI_SAS - ok

18:33:46.0191 5396        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:33:46.0223 5396        LSI_SAS2 - ok

18:33:46.0285 5396        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:33:46.0316 5396        LSI_SCSI - ok

18:33:46.0363 5396        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:33:46.0441 5396        luafv - ok

18:33:46.0472 5396        Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

18:33:46.0519 5396        Mcx2Svc - ok

18:33:46.0550 5396        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:33:46.0566 5396        megasas - ok

18:33:46.0597 5396        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:33:46.0628 5396        MegaSR - ok

18:33:46.0675 5396        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:33:46.0753 5396        MMCSS - ok

18:33:46.0784 5396        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:33:46.0847 5396        Modem - ok

18:33:46.0878 5396        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:33:46.0925 5396        monitor - ok

18:33:46.0971 5396        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:33:47.0003 5396        mouclass - ok

18:33:47.0049 5396        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:33:47.0081 5396        mouhid - ok

18:33:47.0112 5396        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

18:33:47.0127 5396        mountmgr - ok

18:33:47.0190 5396        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

18:33:47.0237 5396        MpFilter - ok

18:33:47.0268 5396        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

18:33:47.0283 5396        mpio - ok

18:33:47.0299 5396        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:33:47.0346 5396        mpsdrv - ok

18:33:47.0424 5396        MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

18:33:47.0517 5396        MpsSvc - ok

18:33:47.0533 5396        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

18:33:47.0580 5396        MRxDAV - ok

18:33:47.0611 5396        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:33:47.0642 5396        mrxsmb - ok

18:33:47.0689 5396        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:33:47.0705 5396        mrxsmb10 - ok

18:33:47.0736 5396        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:33:47.0767 5396        mrxsmb20 - ok

18:33:47.0798 5396        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

18:33:47.0814 5396        msahci - ok

18:33:47.0845 5396        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

18:33:47.0861 5396        msdsm - ok

18:33:47.0892 5396        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:33:47.0939 5396        MSDTC - ok

18:33:47.0970 5396        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:33:48.0017 5396        Msfs - ok

18:33:48.0048 5396        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:33:48.0095 5396        mshidkmdf - ok

18:33:48.0126 5396        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

18:33:48.0126 5396        msisadrv - ok

18:33:48.0173 5396        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:33:48.0266 5396        MSiSCSI - ok

18:33:48.0266 5396        msiserver - ok

18:33:48.0297 5396        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:33:48.0344 5396        MSKSSRV - ok

18:33:48.0469 5396        MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

18:33:48.0500 5396        MsMpSvc - ok

18:33:48.0516 5396        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:33:48.0578 5396        MSPCLOCK - ok

18:33:48.0594 5396        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:33:48.0656 5396        MSPQM - ok

18:33:48.0672 5396        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

18:33:48.0687 5396        MsRPC - ok

18:33:48.0719 5396        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

18:33:48.0734 5396        mssmbios - ok

18:33:48.0734 5396        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:33:48.0797 5396        MSTEE - ok

18:33:48.0828 5396        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:33:48.0859 5396        MTConfig - ok

18:33:48.0875 5396        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:33:48.0875 5396        Mup - ok

18:33:48.0937 5396        napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

18:33:49.0031 5396        napagent - ok

18:33:49.0093 5396        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:33:49.0155 5396        NativeWifiP - ok

18:33:49.0249 5396        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

18:33:49.0296 5396        NDIS - ok

18:33:49.0343 5396        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:33:49.0405 5396        NdisCap - ok

18:33:49.0421 5396        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:33:49.0467 5396        NdisTapi - ok

18:33:49.0467 5396        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

18:33:49.0530 5396        Ndisuio - ok

18:33:49.0545 5396        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

18:33:49.0577 5396        NdisWan - ok

18:33:49.0592 5396        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

18:33:49.0655 5396        NDProxy - ok

18:33:49.0670 5396        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:33:49.0717 5396        NetBIOS - ok

18:33:49.0748 5396        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

18:33:49.0795 5396        NetBT - ok

18:33:49.0826 5396        Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:33:49.0842 5396        Netlogon - ok

18:33:49.0904 5396        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:33:49.0998 5396        Netman - ok

18:33:50.0029 5396        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:33:50.0138 5396        netprofm - ok

18:33:50.0201 5396        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:33:50.0232 5396        NetTcpPortSharing - ok

18:33:50.0637 5396        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

18:33:50.0778 5396        netw5v64 - ok

18:33:50.0903 5396        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:33:50.0918 5396        nfrd960 - ok

18:33:50.0981 5396        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

18:33:51.0012 5396        NisDrv - ok

18:33:51.0137 5396        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

18:33:51.0183 5396        NisSrv - ok

18:33:51.0246 5396        NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

18:33:51.0308 5396        NlaSvc - ok

18:33:51.0339 5396        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:33:51.0386 5396        Npfs - ok

18:33:51.0417 5396        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:33:51.0480 5396        nsi - ok

18:33:51.0480 5396        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:33:51.0527 5396        nsiproxy - ok

18:33:51.0667 5396        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

18:33:51.0745 5396        Ntfs - ok

18:33:51.0839 5396        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:33:51.0932 5396        Null - ok

18:33:51.0979 5396        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

18:33:51.0979 5396        nvraid - ok

18:33:52.0026 5396        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

18:33:52.0057 5396        nvstor - ok

18:33:52.0088 5396        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

18:33:52.0119 5396        nv_agp - ok

18:33:52.0275 5396        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:33:52.0307 5396        odserv - ok

18:33:52.0338 5396        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

18:33:52.0369 5396        ohci1394 - ok

18:33:52.0416 5396        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:33:52.0431 5396        ose - ok

18:33:52.0478 5396        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:33:52.0556 5396        p2pimsvc - ok

18:33:52.0603 5396        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:33:52.0634 5396        p2psvc - ok

18:33:52.0665 5396        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:33:52.0697 5396        Parport - ok

18:33:52.0743 5396        partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

18:33:52.0759 5396        partmgr - ok

18:33:52.0775 5396        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:33:52.0821 5396        PcaSvc - ok

18:33:52.0853 5396        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

18:33:52.0868 5396        pci - ok

18:33:52.0868 5396        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

18:33:52.0884 5396        pciide - ok

18:33:52.0915 5396        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:33:52.0946 5396        pcmcia - ok

18:33:52.0977 5396        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:33:52.0993 5396        pcw - ok

18:33:53.0040 5396        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:33:53.0133 5396        PEAUTH - ok

18:33:53.0227 5396        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:33:53.0274 5396        PerfHost - ok

18:33:53.0461 5396        pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

18:33:53.0570 5396        pla - ok

18:33:53.0633 5396        PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

18:33:53.0711 5396        PlugPlay - ok

18:33:53.0726 5396        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:33:53.0757 5396        PNRPAutoReg - ok

18:33:53.0804 5396        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:33:53.0835 5396        PNRPsvc - ok

18:33:53.0898 5396        PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

18:33:53.0991 5396        PolicyAgent - ok

18:33:54.0038 5396        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:33:54.0101 5396        Power - ok

18:33:54.0179 5396        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

18:33:54.0272 5396        PptpMiniport - ok

18:33:54.0303 5396        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:33:54.0319 5396        Processor - ok

18:33:54.0366 5396        ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

18:33:54.0444 5396        ProfSvc - ok

18:33:54.0491 5396        ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:33:54.0491 5396        ProtectedStorage - ok

18:33:54.0537 5396        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

18:33:54.0615 5396        Psched - ok

18:33:54.0756 5396        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:33:54.0818 5396        ql2300 - ok

18:33:54.0927 5396        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:33:54.0959 5396        ql40xx - ok

18:33:54.0990 5396        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:33:55.0037 5396        QWAVE - ok

18:33:55.0052 5396        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:33:55.0083 5396        QWAVEdrv - ok

18:33:55.0099 5396        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:33:55.0130 5396        RasAcd - ok

18:33:55.0177 5396        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:33:55.0271 5396        RasAgileVpn - ok

18:33:55.0317 5396        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:33:55.0395 5396        RasAuto - ok

18:33:55.0442 5396        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:33:55.0551 5396        Rasl2tp - ok

18:33:55.0598 5396        RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

18:33:55.0692 5396        RasMan - ok

18:33:55.0692 5396        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:33:55.0739 5396        RasPppoe - ok

18:33:55.0754 5396        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:33:55.0801 5396        RasSstp - ok

18:33:55.0832 5396        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

18:33:55.0941 5396        rdbss - ok

18:33:55.0973 5396        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:33:55.0988 5396        rdpbus - ok

18:33:56.0019 5396        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:33:56.0066 5396        RDPCDD - ok

18:33:56.0082 5396        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:33:56.0129 5396        RDPENCDD - ok

18:33:56.0160 5396        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:33:56.0207 5396        RDPREFMP - ok

18:33:56.0238 5396        RDPWD           (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

18:33:56.0300 5396        RDPWD - ok

18:33:56.0316 5396        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

18:33:56.0347 5396        rdyboost - ok

18:33:56.0378 5396        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:33:56.0456 5396        RemoteAccess - ok

18:33:56.0487 5396        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:33:56.0550 5396        RemoteRegistry - ok

18:33:56.0659 5396        RichVideo       (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

18:33:56.0675 5396        RichVideo - ok

18:33:56.0706 5396        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:33:56.0753 5396        RpcEptMapper - ok

18:33:56.0768 5396        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:33:56.0799 5396        RpcLocator - ok

18:33:56.0862 5396        RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

18:33:56.0909 5396        RpcSs - ok

18:33:56.0955 5396        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:33:57.0002 5396        rspndr - ok

18:33:57.0080 5396        RSUSBSTOR       (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys

18:33:57.0127 5396        RSUSBSTOR - ok

18:33:57.0205 5396        RTL8167         (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys

18:33:57.0252 5396        RTL8167 - ok

18:33:57.0267 5396        SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:33:57.0283 5396        SamSs - ok

18:33:57.0314 5396        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

18:33:57.0345 5396        sbp2port - ok

18:33:57.0361 5396        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:33:57.0455 5396        SCardSvr - ok

18:33:57.0470 5396        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

18:33:57.0548 5396        scfilter - ok

18:33:57.0673 5396        Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

18:33:57.0767 5396        Schedule - ok

18:33:57.0798 5396        SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

18:33:57.0845 5396        SCPolicySvc - ok

18:33:57.0891 5396        sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

18:33:57.0938 5396        sdbus - ok

18:33:57.0969 5396        SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

18:33:58.0047 5396        SDRSVC - ok

18:33:58.0079 5396        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:33:58.0172 5396        secdrv - ok

18:33:58.0188 5396        seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

18:33:58.0235 5396        seclogon - ok

18:33:58.0281 5396        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

18:33:58.0375 5396        SENS - ok

18:33:58.0422 5396        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:33:58.0469 5396        SensrSvc - ok

18:33:58.0515 5396        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:33:58.0547 5396        Serenum - ok

18:33:58.0578 5396        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:33:58.0593 5396        Serial - ok

18:33:58.0609 5396        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:33:58.0640 5396        sermouse - ok

18:33:58.0671 5396        SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

18:33:58.0749 5396        SessionEnv - ok

18:33:58.0843 5396        sesvc           (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe

18:33:58.0859 5396        sesvc ( UnsignedFile.Multi.Generic ) - warning

18:33:58.0859 5396        sesvc - detected UnsignedFile.Multi.Generic (1)

18:33:58.0890 5396        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

18:33:58.0937 5396        sffdisk - ok

18:33:58.0952 5396        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

18:33:58.0999 5396        sffp_mmc - ok

18:33:59.0015 5396        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

18:33:59.0030 5396        sffp_sd - ok

18:33:59.0093 5396        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:33:59.0124 5396        sfloppy - ok

18:33:59.0186 5396        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:33:59.0264 5396        SharedAccess - ok

18:33:59.0311 5396        ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

18:33:59.0373 5396        ShellHWDetection - ok

18:33:59.0420 5396        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:33:59.0436 5396        SiSRaid2 - ok

18:33:59.0451 5396        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:33:59.0467 5396        SiSRaid4 - ok

18:33:59.0561 5396        SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

18:33:59.0592 5396        SkypeUpdate - ok

18:33:59.0623 5396        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:33:59.0701 5396        Smb - ok

18:33:59.0732 5396        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:33:59.0763 5396        SNMPTRAP - ok

18:33:59.0779 5396        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:33:59.0795 5396        spldr - ok

18:33:59.0857 5396        Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

18:33:59.0919 5396        Spooler - ok

18:34:00.0200 5396        sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

18:34:00.0309 5396        sppsvc - ok

18:34:00.0403 5396        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:34:00.0497 5396        sppuinotify - ok

18:34:00.0575 5396        srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

18:34:00.0653 5396        srv - ok

18:34:00.0699 5396        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

18:34:00.0746 5396        srv2 - ok

18:34:00.0824 5396        SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

18:34:00.0840 5396        SrvHsfHDA - ok

18:34:00.0965 5396        SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

18:34:01.0027 5396        SrvHsfV92 - ok

18:34:01.0183 5396        SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

18:34:01.0230 5396        SrvHsfWinac - ok

18:34:01.0261 5396        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

18:34:01.0308 5396        srvnet - ok

18:34:01.0355 5396        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:34:01.0448 5396        SSDPSRV - ok

18:34:01.0464 5396        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:34:01.0511 5396        SstpSvc - ok

18:34:01.0542 5396        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:34:01.0542 5396        stexstor - ok

18:34:01.0604 5396        stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

18:34:01.0635 5396        stisvc - ok

18:34:01.0651 5396        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

18:34:01.0667 5396        swenum - ok

18:34:01.0745 5396        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:34:01.0838 5396        swprv - ok

18:34:01.0916 5396        SynTP           (f95f19757f19962b90576af0919375c4) C:\Windows\system32\DRIVERS\SynTP.sys

18:34:01.0947 5396        SynTP - ok

18:34:02.0103 5396        SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

18:34:02.0181 5396        SysMain - ok

18:34:02.0275 5396        TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

18:34:02.0337 5396        TabletInputService - ok

18:34:02.0369 5396        TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

18:34:02.0431 5396        TapiSrv - ok

18:34:02.0462 5396        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:34:02.0493 5396        TBS - ok

18:34:02.0665 5396        Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

18:34:02.0774 5396        Tcpip - ok

18:34:03.0008 5396        TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

18:34:03.0055 5396        TCPIP6 - ok

18:34:03.0117 5396        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

18:34:03.0180 5396        tcpipreg - ok

18:34:03.0195 5396        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:34:03.0242 5396        TDPIPE - ok

18:34:03.0273 5396        TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

18:34:03.0320 5396        TDTCP - ok

18:34:03.0351 5396        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

18:34:03.0429 5396        tdx - ok

18:34:03.0445 5396        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

18:34:03.0461 5396        TermDD - ok

18:34:03.0539 5396        TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

18:34:03.0617 5396        TermService - ok

18:34:03.0632 5396        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:34:03.0679 5396        Themes - ok

18:34:03.0710 5396        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:34:03.0757 5396        THREADORDER - ok

18:34:03.0788 5396        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:34:03.0851 5396        TrkWks - ok

18:34:03.0913 5396        TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

18:34:03.0960 5396        TrustedInstaller - ok

18:34:03.0991 5396        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:34:04.0069 5396        tssecsrv - ok

18:34:04.0100 5396        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

18:34:04.0178 5396        tunnel - ok

18:34:04.0209 5396        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:34:04.0209 5396        uagp35 - ok

18:34:04.0256 5396        udfs            (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

18:34:04.0303 5396        udfs - ok

18:34:04.0319 5396        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:34:04.0350 5396        UI0Detect - ok

18:34:04.0381 5396        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

18:34:04.0397 5396        uliagpkx - ok

18:34:04.0443 5396        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

18:34:04.0475 5396        umbus - ok

18:34:04.0521 5396        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:34:04.0553 5396        UmPass - ok

18:34:04.0818 5396        UNS             (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

18:34:04.0880 5396        UNS - ok

18:34:04.0974 5396        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:34:05.0036 5396        upnphost - ok

18:34:05.0067 5396        usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

18:34:05.0114 5396        usbccgp - ok

18:34:05.0145 5396        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

18:34:05.0208 5396        usbcir - ok

18:34:05.0239 5396        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

18:34:05.0270 5396        usbehci - ok

18:34:05.0317 5396        usbhub          (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys

18:34:05.0364 5396        usbhub - ok

18:34:05.0395 5396        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

18:34:05.0411 5396        usbohci - ok

18:34:05.0442 5396        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:34:05.0457 5396        usbprint - ok

18:34:05.0473 5396        USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:34:05.0504 5396        USBSTOR - ok

18:34:05.0520 5396        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

18:34:05.0535 5396        usbuhci - ok

18:34:05.0582 5396        usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

18:34:05.0598 5396        usbvideo - ok

18:34:05.0629 5396        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:34:05.0676 5396        UxSms - ok

18:34:05.0738 5396        VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

18:34:05.0754 5396        VaultSvc - ok

18:34:05.0801 5396        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

18:34:05.0816 5396        vdrvroot - ok

18:34:05.0894 5396        vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

18:34:05.0957 5396        vds - ok

18:34:06.0003 5396        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:34:06.0035 5396        vga - ok

18:34:06.0050 5396        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:34:06.0128 5396        VgaSave - ok

18:34:06.0175 5396        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

18:34:06.0237 5396        vhdmp - ok

18:34:06.0284 5396        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

18:34:06.0300 5396        viaide - ok

18:34:06.0331 5396        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

18:34:06.0347 5396        volmgr - ok

18:34:06.0393 5396        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

18:34:06.0425 5396        volmgrx - ok

18:34:06.0456 5396        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

18:34:06.0487 5396        volsnap - ok

18:34:06.0534 5396        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:34:06.0565 5396        vsmraid - ok

18:34:06.0690 5396        VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

18:34:06.0768 5396        VSS - ok

18:34:06.0861 5396        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:34:06.0893 5396        vwifibus - ok

18:34:06.0924 5396        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:34:06.0971 5396        vwififlt - ok

18:34:07.0033 5396        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:34:07.0095 5396        W32Time - ok

18:34:07.0127 5396        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:34:07.0158 5396        WacomPen - ok

18:34:07.0173 5396        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:34:07.0236 5396        WANARP - ok

18:34:07.0251 5396        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:34:07.0298 5396        Wanarpv6 - ok

18:34:07.0423 5396        wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

18:34:07.0548 5396        wbengine - ok

18:34:07.0641 5396        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:34:07.0688 5396        WbioSrvc - ok

18:34:07.0735 5396        wcncsvc         (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll

18:34:07.0766 5396        wcncsvc - ok

18:34:07.0782 5396        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:34:07.0813 5396        WcsPlugInService - ok

18:34:07.0844 5396        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:34:07.0860 5396        Wd - ok

18:34:07.0922 5396        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:34:07.0969 5396        Wdf01000 - ok

18:34:07.0985 5396        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:34:08.0031 5396        WdiServiceHost - ok

18:34:08.0031 5396        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:34:08.0063 5396        WdiSystemHost - ok

18:34:08.0094 5396        WebClient       (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll

18:34:08.0141 5396        WebClient - ok

18:34:08.0187 5396        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:34:08.0265 5396        Wecsvc - ok

18:34:08.0297 5396        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:34:08.0343 5396        wercplsupport - ok

18:34:08.0375 5396        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:34:08.0421 5396        WerSvc - ok

18:34:08.0453 5396        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:34:08.0499 5396        WfpLwf - ok

18:34:08.0499 5396        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:34:08.0515 5396        WIMMount - ok

18:34:08.0546 5396        WinDefend - ok

18:34:08.0562 5396        WinHttpAutoProxySvc - ok

18:34:08.0624 5396        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:34:08.0687 5396        Winmgmt - ok

18:34:08.0858 5396        WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

18:34:08.0967 5396        WinRM - ok

18:34:09.0092 5396        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

18:34:09.0123 5396        WinUsb - ok

18:34:09.0217 5396        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:34:09.0311 5396        Wlansvc - ok

18:34:09.0326 5396        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

18:34:09.0357 5396        WmiAcpi - ok

18:34:09.0435 5396        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:34:09.0482 5396        wmiApSrv - ok

18:34:09.0529 5396        WMPNetworkSvc - ok

18:34:09.0560 5396        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:34:09.0591 5396        WPCSvc - ok

18:34:09.0607 5396        WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

18:34:09.0638 5396        WPDBusEnum - ok

18:34:09.0654 5396        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:34:09.0701 5396        ws2ifsl - ok

18:34:09.0716 5396        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

18:34:09.0763 5396        wscsvc - ok

18:34:09.0779 5396        WSearch - ok

18:34:09.0997 5396        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

18:34:10.0075 5396        wuauserv - ok

18:34:10.0153 5396        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

18:34:10.0215 5396        WudfPf - ok

18:34:10.0231 5396        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:34:10.0262 5396        WUDFRd - ok

18:34:10.0278 5396        wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

18:34:10.0340 5396        wudfsvc - ok

18:34:10.0371 5396        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:34:10.0434 5396        WwanSvc - ok

18:34:10.0481 5396        yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

18:34:10.0527 5396        yukonw7 - ok

18:34:10.0559 5396        MBR (0x1B8)     (13e5baefcf4f9bb3e1dda96e3e048676) \Device\Harddisk0\DR0

18:34:10.0886 5396        \Device\Harddisk0\DR0 - ok

18:34:10.0886 5396        Boot (0x1200)   (d0fed7d21a3099521c4ff5c6682a4cef) \Device\Harddisk0\DR0\Partition0

18:34:10.0886 5396        \Device\Harddisk0\DR0\Partition0 - ok

18:34:10.0933 5396        Boot (0x1200)   (cf9a32b7230680b94ee7d876cc159c7d) \Device\Harddisk0\DR0\Partition1

18:34:10.0933 5396        \Device\Harddisk0\DR0\Partition1 - ok

18:34:10.0949 5396        Boot (0x1200)   (90b84ba4f085c92d1c88eca608e40930) \Device\Harddisk0\DR0\Partition2

18:34:10.0964 5396        \Device\Harddisk0\DR0\Partition2 - ok

18:34:10.0964 5396        Boot (0x1200)   (905110eb241e63e0e57f91520142ba7f) \Device\Harddisk0\DR0\Partition3

18:34:10.0964 5396        \Device\Harddisk0\DR0\Partition3 - ok

18:34:10.0980 5396        ============================================================

18:34:10.0980 5396        Scan finished

18:34:10.0980 5396        ============================================================

18:34:10.0980 5244        Detected object count: 2

18:34:10.0980 5244        Actual detected object count: 2

18:34:28.0046 5244        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

18:34:28.0046 5244        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:34:28.0046 5244        sesvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:34:28.0046 5244        sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hat alles ohne Probleme funktioniert.
Hier das Log:

Code:

ComboFix 12-06-24.03 - Liz 24.06.2012  19:54:01.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3958.2591 [GMT 2:00]

ausgeführt von:: c:\users\Liz\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Liz\4.0

c:\users\Liz\Favorites\locked-Berufsinformationszentrum BIZ Halberstadt.url.rbzn

c:\users\Liz\Favorites\locked-Berufsprofiling.url.iinz

c:\users\Liz\Favorites\locked-Bildungsserver Sachsen-Anhalt.url.rnsn

c:\users\Liz\Favorites\locked-Das örtliche.url.vagv

c:\users\Liz\Favorites\locked-Evangelisch-Freikirchliche Gemeinde Wernigerode -.url.ckcc

c:\users\Liz\Favorites\locked-Facebook  Lisa-Marie Hofmann.url.fkwm

c:\users\Liz\Favorites\locked-Ferienhaus Lychen, OT Kastaven Uckermark Haus Herta Ferienwohnung Unterkunft Urlaub.url.qqqq

c:\users\Liz\Favorites\locked-Ghg -WR.url.yyfc

c:\users\Liz\Favorites\locked-Google.url.ypmy

c:\users\Liz\Favorites\locked-H&M – Mode und Qualität zum besten Preis  H&M DE.url.fypy

c:\users\Liz\Favorites\locked-http--www.d-bahn.de-.url.wycf

c:\users\Liz\Favorites\locked-ithemba.url.fddo

c:\users\Liz\Favorites\locked-Jugend für Christus Deutschland.url.fxxx

c:\users\Liz\Favorites\locked-kino-wr.url.vpve

c:\users\Liz\Favorites\locked-Mathe-Paradies.url.uulg

c:\users\Liz\Favorites\locked-Outbreakband.url.bhsz

c:\users\Liz\Favorites\locked-Overhill-Circle.url.tqfj

c:\users\Liz\Favorites\locked-Portal**Die IKK-Community.url.lrag

c:\users\Liz\Favorites\locked-spieletipps.de.url.zzsr

c:\users\Liz\Favorites\locked-Tierheim Derenburg.url.inlz

c:\users\Liz\Favorites\locked-wikipedia.de - Wikipedia, die freie Enzyklopädie.url.mywy

c:\users\Liz\Favorites\locked-YouTube - game one best of.url.ggpr

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-24 bis 2012-06-24  ))))))))))))))))))))))))))))))

.

.

2012-06-24 16:35 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAD43476-38F8-46A9-A5A9-D7A53F035C66}\mpengine.dll

2012-06-22 17:56 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-22 17:46 . 2012-06-22 17:46        --------        d-----w-        C:\_OTL

2012-06-21 15:08 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-21 15:08 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-21 15:08 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-21 15:08 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-21 15:07 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-21 15:07 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-21 15:07 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-21 15:07 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-21 15:07 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-20 15:39 . 2012-06-20 15:39        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-06-18 16:18 . 2012-06-18 16:18        --------        d-----w-        c:\program files (x86)\ESET

2012-06-18 12:48 . 2012-06-18 12:48        --------        d-----w-        c:\users\Liz\AppData\Roaming\Malwarebytes

2012-06-18 12:47 . 2012-06-18 12:47        --------        d-----w-        c:\programdata\Malwarebytes

2012-06-18 12:47 . 2012-06-18 12:48        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-18 12:47 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-06-14 16:06 . 2012-06-14 16:06        --------        d-----w-        c:\program files (x86)\7-Zip

2012-06-14 15:40 . 2012-06-14 15:40        --------        d-----w-        c:\users\Liz\AppData\Roaming\www.shadowexplorer.com

2012-06-14 15:39 . 2012-06-14 15:39        --------        d-----w-        c:\program files (x86)\ShadowExplorer

2012-06-14 07:59 . 2012-04-26 05:34        76288        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-06-14 07:59 . 2012-04-26 05:34        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-06-14 07:59 . 2012-04-26 05:28        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-06-14 07:59 . 2012-05-04 10:52        5505392        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-06-14 07:59 . 2012-05-04 10:08        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 07:59 . 2012-05-04 10:08        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 07:59 . 2012-05-15 01:32        3144192        ----a-w-        c:\windows\system32\win32k.sys

2012-06-14 07:59 . 2012-04-28 03:50        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-06-12 18:23 . 2012-02-10 11:22        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFAB2F8-9ACE-4AFF-BDCC-D8EC0752722D}\gapaengine.dll

2012-05-29 14:58 . 2012-05-29 14:58        --------        d-----w-        c:\users\Liz\AppData\Local\Sony

2012-05-29 14:34 . 2012-03-22 11:43        2557952        ----a-w-        c:\windows\SysWow64\QtCore4.dll

2012-05-29 14:34 . 2012-03-06 13:43        80024        ----a-w-        c:\windows\SysWow64\mfcm100u.dll

2012-05-29 14:34 . 2012-03-06 13:43        772248        ----a-w-        c:\windows\SysWow64\msvcr100.dll

2012-05-29 14:34 . 2012-03-06 13:43        4421272        ----a-w-        c:\windows\SysWow64\mfc100u.dll

2012-05-29 14:34 . 2012-03-06 13:43        419480        ----a-w-        c:\windows\SysWow64\msvcp100.dll

2012-05-29 14:34 . 2012-03-06 13:43        136344        ----a-w-        c:\windows\SysWow64\atl100.dll

2012-05-29 14:31 . 2012-05-29 14:31        --------        d-----w-        c:\users\Liz\AppData\Local\APN

2012-05-29 14:31 . 2012-05-29 14:31        --------        d-----w-        c:\programdata\Sony

2012-05-29 14:31 . 2012-05-29 14:31        --------        d-----w-        c:\program files (x86)\Sony

2012-05-29 14:27 . 2012-06-07 13:15        --------        d-----w-        c:\users\Liz\AppData\Roaming\Sony

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-30 11:09 . 2012-05-09 12:13        1895280        ----a-w-        c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-10 39408]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"B Register c:\program files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]

.

c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 136176]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-02 9216]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-10-16 11:49        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:20]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:20]

.

2012-05-29 c:\windows\Tasks\HPCeeScheduleForLIZ-PC$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]

.

2012-03-26 c:\windows\Tasks\Norton Security Scan for Liz.job

- c:\progra~2\NORTON~2\Engine\351~1.10\Nss.exe [2012-03-26 08:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]

"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 172032]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.ghgwr.de/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = 

mLocal Page = 

uInternet Settings,ProxyOverride = <local>

IE: Free YouTube Download - c:\users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Liz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-ICQ - ~c:\program files (x86)\ICQ7.2\ICQ.exe

Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)

WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-1&1 Mail & Media GmbH 1und1Softwareaktualisierung - c:\program files (x86)\1und1Softwareaktualisierung\uninst.exe

AddRemove-Audio Recorder for Free_is1 - c:\program files (x86)\Audio Recorder for Free\unins000.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-Fraps - c:\fraps\uninstall.exe

AddRemove-Free Screen To Video_is1 - c:\program files (x86)\Free Screen To Video\unins000.exe

AddRemove-Keepsake - c:\program files (x86)\Wicked Studios\Keepsake\uninstall.exe

AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\uninst.exe

AddRemove-Softonic - c:\program files (x86)\Softonic\Softonic\1.5.21.0\uninstall.exe

AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe

AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe

AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe

AddRemove-WT065226 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe

AddRemove-WT065277 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe

AddRemove-WT065290 - c:\program files (x86)\HP Games\Mah Jong Medley\Uninstall.exe

AddRemove-WT065295 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe

AddRemove-WT065296 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe

AddRemove-WT065297 - c:\program files (x86)\HP Games\Super Collapse 3\Uninstall.exe

AddRemove-WT065305 - c:\program files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe

AddRemove-WT065307 - c:\program files (x86)\HP Games\World of Goo\Uninstall.exe

AddRemove-WT065308 - c:\program files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe

AddRemove-WT065414 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe

AddRemove-WT065426 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe

AddRemove-WT065446 - c:\program files (x86)\HP Games\Peggle\Uninstall.exe

AddRemove-WT065454 - c:\program files (x86)\HP Games\Slingo Deluxe\Uninstall.exe

AddRemove-WT065459 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe

AddRemove-WT074389 - c:\program files (x86)\HP Games\Diner Dash\Uninstall.exe

AddRemove-WT074421 - c:\program files (x86)\HP Games\FATE\Uninstall.exe

AddRemove-WT074441 - c:\program files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe

AddRemove-WT074442 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe

AddRemove-WT074585 - c:\program files (x86)\HP Games\Yahtzee\Uninstall.exe

AddRemove-WT075041 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe

AddRemove-WT075046 - c:\program files (x86)\HP Games\StoneLoops of Jurassica\Uninstall.exe

AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-24  20:17:25 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-06-24 18:17

.

Vor Suchlauf: 12 Verzeichnis(se), 95.548.841.984 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 95.728.467.968 Bytes frei

.

- - End Of File - - C91963C4F4C9BFAAAE55C3F91768FD51

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hat alles problemlos geklappt. Gmer meinte aber erst gar nichts gefährdetes/infizoertes ect. gefunden zu haben.
Also habe ich hier bei "Show all" einfach mal rauskopiert was er angezeigt hat.

Gmer:
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-06-25 13:33:26

Windows 6.1.7600  

Running: 4hee7lwb.exe
 
 

---- Services - GMER 1.0.15 ----
 

Service                                                                                                                                                      .NET CLR Data

Service                                                                                                                                                      .NET CLR Networking

Service                                                                                                                                                      .NET Data Provider for Oracle

Service                                                                                                                                                      .NET Data Provider for SqlServer

Service                                                                                                                                                      .NETFramework

Service  system32\DRIVERS\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation)                                                                           [MANUAL] 1394ohci

Service  system32\DRIVERS\ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)                                                                               [BOOT] ACPI

Service  system32\DRIVERS\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation)                                                                     [MANUAL] AcpiPmi

Service  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated)                              [AUTO] AdobeARMservice

Service  system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.)                                                               [BOOT] adp94xx

Service  system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.)                                                                   [BOOT] adpahci

Service  system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.)                                                            [BOOT] adpu320

Service                                                                                                                                                      adsi

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] AeLookupSvc

Service  C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea filters APO access service (64-bit)/Andrea Electronics Corporation)                         [AUTO] AERTFilters

Service  system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)                                                              [SYSTEM] AFD

Service  system32\DRIVERS\agrsm64.sys (SoftModem Device Driver/LSI Corp)                                                                                     [MANUAL] AgereSoftModem

Service  system32\DRIVERS\agp440.sys (440 NT AGP-Filter/Microsoft Corporation)                                                                               [MANUAL] agp440

Service  C:\Windows\System32\alg.exe (Gatewaydienst auf Anwendungsebene/Microsoft Corporation)                                                               [MANUAL] ALG

Service  system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.)                                                                            [BOOT] aliide

Service  C:\Windows\system32\atiesrxx.exe (AMD External Events Service Module/AMD)                                                                           [AUTO] AMD External Events Utility

Service  system32\DRIVERS\amdide.sys (AMD-IDE-Treiber/Microsoft Corporation)                                                                                 [BOOT] amdide

Service  system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation)                                                                          [MANUAL] AmdK8

Service  system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation)                                                                         [MANUAL] AmdPPM

Service  system32\DRIVERS\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices)                                                                        [BOOT] amdsata

Service  system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.)                   [BOOT] amdsbs

Service  system32\DRIVERS\amdxata.sys (Storage Filter Driver/Advanced Micro Devices)                                                                         [BOOT] amdxata

Service  system32\drivers\appid.sys (AppID Driver/Microsoft Corporation)                                                                                     [MANUAL] AppID

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] AppIDSvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Appinfo

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             AppMgmt

Service  system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.)                                                                               [BOOT] arc

Service  system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.)                                                                            [BOOT] arcsas

Service  system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation)                                                        [MANUAL] AsyncMac

Service  system32\DRIVERS\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation)                                                                        [BOOT] atapi

Service  system32\DRIVERS\athrx.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.)                                             [MANUAL] athr

Service                                                                                                                                                      Atierecord

Service  system32\drivers\AtiHdmi.sys (ATI High Definition Audio Function Driver/ATI Technologies, Inc.)                                                     [MANUAL] AtiHdmiService

Service  system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.)                                                                 [MANUAL] atikmdag

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] AudioEndpointBuilder

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] AudioSrv

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] AxInstSV

Service  system32\DRIVERS\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation)                                                                   [MANUAL] b06bdrv

Service  system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation)                                    [MANUAL] b57nd60a

Service   (Battery Class Driver/Microsoft Corporation)                                                                                                       BattC

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] BDESVC

Service   (BEEP Driver/Microsoft Corporation)                                                                                                                [SYSTEM] Beep

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] BFE

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] BITS

Service  system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation)                                                                              [SYSTEM] blbdrive

Service  system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation)                                                         [MANUAL] bowser

Service  system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.)                                  [MANUAL] BrFiltLo

Service  system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.)                                  [MANUAL] BrFiltUp

Service  system32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation)                                                                               [MANUAL] BridgeMP

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Browser

Service  System32\Drivers\Brserid.sys (Brother Schnittstellentreiber (WDM) (seriell)/Brother Industries Ltd.)                                                [MANUAL] Brserid

Service  System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.)                                                         [MANUAL] BrSerWdm

Service  System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.)                                                                     [MANUAL] BrUsbMdm

Service  System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.)                                                                   [MANUAL] BrUsbSer

Service  system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation)                                                               [MANUAL] BTHMODEM

Service                                                                                                                                                      BTHPORT

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] bthserv

Service  C:\ComboFix\catchme.sys                                                                                                                             [MANUAL] catchme

Service  system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)                                                                         [DISABLED] cdfs

Service  system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)                                                                               [SYSTEM] cdrom

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] CertPropSvc

Service  system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation)                                                            [MANUAL] circlass

Service  System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation)                                                                             [BOOT] CLFS

Service  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation)                                [MANUAL] clr_optimization_v2.0.50727_32

Service  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation)                              [MANUAL] clr_optimization_v2.0.50727_64

Service  system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)                                                                   [MANUAL] CmBatt

Service  system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.)                                                                           [BOOT] cmdide

Service  System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation)                                                               [BOOT] CNG

Service  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.)    [MANUAL] Com4QLBEx

Service  system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation)                                                                      [BOOT] Compbatt

Service  system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation)                                                  [MANUAL] CompositeBus

Service  C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation)                                                                               [MANUAL] COMSysApp

Service  system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation)                                                          [DISABLED] crcdisk

Service                                                                                                                                                      crypt32

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] CryptSvc

Service                                                                                                                                                      DCLocator

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] DcomLaunch

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] defragsvc

Service  System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation)                                                                       [SYSTEM] DfsC

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Dhcp

Service  System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation)                                                                   [SYSTEM] discache

Service  system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation)                                                                                   [BOOT] Disk

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Dnscache

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] dot3svc

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] DPS

Service  system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation)                                                                [MANUAL] drmkaud

Service  System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation)                                                                        [MANUAL] DXGKrnl

Service                                                                                                                                                      [DISABLED] eabfiltr

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] EapHost

Service  system32\DRIVERS\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation)                                                                 [MANUAL] ebdrv

Service  C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] EFS

Service  C:\Windows\ehome\ehRecvr.exe (Windows Media Center-Empfängerdienst/Microsoft Corporation)                                                           [MANUAL] ehRecvr

Service  C:\Windows\ehome\ehsched.exe (Windows Media Center-Planerdienst/Microsoft Corporation)                                                              [MANUAL] ehSched

Service  system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex)                                                                  [BOOT] elxstor

Service  system32\DRIVERS\errdev.sys (Error Device Driver/Microsoft Corporation)                                                                             [MANUAL] ErrDev

Service                                                                                                                                                      ESENT

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] eventlog

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] EventSystem

Service   (Microsoft Extended FAT File System/Microsoft Corporation)                                                                                         [MANUAL] exfat

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] ezSharedSvc

Service   (Fast FAT File System Driver/Microsoft Corporation)                                                                                                [MANUAL] fastfat

Service  C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation)                                                                                  [MANUAL] Fax

Service  system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation)                                                                      [MANUAL] fdc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] fdPHost

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] FDResPub

Service  system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation)                                                                        [BOOT] FileInfo

Service  system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation)                                                                     [MANUAL] Filetrace

Service  system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation)                                                                                 [MANUAL] flpydisk

Service  system32\drivers\fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)                                                            [BOOT] FltMgr

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] FontCache

Service  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation)                           [MANUAL] FontCache3.0.0.0

Service  System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation)                                            [MANUAL] FsDepends

Service   (File System Recognizer Driver/Microsoft Corporation)                                                                                              [BOOT] Fs_Rec

Service  System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)                                                               [BOOT] fvevol

Service  system32\DRIVERS\gagp30kx.sys (MS Generischer AGPv3.0 Filter für K8/9-Prozessorplattformen/Microsoft Corporation)                                   [MANUAL] gagp30kx

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] gpsvc

Service  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.)                                                                [AUTO] gupdate

Service  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.)                                                                [MANUAL] gupdatem

Service  C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google)                                                         [MANUAL] gusvc

Service  system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.)                                     [MANUAL] hcw85cir

Service  system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation)                                                          [MANUAL] HdAudAddService

Service  system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation)                                                              [MANUAL] HDAudBus

Service  system32\DRIVERS\HECIx64.sys (Intel(R) Management Engine Interface/Intel Corporation)                                                               [MANUAL] HECIx64

Service  system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation)                                                                             [MANUAL] HidBatt

Service  system32\DRIVERS\hidbth.sys (Bluetooth-Miniporttreiber für HID-Geräte/Microsoft Corporation)                                                        [MANUAL] HidBth

Service  system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation)                                                       [MANUAL] HidIr

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] hidserv

Service  system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation)                                                           [MANUAL] HidUsb

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] hkmsvc

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] HomeGroupListener

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] HomeGroupProvider

Service  C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (HP Support Assistant Service/Hewlett-Packard Company)                 [AUTO] HP Support Assistant Service

Service  C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (HP Quick Synchronization Service/Hewlett-Packard Company)                            [AUTO] HPDrvMntSvc.exe

Service  system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.)                                       [MANUAL] HpqKbFiltr

Service  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (hpqwmiex Module/Hewlett-Packard Company)                                                [MANUAL] hpqwmiex

Service  system32\DRIVERS\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company)                                                  [BOOT] HpSAMD

Service  system32\drivers\HTTP.sys (HTTP-Protokollstapel/Microsoft Corporation)                                                                              [MANUAL] HTTP

Service  System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation)                                                                        [BOOT] hwpolicy

Service  system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation)                                                                        [MANUAL] i8042prt

Service  system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation)                                                           [BOOT] iaStor

Service  system32\DRIVERS\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation)                                                          [BOOT] iaStorV

Service  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation)                   [MANUAL] idsvc

Service  system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation)                                                                 [MANUAL] igfx

Service  system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH)                                                             [BOOT] iirsp

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] IKEEXT

Service                                                                                                                                                      inetaccs

Service  system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.)                                        [MANUAL] IntcAzAudAddService

Service  system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation)                                                                          [BOOT] intelide

Service  system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation)                                                                       [MANUAL] intelppm

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] IPBusEnum

Service  system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation)                                                                              [MANUAL] IpFilterDriver

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] iphlpsvc

Service  system32\DRIVERS\IPMIDrv.sys (WMI IPMI-TREIBER/Microsoft Corporation)                                                                               [MANUAL] IPMIDRV

Service  System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation)                                                                    [MANUAL] IPNAT

Service  system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation)                                                                        [MANUAL] IRENUM

Service  system32\DRIVERS\isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation)                                                                              [BOOT] isapnp

Service  system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation)                                                               [MANUAL] iScsiPrt

Service  system32\DRIVERS\kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation)                                                                        [MANUAL] kbdclass

Service  system32\DRIVERS\kbdhid.sys (HID-Tastaturfiltertreiber/Microsoft Corporation)                                                                       [MANUAL] kbdhid

Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] KeyIso

Service  System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation)                                                      [BOOT] KSecDD

Service  System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation)                                            [BOOT] KSecPkg

Service  system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation)                                                             [MANUAL] ksthunk

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] KtmRm

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] LanmanServer

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] LanmanWorkstation

Service                                                                                                                                                      ldap

Service  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company)                                            [AUTO] LightScribeService

Service  system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation)                                                           [AUTO] lltdio

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] lltdsvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] lmhosts

Service  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Local Manageability Service/Intel Corporation)                      [AUTO] LMS

Service                                                                                                                                                      Lsa

Service  system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation)                                                                   [BOOT] LSI_FC

Service  system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation)                                                                 [BOOT] LSI_SAS

Service  system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation)                                                                      [BOOT] LSI_SAS2

Service  system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation)                                                               [BOOT] LSI_SCSI

Service  system32\drivers\luafv.sys (LUA-Filtertreiber zur Dateivirtualisierung/Microsoft Corporation)                                                       [AUTO] luafv

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [DISABLED] Mcx2Svc

Service  system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation)                                  [BOOT] megasas

Service  system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.)                                                               [BOOT] MegaSR

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] MMCSS

Service  system32\drivers\modem.sys (Modemgerätetreiber/Microsoft Corporation)                                                                               [MANUAL] Modem

Service  system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation)                                                                                 [MANUAL] monitor

Service  system32\DRIVERS\mouclass.sys (Mausklassentreiber/Microsoft Corporation)                                                                            [MANUAL] mouclass

Service  system32\DRIVERS\mouhid.sys (HID-Mausfiltertreiber/Microsoft Corporation)                                                                           [MANUAL] mouhid

Service  System32\drivers\mountmgr.sys (Bereitstellungspunkt-Manager/Microsoft Corporation)                                                                  [BOOT] mountmgr

Service  system32\DRIVERS\MpFilter.sys (Microsoft antimalware file system filter driver/Microsoft Corporation)                                               [BOOT] MpFilter

Service  system32\DRIVERS\mpio.sys (Multipfad-Supportbustreiber/Microsoft Corporation)                                                                       [BOOT] mpio

Service  System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation)                                                             [MANUAL] mpsdrv

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] MpsSvc

Service  system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)                                                                       [MANUAL] MRxDAV

Service  system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)                                                                          [MANUAL] mrxsmb

Service  system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation)                                                                 [MANUAL] mrxsmb10

Service  system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation)                                                                   [MANUAL] mrxsmb20

Service  system32\DRIVERS\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation)                                                                     [BOOT] msahci

Service  system32\DRIVERS\msdsm.sys (Gerätespezifisches Modul von Microsoft/Microsoft Corporation)                                                           [BOOT] msdsm

Service  C:\Windows\System32\msdtc.exe (Microsoft Distributed Transaction Coordinator-Dienst/Microsoft Corporation)                                          [MANUAL] MSDTC

Service                                                                                                                                                      MSDTC Bridge 3.0.0.0

Service   (Mailslot driver/Microsoft Corporation)                                                                                                            [SYSTEM] Msfs

Service  System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation)                                                       [MANUAL] mshidkmdf

Service  system32\DRIVERS\msisadrv.sys (ISA Driver/Microsoft Corporation)                                                                                    [BOOT] msisadrv

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] MSiSCSI

Service  C:\Windows\system32\msiexec.exe (Windows® Installer/Microsoft Corporation)                                                                          [MANUAL] msiserver

Service  system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation)                                                                                   [MANUAL] MSKSSRV

Service  c:\Program Files\Microsoft Security Client\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation)                                       [AUTO] MsMpSvc

Service  system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation)                                                                                [MANUAL] MSPCLOCK

Service  system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation)                                                                         [MANUAL] MSPQM

Service   (Kernel Remote Procedure Call Provider/Microsoft Corporation)                                                                                      [MANUAL] MsRPC

Service                                                                                                                                                      MSSCNTRS

Service  system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation)                                                                 [SYSTEM] mssmbios

Service  system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation)                                                          [MANUAL] MSTEE

Service  system32\DRIVERS\MTConfig.sys (HID-Treiber für Mehrfingereingabe von Microsoft/Microsoft Corporation)                                               [MANUAL] MTConfig

Service  System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation)                                                                       [BOOT] Mup

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] napagent

Service  system32\DRIVERS\nwifi.sys (Systemeigener WiFi-Miniporttreiber/Microsoft Corporation)                                                               [MANUAL] NativeWifiP

Service  system32\drivers\ndis.sys (NDIS 6.20-Treiber/Microsoft Corporation)                                                                                 [BOOT] NDIS

Service  system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation)                                                              [MANUAL] NdisCap

Service  system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)                                                            [MANUAL] NdisTapi

Service  system32\DRIVERS\ndisuio.sys (E/A-Treiber für NDIS-Benutzermodus/Microsoft Corporation)                                                             [MANUAL] Ndisuio

Service  system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation)                                                      [MANUAL] NdisWan

Service   (NDIS Proxy/Microsoft Corporation)                                                                                                                 [MANUAL] NDProxy

Service  system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation)                                                                       [SYSTEM] NetBIOS

Service  System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation)                                                                             [SYSTEM] NetBT

Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] Netlogon

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Netman

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] netprofm

Service  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation)                      [DISABLED] NetTcpPortSharing

Service  system32\DRIVERS\netw5v64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation)                                                                  [MANUAL] netw5v64

Service                                                                                                                                                      Network Inspection System

Service  system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation)                                                                      [BOOT] nfrd960

Service  system32\DRIVERS\NisDrvWFP.sys (Microsoft Network Inspection System Driver/Microsoft Corporation)                                                   [MANUAL] NisDrv

Service  c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Network Inspection System/Microsoft Corporation)                                   [MANUAL] NisSrv

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] NlaSvc

Service   (NPFS Driver/Microsoft Corporation)                                                                                                                [SYSTEM] Npfs

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] nsi

Service  system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation)                                                                                     [SYSTEM] nsiproxy

Service                                                                                                                                                      NTDS

Service   (NT-Dateisystemtreiber/Microsoft Corporation)                                                                                                      [MANUAL] Ntfs

Service   (NULL Driver/Microsoft Corporation)                                                                                                                [SYSTEM] Null

Service  system32\DRIVERS\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation)                                                                     [BOOT] nvraid

Service  system32\DRIVERS\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation)                                                         [BOOT] nvstor

Service  system32\DRIVERS\nv_agp.sys (NForce NT AGP-Filter/Microsoft Corporation)                                                                            [MANUAL] nv_agp

Service  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation)                       [MANUAL] odserv

Service  system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation)                                                                      [MANUAL] ohci1394

Service  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation)                             [MANUAL] ose

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] p2pimsvc

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] p2psvc

Service  system32\DRIVERS\parport.sys (Treiber für parallelen Anschluss/Microsoft Corporation)                                                               [MANUAL] Parport

Service  System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation)                                                                    [BOOT] partmgr

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] PcaSvc

Service  system32\DRIVERS\pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)                                                                      [BOOT] pci

Service  system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation)                                                                      [BOOT] pciide

Service  system32\DRIVERS\pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation)                                                                                  [MANUAL] pcmcia

Service  System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation)                                                            [BOOT] pcw

Service  system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation)                            [AUTO] PEAUTH

Service                                                                                                                                                      PerfDisk

Service  C:\Windows\SysWow64\perfhost.exe (x86-Leistungsindikatorhost/Microsoft Corporation)                                                                 [MANUAL] PerfHost

Service                                                                                                                                                      PerfNet

Service                                                                                                                                                      PerfOS

Service                                                                                                                                                      PerfProc

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] pla

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] PlugPlay

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] PNRPAutoReg

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] PNRPsvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] PolicyAgent

Service                                                                                                                                                      PortProxy

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Power

Service  system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation)                                                                [MANUAL] PptpMiniport

Service  system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation)                                                                       [MANUAL] Processor

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] ProfSvc

Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] ProtectedStorage

Service  system32\DRIVERS\pacer.sys (QoS-Paketplaner/Microsoft Corporation)                                                                                  [SYSTEM] Psched

Service  system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation)                                                          [BOOT] ql2300

Service  system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation)                                                              [BOOT] ql40xx

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] QWAVE

Service  system32\drivers\qwavedrv.sys (Supporttreiber für verbessertes Microsoft-Audio/Video-Streaming (qWave)/Microsoft Corporation)                       [MANUAL] QWAVEdrv

Service  System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)                                                                 [MANUAL] RasAcd

Service  system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation)                                                           [MANUAL] RasAgileVpn

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] RasAuto

Service  system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation)                                                         [MANUAL] Rasl2tp

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] RasMan

Service  system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation)                                                       [MANUAL] RasPppoe

Service  system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation)                                                                 [MANUAL] RasSstp

Service  system32\DRIVERS\rdbss.sys (Subsystemtreiber für Pufferung des umgeleiteten Laufwerks/Microsoft Corporation)                                        [SYSTEM] rdbss

Service  system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation)                                                                 [MANUAL] rdpbus

Service  System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation)                                                                                    [SYSTEM] RDPCDD

Service                                                                                                                                                      RDPDD

Service  system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation)                                                                          [SYSTEM] RDPENCDD

Service                                                                                                                                                      RDPNP

Service  system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation)                                                                 [SYSTEM] RDPREFMP

Service   (RDP Terminal Stack Driver/Microsoft Corporation)                                                                                                  [MANUAL] RDPWD

Service  System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)                                                                             [BOOT] rdyboost

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [DISABLED] RemoteAccess

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] RemoteRegistry

Service  C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe                                                                                         [AUTO] RichVideo

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] RpcEptMapper

Service  C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation)                                                                                 [MANUAL] RpcLocator

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] RpcSs

Service  system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation)                                                 [AUTO] rspndr

Service  C:\Windows\System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.)                         [MANUAL] RSUSBSTOR

Service  system32\DRIVERS\Rt64win7.sys (Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                /Realtek                                            )  [MANUAL] RTL8167

Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [AUTO] SamSs

Service  system32\DRIVERS\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation)                                                                         [BOOT] sbp2port

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SCardSvr

Service  System32\DRIVERS\scfilter.sys (Filtertreiber für Smartcard-Leser von Microsoft/Microsoft Corporation)                                               [MANUAL] scfilter

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Schedule

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SCPolicySvc

Service  system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation)                                                                         [MANUAL] sdbus

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SDRSVC

Service   (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)                             [AUTO] secdrv

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] seclogon

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] SENS

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SensrSvc

Service  system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation)                                                                         [MANUAL] Serenum

Service  system32\DRIVERS\serial.sys (Serieller Gerätetreiber/Microsoft Corporation)                                                                         [SYSTEM] Serial

Service  system32\DRIVERS\sermouse.sys (Serieller Mausfiltertreiber/Microsoft Corporation)                                                                   [MANUAL] sermouse

Service                                                                                                                                                      ServiceModelEndpoint 3.0.0.0

Service                                                                                                                                                      ServiceModelOperation 3.0.0.0

Service                                                                                                                                                      ServiceModelService 3.0.0.0

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SessionEnv

Service  C:\Program Files (x86)\ShadowExplorer\sesvc.exe (ShadowExplorer/www.shadowexplorer.com)                                                             [AUTO] sesvc

Service  system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation)                                                                  [MANUAL] sffdisk

Service  system32\DRIVERS\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation)                                                         [MANUAL] sffp_mmc

Service  system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation)                                                           [MANUAL] sffp_sd

Service  system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation)                                                                             [MANUAL] sfloppy

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] SharedAccess

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] ShellHWDetection

Service  system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.)                                                      [BOOT] SiSRaid2

Service  system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems)                                                            [BOOT] SiSRaid4

Service  C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Updater Service/Skype Technologies)                                                         [AUTO] SkypeUpdate

Service  system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation)                                                                               [MANUAL] Smb

Service                                                                                                                                                      SMSvcHost 3.0.0.0

Service  C:\Windows\System32\snmptrap.exe (SNMP-Trap/Microsoft Corporation)                                                                                  [MANUAL] SNMPTRAP

Service   (loader for security processor/Microsoft Corporation)                                                                                              [BOOT] spldr

Service  C:\Windows\System32\spoolsv.exe (Spoolersubsystem-Anwendung/Microsoft Corporation)                                                                  [AUTO] Spooler

Service  C:\Windows\system32\sppsvc.exe (Softwareschutzplattform-Dienst von Microsoft/Microsoft Corporation)                                                 [AUTO] sppsvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] sppuinotify

Service  System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation)                                                                                      [MANUAL] srv

Service  System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation)                                                                             [MANUAL] srv2

Service  system32\DRIVERS\VSTAZL6.SYS (HSF_HWAZL WDM driver/Conexant Systems, Inc.)                                                                          [MANUAL] SrvHsfHDA

Service  system32\DRIVERS\VSTDPV6.SYS (HSF_DP driver/Conexant Systems, Inc.)                                                                                 [MANUAL] SrvHsfV92

Service  system32\DRIVERS\VSTCNXT6.SYS (HSF_CNXT driver/Conexant Systems, Inc.)                                                                              [MANUAL] SrvHsfWinac

Service  System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation)                                                                           [MANUAL] srvnet

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SSDPSRV

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] SstpSvc

Service  system32\DRIVERS\stexstor.sys (Promise  SuperTrak EX Series Driver for Windows /Promise Technology)                                                 [BOOT] stexstor

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] stisvc

Service  system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)                                                        [MANUAL] swenum

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] swprv

Service  system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated)                                                                       [MANUAL] SynTP

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] SysMain

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TabletInputService

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TapiSrv

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TBS

Service  System32\drivers\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation)                                                                                   [BOOT] Tcpip

Service  system32\DRIVERS\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation)                                                                                   [MANUAL] TCPIP6

Service                                                                                                                                                      TCPIP6TUNNEL

Service  System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation)                                                          [AUTO] tcpipreg

Service                                                                                                                                                      TCPIPTUNNEL

Service  system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation)                                                                     [MANUAL] TDPIPE

Service  system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation)                                                                             [MANUAL] TDTCP

Service  system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation)                                                                             [SYSTEM] tdx

Service  system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)                                                                    [SYSTEM] TermDD

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] TermService

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Themes

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] THREADORDER

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] TrkWks

Service  C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation)                                                         [MANUAL] TrustedInstaller

Service                                                                                                                                                      TSDDD

Service  System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation)                                                                     [MANUAL] tssecsrv

Service  system32\DRIVERS\tunnel.sys (Microsoft-Tunnelschnittstellentreiber/Microsoft Corporation)                                                           [MANUAL] tunnel

Service  system32\DRIVERS\uagp35.sys (MS AGPv3.5-Filter/Microsoft Corporation)                                                                               [MANUAL] uagp35

Service  system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation)                                                                            [DISABLED] udfs

Service                                                                                                                                                      UGatherer

Service                                                                                                                                                      UGTHRSVC

Service  C:\Windows\system32\UI0Detect.exe (Erkennung interaktiver Dienste/Microsoft Corporation)                                                            [MANUAL] UI0Detect

Service  system32\DRIVERS\uliagpkx.sys (ULi AGPv3.0-Filter für K8/9-Prozessorplattformen/Microsoft Corporation)                                              [MANUAL] uliagpkx

Service  system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation)                                                                         [MANUAL] umbus

Service  system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation)                                                                     [MANUAL] UmPass

Service  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation)                        [AUTO] UNS

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] upnphost

Service  system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)                                                         [MANUAL] usbccgp

Service  system32\DRIVERS\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation)                                                                [MANUAL] usbcir

Service  system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation)                                                                      [MANUAL] usbehci

Service  system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)                                                                      [MANUAL] usbhub

Service  system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation)                                                                       [MANUAL] usbohci

Service  system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation)                                                                            [MANUAL] usbprint

Service  system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)                                                                  [MANUAL] USBSTOR

Service  system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation)                                                                       [MANUAL] usbuhci

Service  System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation)                                                                        [MANUAL] usbvideo

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] UxSms

Service  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                              [MANUAL] VaultSvc

Service  system32\DRIVERS\vdrvroot.sys (Stammenumerator für virtuelles Laufwerk/Microsoft Corporation)                                                       [BOOT] vdrvroot

Service  C:\Windows\System32\vds.exe (Virtueller Datenträgerdienst/Microsoft Corporation)                                                                    [MANUAL] vds

Service  system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation)                                                                      [MANUAL] vga

Service  System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation)                                                                         [SYSTEM] VgaSave

Service  system32\DRIVERS\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation)                                                                              [MANUAL] vhdmp

Service  system32\DRIVERS\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.)                                                                 [BOOT] viaide

Service  system32\DRIVERS\volmgr.sys (Volume Manager Driver/Microsoft Corporation)                                                                           [BOOT] volmgr

Service  System32\drivers\volmgrx.sys (Treiber für Erweiterung des Volume-Managers/Microsoft Corporation)                                                    [BOOT] volmgrx

Service  system32\DRIVERS\volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation)                                                                    [BOOT] volsnap

Service  system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd)                                                             [BOOT] vsmraid

Service  C:\Windows\system32\vssvc.exe (Microsoft® Volumeschattenkopie-Dienst/Microsoft Corporation)                                                         [MANUAL] VSS

Service  system32\DRIVERS\vwifibus.sys (Virtueller WiFi-Bustreiber/Microsoft Corporation)                                                                    [MANUAL] vwifibus

Service  system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation)                                                                    [SYSTEM] vwififlt

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] W32Time

Service                                                                                                                                                      W3SVC

Service  system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation)                                                            [MANUAL] WacomPen

Service  system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)                                                         [MANUAL] WANARP

Service  system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)                                                         [SYSTEM] Wanarpv6

Service  C:\Windows\system32\wbengine.exe (EXE-Datei für Microsoft®-Blockebenen-Sicherungsmodul/Microsoft Corporation)                                       [MANUAL] wbengine

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WbioSrvc

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] wcncsvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WcsPlugInService

Service  system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation)                                                                     [BOOT] Wd

Service  system32\drivers\Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)                                                          [BOOT] Wdf01000

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WdiServiceHost

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WdiSystemHost

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WebClient

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] Wecsvc

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] wercplsupport

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WerSvc

Service  system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation)                                                         [SYSTEM] WfpLwf

Service  C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation)                                                             [MANUAL] WIMMount

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WinDefend

Service                                                                                                                                                      Windows Workflow Foundation 3.0.0.0

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WinHttpAutoProxySvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Winmgmt

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WinRM

Service                                                                                                                                                      [MANUAL] Winsock

Service                                                                                                                                                      WinSock2

Service  system32\DRIVERS\WinUsb.sys (Windows USB Class Driver BETA/Microsoft Corporation)                                                                   [MANUAL] WinUsb

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] Wlansvc

Service  system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation)                                                          [MANUAL] WmiAcpi

Service                                                                                                                                                      WmiApRpl

Service  C:\Windows\system32\wbem\WmiApSrv.exe (Adapter für den WMI-Leistungsreverseadapter/Microsoft Corporation)                                           [MANUAL] wmiApSrv

Service  C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe                                                                                            [AUTO] WMPNetworkSvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WPCSvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WPDBusEnum

Service  system32\drivers\ws2ifsl.sys (Winsock2-IFS-Schicht/Microsoft Corporation)                                                                           [SYSTEM] ws2ifsl

Service  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] wscsvc

Service  C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search-Indexerstellung/Microsoft Corporation)                                              [AUTO] WSearch

Service                                                                                                                                                      WSearchIdxPi

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] wuauserv

Service  system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)                          [MANUAL] WudfPf

Service  system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation)                                [MANUAL] WUDFRd

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [AUTO] wudfsvc

Service  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                             [MANUAL] WwanSvc

Service                                                                                                                                                      xmlprov

Service  system32\DRIVERS\yk62x64.sys (Miniport Driver for Marvell Yukon Ethernet Controller./Marvell)                                                       [MANUAL] yukonw7

Service                                                                                                                                                      {8DA24F72-EB71-4CC1-912A-E01DF83FDE24}

Service                                                                                                                                                      {BE7AC60A-6F36-452C-83E6-B7276A634670}
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Osam:

Code:

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:42:03 on 25.06.2012
 

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"HPCeeScheduleForLIZ-PC$.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"Norton Security Scan for Liz.job" - "Symantec Corporation" - C:\PROGRA~2\NORTON~2\Engine\351~1.10\Nss.exe
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

{1944F5A1-2835-45B0-91E6-FA3EDDAF539E} "Graph Shell Extension" - "Ivan Johansen" - C:\PROGRA~2\Graph\THUMBN~1.DLL

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files (x86)\WinRAR\rarext.dll  (File found, but it contains no detailed information)

{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)

<binary data> "{C424171E-592A-415A-9EB1-DFD6D95D3530}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files (x86)\HP\Common\HPGMNRev.dll / hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

"ICQ7.2" - ? - C:\Program Files (x86)\ICQ7.2\ICQ.exe  (File not found)

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 3.2.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"HPADVISOR" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

"swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----

"B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll" - "DivX, LLC" - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

"Easybits Shared Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezsvc7.dll  (File not found)

"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

"HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files (x86)\ShadowExplorer\sesvc.exe

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-25 13:43:25

-----------------------------

13:43:25.264    OS Version: Windows x64 6.1.7600 

13:43:25.264    Number of processors: 4 586 0x2502

13:43:25.264    ComputerName: LIZ-PC  UserName: Liz

13:43:26.761    Initialize success

13:45:52.890    AVAST engine defs: 12062500

13:47:14.478    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:47:14.494    Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3

13:47:14.509    Disk 0 MBR read successfully

13:47:14.509    Disk 0 MBR scan

13:47:14.509    Disk 0 unknown MBR code

13:47:14.525    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048

13:47:14.541    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       291736 MB offset 409600

13:47:14.572    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13205 MB offset 597884928

13:47:14.587    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768

13:47:14.619    Disk 0 scanning C:\Windows\system32\drivers

13:47:21.623    Service scanning

13:47:37.145    Modules scanning

13:47:37.161    Disk 0 trace - called modules:

13:47:37.707    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

13:47:37.707    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c18060]

13:47:37.722    3 CLASSPNP.SYS[fffff880011b943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004975050]

13:47:39.906    AVAST engine scan C:\Windows

13:47:42.948    AVAST engine scan C:\Windows\system32

13:49:55.720    AVAST engine scan C:\Windows\system32\drivers

13:50:04.971    AVAST engine scan C:\Users\Liz

14:08:37.081    AVAST engine scan C:\ProgramData

14:12:15.934    Scan finished successfully

14:14:59.485    Disk 0 MBR has been saved successfully to "C:\Users\Liz\Desktop\MBR.dat"

14:14:59.485    The log file has been saved successfully to "C:\Users\Liz\Desktop\aswMBR.txt"