Trojaner-Board - BDS/ZeroAccess.Gen, kann Malware nicht starten

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - BDS/ZeroAccess.Gen, kann Malware nicht starten (https://www.trojaner-board.de/131663-bds-zeroaccess-gen-malware-starten.html)

BDS/ZeroAccess.Gen, kann Malware nicht starten

Hallo zusammen,
ich habe mich gerade im Forum angemeldet und bin in dieser Hinsicht auch sehr unerfahren.
Falls ich noch Fehler machen sollte, bitte ich dies vorab zu entschuldigen, bin aber für konstruktive Kritik offen.

Mein Problem:
Antivir meldete folgenden Fund im Bericht:BDS/ZeroAccess.Gen

Kurz danach erhielt ich sehr viele Windows - Read error Fehlermeldungen, als auch eine eine System Repair Aufforderung ( habe ich nicht durchgeführt)

Weiterhin zeigt mir das System eine svchost-exe-Corrupt disk Fehlermeldung an

Ich habe bisher Malware-Bytes geladen und installiert, konnte jedoch kein Update durchführen, geschweige denn das Programm starten, da keine Programme mehr sichtbar sind.

Das Programm ist zwar unter Software installiert, jedoch kann ich nicht darauf zugreifen.

Wifi habe ich ausgeschaltet und ich benutze das Laptop im Moment nicht, da es auch in meinem Büro am Netzwerk angeschlossen ist.

Online bin ich mit einem 2.Laptop, kann also alle zu installierenden Programme per USB-Stick aufspielen.

LOG-Dateien kann ich daher nicht posten, da ich nicht auf die Programme zugreifen kann.

Da in den Regeln immer erwähnt wird, nicht die Schritte anderer zu übernehmen, hoffe ich auf Hilfe eurerseits und bedanke mich vorab schon einmal dafür.

Hallo moogsound und :hallo:

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
- .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- .. installiere oder deinstalliere während der Bereinigung keine Software.
- .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).

Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
- Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
- Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.

Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.

Schauen wir mal:

Schritt 1

Downloade dir bitte rKill (by Grinler) von einem dieser Downloadspiegel:

Dies sind umbenannte Kopien:

Speichere die Datei auf den Desktop.

Starte dann das Programm.
Nun sollte ein schwarzes Fenster aufgehen und dir anzeigen, dass es läuft.
Wenn das nicht der Fall ist, lösche die vorhandene Version und benutze einen anderen Downloadlink.
Lass das Tool in Ruhe laufen.
Am Ende des Suchlaufs erscheint eine Meldung. Bestätige diese mit Ok.
RKill öffnet automatisch die Logdatei. Poste diese bitte mit deiner nächsten Antwort.
Du findest die Logdatei (Rkill.txt) auch auf deinem Desktop.

Sollte es bei keinem der aufgeführten Downloadlinks laufen, teile mir das bitte mit.

Schritt 2

Downloade bitte Grinler's unhide.exe auf deinen Desktop.

Starte das Tool mit Doppelklick.
Wenn es fertig ist, wird eine Nachricht mit "Done" erscheinen.
Es wird auch ein Logfile Unhide.txt erstellt. Poste dieses bitte hier.

Schritt 3

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Bitte poste in deiner nächsten Antwort:

Log von rKill
Log von unhide
Log von MBAM

Hallo Leo,
danke für die schnelle Antwort.
Kann ich nach den installierten Programmen bereits wieder online gehen?
Im Moment kann ich auf keinen der Explorer zugreifen.
Sonst kann ich die Logfiles auch auf den Stick kopieren und senden.
Gruß
Peter

Hallo Peter,
du kannst online gehen mit dem Rechner, ja.
Du kannst sonst die Programme für Schritt 1 und 2 auch auf deinem Zweitrechner herunterladen und per USB-Stick auf den Desktop des infizierten Computers bringen.
(Nach Schritt 2 solltest du wieder alle Dateien und Programme sehen können.)

Ok, da hasse:

Log Rkill:
Rkill 2.4.7 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - BleepingComputer.com

Program started at: 02/28/2013 09:54:43 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* c:\Windows\SysWOW64\srvany.exe (PID: 2752) [WD-HEUR]
* C:\ProgramData\ltCNsxmSemgqBwD.exe (PID: 4804) [AU-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* System Policy Removed: DisableTaskMgr [HKCU]
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\pstendel\Desktop\rkill\rkill-02-28-2013-09-54-46.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* SMTMP folder detected. Please see this link for more information: Unhide.exe - A introduction as to what this program does - BleepingComputer.com

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$94241a64548ffee6d0005b61b363e1c7\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-901657276-1553592934-1975412381-1003\$94241a64548ffee6d0005b61b363e1c7\ [ZA Dir]

Checking Windows Service Integrity:

* Windows-Firewallautorisierungstreiber (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: Hosts-perm.bat Download

Program finished at: 02/28/2013 09:54:52 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

Log unhide:
Unhide by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
Unhide.exe - A introduction as to what this program does - BleepingComputer.com

Program started at: 02/28/2013 09:58:33 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 200789 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 9 files processed.

Restoring the Start Menu.
* 185 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyComputer was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Program finished at: 02/28/2013 09:59:06 PM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)

Log mbam:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.02.28.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PStendel :: STENDEL-LAPTOP [Administrator]

Schutz: Deaktiviert

28.02.2013 22:03:00
mbam-log-2013-02-28 (22-03-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 279737
Laufzeit: 1 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ltCNsxmSemgqBwD.exe (Trojan.FakeAV) -> Daten: C:\ProgramData\ltCNsxmSemgqBwD.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 7
HKCU\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\ltCNsxmSemgqBwD.exe (Trojan.FakeAV) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Gruß
Peter

Siehst du jetzt wieder alle deine Dateien, Verknüpfungen und das Startmenü vollständig?
Das war erst der Anfang, da sitzt noch etwas Unschönes drin bei dir:

Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button.
Bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.

Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
Schliesse bitte alle anderen Programme.
Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Sollte sich ein Fenster mit folgender Warnung öffnen
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
dann klicke unbedingt auf No.
Entferne rechts den Haken bei:
- IAT/EAT
- Show all
Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
Starte den Scan mit einem Klick auf Scan.
Mache gar nichts am Computer, während der Scan läuft!
Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
Füge bitte den Inhalt des Logfiles hier in deine Thread ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Gmer
Logs von OTL

sorry, hat etwas gedauert.

Anbei die Logfiles im Anhang.

Gruß

Peter

Hallo Peter,

dich hat es wirklich übel erwischt. Dass das ZeroAccess-Rootkit drauf ist, hat man vorhin schon gesehen. Und jetzt meldet Gmer auch noch eine kleine versteckte Partition, von welcher gebootet wird, und einen verdächtigen MBR. Das dürfte sowas wie TDSS sein.
Wir müssen da mal noch genauer hinschauen. Versuch mal, ob diese beiden Tools laufen:
(Die Logfiles bitte nicht anhängen, sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)

Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.

Starte die aswMBR.exe.
Vista und Win7 User mit Rechtsklick "als Admininstartor ausführen".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von avast! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff aufs Internet zulassen.)
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte, bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere die Datei auf dem Desktop.

Poste mir diese aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung.

Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit.

Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.

Starte die TDSSKiller.exe.
Drücke Start Scan.
Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
Poste bitte den Inhalt dieses Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von aswMBR
Log von TDSSKiller

Kann die aswMBR.exe.
als Admin nicht starten.

Das ist nicht ganz unerwartet.
TDSSKiller funktioniert auch nicht oder doch?

Werde ich jetzt mal probieren.

Ok, sonst gib Bescheid, dann nehmen wir eine Alternative.

Nein, funktioniert auch nicht

Das ist doch ein widerwärtiges Mistding.
Neuer Versuch:

Schritt 1

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.

Falls Funde angezeigt werden:

Klicke auf den CleanUp Button und erlaube den Neustart.
Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.

Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.

Bitte poste in deiner nächsten Antwort:

Log von MBAR

Ok, musste 2 x scannen.
Ich poste beide Files:

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.28.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PStendel :: STENDEL-LAPTOP [administrator]

01.03.2013 00:53:12
mbar-log-2013-03-01 (00-53-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30675
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-901657276-1553592934-1975412381-1003\$94241a64548ffee6d0005b61b363e1c7\n.) Good: (shell32.dll) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$94241a64548ffee6d0005b61b363e1c7\n.) Good: (fastprox.dll) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$94241a64548ffee6d0005b61b363e1c7\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot.

Folders Detected: 6
c:\$Recycle.Bin\S-1-5-18\$94241a64548ffee6d0005b61b363e1c7\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-901657276-1553592934-1975412381-1003\$94241a64548ffee6d0005b61b363e1c7\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$94241a64548ffee6d0005b61b363e1c7\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-901657276-1553592934-1975412381-1003\$94241a64548ffee6d0005b61b363e1c7\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$94241a64548ffee6d0005b61b363e1c7 (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-901657276-1553592934-1975412381-1003\$94241a64548ffee6d0005b61b363e1c7 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 10
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_3_500088832_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500099728_user.mbam (Forged physical sector) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500109311_user.mbam (Forged physical sector) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500113376_user.mbam (Forged physical sector) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500113407_user.mbam (Forged physical sector) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500114074_user.mbam (Forged physical sector) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500118191_user.mbam (Forged physical sector) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$94241a64548ffee6d0005b61b363e1c7\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-901657276-1553592934-1975412381-1003\$94241a64548ffee6d0005b61b363e1c7\@ (Trojan.Siredef.C) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.28.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PStendel :: STENDEL-LAPTOP [administrator]

01.03.2013 01:04:35
mbar-log-2013-03-01 (01-04-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30651
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hey Leo,
bist Du noch wach?
Ansonsten können wir gerne morgen nochmal posten.
ist ja schon spät.

Hallo,

jetzt müssten eigentlich die beiden Tools laufen, welche vorhin blockiert wurden.
(Ich melde mich dann morgen wieder.)

Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.

Starte die aswMBR.exe.
Vista und Win7 User mit Rechtsklick "als Admininstartor ausführen".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von avast! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff aufs Internet zulassen.)
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte, bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere die Datei auf dem Desktop.

Starte die TDSSKiller.exe.
Drücke Start Scan.
Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
Poste bitte den Inhalt dieses Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von aswMBR
Log von TDSSKiller

Prima, mach ich.
Ich danke Dir vorab schon einmal für Deine Bemühungen.
Bis morgen.

Gerne. Melde dich einfach wieder mit den beiden Logfiles, dann geht's weiter. Es bleibt schon noch ein bisschen was zu tun. ;)
Gute Nacht, bis morgen.

Guten Morgen, Leo,

anbei die Logdatei Log von TDSSKiller:

aswMBR bricht das Programm während des Scans immer ab.#
Fehlermeldung: Avast! Antirootkit funktioniert nicht mehr.
Das Programm wird geschlossen und ich werde benachrichtigt, wenn
eine Lösung vorhanden ist.

Gruß

PEter

Hallo Peter,

kannst du bitte den Inhalt der Logfiles entweder direkt in Codetags einfügen ([code]Inhalt Logfile[/code]) oder wenn das nicht klappt als zip-Archiv (Rechtsklick -> Senden an -> zip-komprimierten Ordner) hochladen. Ich kann hier grad keine rar öffnen. Danke.

sorry, dauert ein wenig.
Arbeite gerade und verwende wieder einen Zweitrechner, da ich mein Laptop nicht ans Netzwerk anschließen möchte.

Log TDSSKiller:

01:56:21.0231 4968 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:56:21.0481 4968 ============================================================
01:56:21.0481 4968 Current date / time: 2013/03/01 01:56:21.0481
01:56:21.0481 4968 SystemInfo:
01:56:21.0481 4968
01:56:21.0481 4968 OS Version: 6.1.7601 ServicePack: 1.0
01:56:21.0481 4968 Product type: Workstation
01:56:21.0481 4968 ComputerName: STENDEL-LAPTOP
01:56:21.0481 4968 UserName: PStendel
01:56:21.0481 4968 Windows directory: C:\Windows
01:56:21.0481 4968 System windows directory: C:\Windows
01:56:21.0481 4968 Running under WOW64
01:56:21.0481 4968 Processor architecture: Intel x64
01:56:21.0481 4968 Number of processors: 8
01:56:21.0481 4968 Page size: 0x1000
01:56:21.0481 4968 Boot type: Normal boot
01:56:21.0481 4968 ============================================================
01:56:21.0699 4968 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:56:21.0699 4968 ============================================================
01:56:21.0699 4968 \Device\Harddisk0\DR0:
01:56:21.0699 4968 MBR partitions:
01:56:21.0699 4968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1986000
01:56:21.0699 4968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x199A000, BlocksNum 0x1C351AB0
01:56:21.0699 4968 ============================================================
01:56:21.0715 4968 C: <-> \Device\Harddisk0\DR0\Partition2
01:56:21.0715 4968 ============================================================
01:56:21.0715 4968 Initialize success
01:56:21.0715 4968 ============================================================
01:56:26.0644 3060 ============================================================
01:56:26.0644 3060 Scan started
01:56:26.0644 3060 Mode: Manual;
01:56:26.0644 3060 ============================================================
01:56:26.0832 3060 ================ Scan system memory ========================
01:56:26.0832 3060 System memory - ok
01:56:26.0832 3060 ================ Scan services =============================
01:56:26.0894 3060 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
01:56:26.0894 3060 1394ohci - ok
01:56:26.0894 3060 [ 1575A815C27789061F34B4F55AE0B5C3 ] Acceler C:\Windows\system32\DRIVERS\accelern.sys
01:56:26.0894 3060 Acceler - ok
01:56:26.0910 3060 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:56:26.0910 3060 ACPI - ok
01:56:26.0910 3060 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:56:26.0910 3060 AcpiPmi - ok
01:56:26.0925 3060 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:56:26.0925 3060 AdobeARMservice - ok
01:56:26.0956 3060 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:56:26.0972 3060 AdobeFlashPlayerUpdateSvc - ok
01:56:26.0972 3060 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:56:26.0988 3060 adp94xx - ok
01:56:26.0988 3060 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:56:27.0003 3060 adpahci - ok
01:56:27.0003 3060 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:56:27.0003 3060 adpu320 - ok
01:56:27.0003 3060 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:56:27.0019 3060 AeLookupSvc - ok
01:56:27.0019 3060 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
01:56:27.0019 3060 AESTFilters - ok
01:56:27.0034 3060 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:56:27.0034 3060 AFD - ok
01:56:27.0034 3060 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:56:27.0034 3060 agp440 - ok
01:56:27.0050 3060 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:56:27.0050 3060 ALG - ok
01:56:27.0050 3060 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:56:27.0050 3060 aliide - ok
01:56:27.0050 3060 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:56:27.0050 3060 amdide - ok
01:56:27.0066 3060 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:56:27.0066 3060 AmdK8 - ok
01:56:27.0066 3060 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:56:27.0066 3060 AmdPPM - ok
01:56:27.0066 3060 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:56:27.0066 3060 amdsata - ok
01:56:27.0081 3060 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:56:27.0081 3060 amdsbs - ok
01:56:27.0081 3060 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:56:27.0081 3060 amdxata - ok
01:56:27.0097 3060 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:56:27.0097 3060 AntiVirSchedulerService - ok
01:56:27.0097 3060 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:56:27.0097 3060 AntiVirService - ok
01:56:27.0112 3060 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
01:56:27.0128 3060 AntiVirWebService - ok
01:56:27.0128 3060 [ 6D4CB1F46A0AC05326F834FD6B822479 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
01:56:27.0128 3060 ApfiltrService - ok
01:56:27.0144 3060 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:56:27.0144 3060 AppID - ok
01:56:27.0144 3060 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:56:27.0144 3060 AppIDSvc - ok
01:56:27.0159 3060 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:56:27.0159 3060 Appinfo - ok
01:56:27.0159 3060 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:56:27.0159 3060 Apple Mobile Device - ok
01:56:27.0175 3060 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
01:56:27.0175 3060 AppMgmt - ok
01:56:27.0175 3060 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:56:27.0175 3060 arc - ok
01:56:27.0175 3060 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:56:27.0175 3060 arcsas - ok
01:56:27.0190 3060 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:56:27.0206 3060 aspnet_state - ok
01:56:27.0206 3060 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:56:27.0206 3060 AsyncMac - ok
01:56:27.0206 3060 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:56:27.0206 3060 atapi - ok
01:56:27.0222 3060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:56:27.0222 3060 AudioEndpointBuilder - ok
01:56:27.0237 3060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:56:27.0237 3060 AudioSrv - ok
01:56:27.0253 3060 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:56:27.0253 3060 avgntflt - ok
01:56:27.0253 3060 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:56:27.0253 3060 avipbb - ok
01:56:27.0268 3060 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:56:27.0268 3060 avkmgr - ok
01:56:27.0268 3060 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:56:27.0268 3060 AxInstSV - ok
01:56:27.0284 3060 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:56:27.0284 3060 b06bdrv - ok
01:56:27.0300 3060 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:56:27.0300 3060 b57nd60a - ok
01:56:27.0315 3060 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
01:56:27.0315 3060 BBSvc - ok
01:56:27.0315 3060 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
01:56:27.0315 3060 BBUpdate - ok
01:56:27.0331 3060 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:56:27.0331 3060 BDESVC - ok
01:56:27.0331 3060 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:56:27.0331 3060 Beep - ok
01:56:27.0346 3060 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:56:27.0362 3060 BITS - ok
01:56:27.0362 3060 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:56:27.0362 3060 blbdrive - ok
01:56:27.0362 3060 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:56:27.0378 3060 Bonjour Service - ok
01:56:27.0378 3060 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:56:27.0378 3060 bowser - ok
01:56:27.0378 3060 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:56:27.0378 3060 BrFiltLo - ok
01:56:27.0378 3060 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:56:27.0378 3060 BrFiltUp - ok
01:56:27.0393 3060 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:56:27.0393 3060 Browser - ok
01:56:27.0424 3060 [ 4C260DE6B554A670546578426BB0C604 ] BrowserProtect C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
01:56:27.0440 3060 BrowserProtect - ok
01:56:27.0456 3060 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:56:27.0456 3060 Brserid - ok
01:56:27.0456 3060 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:56:27.0456 3060 BrSerWdm - ok
01:56:27.0471 3060 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:56:27.0471 3060 BrUsbMdm - ok
01:56:27.0471 3060 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:56:27.0471 3060 BrUsbSer - ok
01:56:27.0471 3060 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
01:56:27.0471 3060 BthEnum - ok
01:56:27.0471 3060 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:56:27.0471 3060 BTHMODEM - ok
01:56:27.0487 3060 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:56:27.0487 3060 BthPan - ok
01:56:27.0487 3060 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:56:27.0502 3060 BTHPORT - ok
01:56:27.0502 3060 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:56:27.0502 3060 bthserv - ok
01:56:27.0502 3060 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:56:27.0502 3060 BTHUSB - ok
01:56:27.0518 3060 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
01:56:27.0518 3060 BTWAMPFL - ok
01:56:27.0518 3060 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
01:56:27.0534 3060 btwaudio - ok
01:56:27.0534 3060 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
01:56:27.0534 3060 btwavdt - ok
01:56:27.0549 3060 [ CC9DAE7759AC2C0D19111C0D38DDD232 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
01:56:27.0565 3060 btwdins - ok
01:56:27.0565 3060 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
01:56:27.0565 3060 btwl2cap - ok
01:56:27.0565 3060 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
01:56:27.0565 3060 btwrchid - ok
01:56:27.0565 3060 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:56:27.0580 3060 cdfs - ok
01:56:27.0580 3060 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:56:27.0580 3060 cdrom - ok
01:56:27.0580 3060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:56:27.0580 3060 CertPropSvc - ok
01:56:27.0596 3060 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:56:27.0596 3060 circlass - ok
01:56:27.0596 3060 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:56:27.0596 3060 CLFS - ok
01:56:27.0612 3060 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:56:27.0612 3060 clr_optimization_v2.0.50727_32 - ok
01:56:27.0627 3060 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:56:27.0627 3060 clr_optimization_v2.0.50727_64 - ok
01:56:27.0643 3060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:56:27.0643 3060 clr_optimization_v4.0.30319_32 - ok
01:56:27.0643 3060 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:56:27.0643 3060 clr_optimization_v4.0.30319_64 - ok
01:56:27.0643 3060 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:56:27.0643 3060 CmBatt - ok
01:56:27.0658 3060 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:56:27.0658 3060 cmdide - ok
01:56:27.0658 3060 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:56:27.0674 3060 CNG - ok
01:56:27.0674 3060 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:56:27.0674 3060 Compbatt - ok
01:56:27.0674 3060 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:56:27.0674 3060 CompositeBus - ok
01:56:27.0674 3060 COMSysApp - ok
01:56:27.0690 3060 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:56:27.0690 3060 crcdisk - ok
01:56:27.0705 3060 [ D8E4F20BD26D8DCA4CB67A796D7EEC84 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
01:56:27.0705 3060 Credential Vault Host Control Service - ok
01:56:27.0721 3060 [ EC31C9A4D1059E599DD1DBB50B84F278 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
01:56:27.0721 3060 Credential Vault Host Storage - ok
01:56:27.0721 3060 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:56:27.0721 3060 CryptSvc - ok
01:56:27.0736 3060 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
01:56:27.0736 3060 CSC - ok
01:56:27.0752 3060 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
01:56:27.0752 3060 CscService - ok
01:56:27.0768 3060 [ 8CE04A5BDD2CE6E62CE02A1C27093104 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
01:56:27.0768 3060 CtClsFlt - ok
01:56:27.0768 3060 [ AFD403048B1753EB4225CA476F663350 ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
01:56:27.0768 3060 cvusbdrv - ok
01:56:27.0783 3060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:56:27.0783 3060 DcomLaunch - ok
01:56:27.0799 3060 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:56:27.0799 3060 defragsvc - ok
01:56:27.0830 3060 [ B85201F1AAE97CD58FDE0DB18120F924 ] DFEPService c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
01:56:27.0846 3060 DFEPService - ok
01:56:27.0846 3060 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:56:27.0846 3060 DfsC - ok
01:56:27.0861 3060 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:56:27.0861 3060 Dhcp - ok
01:56:27.0861 3060 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:56:27.0861 3060 discache - ok
01:56:27.0877 3060 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:56:27.0877 3060 Disk - ok
01:56:27.0877 3060 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
01:56:27.0877 3060 dmvsc - ok
01:56:27.0892 3060 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:56:27.0892 3060 Dnscache - ok
01:56:27.0892 3060 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:56:27.0892 3060 dot3svc - ok
01:56:27.0908 3060 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:56:27.0908 3060 DPS - ok
01:56:27.0908 3060 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:56:27.0908 3060 drmkaud - ok
01:56:27.0924 3060 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:56:27.0939 3060 DXGKrnl - ok
01:56:27.0939 3060 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
01:56:27.0939 3060 e1cexpress - ok
01:56:27.0955 3060 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:56:27.0955 3060 EapHost - ok
01:56:27.0986 3060 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:56:28.0017 3060 ebdrv - ok
01:56:28.0017 3060 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:56:28.0017 3060 EFS - ok
01:56:28.0033 3060 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:56:28.0048 3060 ehRecvr - ok
01:56:28.0048 3060 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:56:28.0048 3060 ehSched - ok
01:56:28.0064 3060 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:56:28.0064 3060 elxstor - ok
01:56:28.0064 3060 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:56:28.0064 3060 ErrDev - ok
01:56:28.0080 3060 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:56:28.0080 3060 EventSystem - ok
01:56:28.0095 3060 [ 5C08B9A2BAAEC1F33C2D50FD166DEEBB ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
01:56:28.0111 3060 EvtEng - ok
01:56:28.0126 3060 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:56:28.0126 3060 exfat - ok
01:56:28.0126 3060 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:56:28.0142 3060 fastfat - ok
01:56:28.0142 3060 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:56:28.0158 3060 Fax - ok
01:56:28.0158 3060 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:56:28.0158 3060 fdc - ok
01:56:28.0158 3060 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:56:28.0158 3060 fdPHost - ok
01:56:28.0158 3060 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:56:28.0173 3060 FDResPub - ok
01:56:28.0173 3060 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:56:28.0173 3060 FileInfo - ok
01:56:28.0173 3060 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:56:28.0173 3060 Filetrace - ok
01:56:28.0173 3060 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:56:28.0173 3060 flpydisk - ok
01:56:28.0189 3060 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:56:28.0189 3060 FltMgr - ok
01:56:28.0204 3060 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
01:56:28.0220 3060 FontCache - ok
01:56:28.0220 3060 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:56:28.0220 3060 FontCache3.0.0.0 - ok
01:56:28.0220 3060 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:56:28.0220 3060 FsDepends - ok
01:56:28.0236 3060 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:56:28.0236 3060 Fs_Rec - ok
01:56:28.0236 3060 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:56:28.0236 3060 fvevol - ok
01:56:28.0236 3060 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:56:28.0251 3060 gagp30kx - ok
01:56:28.0251 3060 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:56:28.0251 3060 GEARAspiWDM - ok
01:56:28.0267 3060 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:56:28.0267 3060 gpsvc - ok
01:56:28.0282 3060 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:56:28.0282 3060 gupdate - ok
01:56:28.0282 3060 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:56:28.0282 3060 gupdatem - ok
01:56:28.0282 3060 [ 0E485F2C759F155170DA9F35354034E9 ] HBtnKey C:\Windows\system32\drivers\HBtnKey.sys
01:56:28.0282 3060 HBtnKey - ok
01:56:28.0282 3060 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:56:28.0282 3060 hcw85cir - ok
01:56:28.0298 3060 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:56:28.0298 3060 HDAudBus - ok
01:56:28.0298 3060 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:56:28.0298 3060 HidBatt - ok
01:56:28.0298 3060 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:56:28.0314 3060 HidBth - ok
01:56:28.0314 3060 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:56:28.0314 3060 HidIr - ok
01:56:28.0314 3060 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:56:28.0314 3060 hidserv - ok
01:56:28.0314 3060 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:56:28.0314 3060 HidUsb - ok
01:56:28.0329 3060 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:56:28.0329 3060 hkmsvc - ok
01:56:28.0329 3060 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:56:28.0329 3060 HomeGroupListener - ok
01:56:28.0345 3060 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:56:28.0345 3060 HomeGroupProvider - ok
01:56:28.0345 3060 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:56:28.0345 3060 HpSAMD - ok
01:56:28.0360 3060 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:56:28.0360 3060 HTTP - ok
01:56:28.0376 3060 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:56:28.0376 3060 hwpolicy - ok
01:56:28.0376 3060 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:56:28.0376 3060 i8042prt - ok
01:56:28.0392 3060 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
01:56:28.0392 3060 iaStor - ok
01:56:28.0392 3060 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
01:56:28.0392 3060 IAStorDataMgrSvc - ok
01:56:28.0407 3060 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:56:28.0407 3060 iaStorV - ok
01:56:28.0423 3060 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:56:28.0423 3060 idsvc - ok
01:56:28.0548 3060 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:56:28.0672 3060 igfx - ok
01:56:28.0672 3060 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:56:28.0672 3060 iirsp - ok
01:56:28.0688 3060 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:56:28.0704 3060 IKEEXT - ok
01:56:28.0704 3060 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
01:56:28.0704 3060 Impcd - ok
01:56:28.0704 3060 [ 28D387EEFAD7CC3A0BEB9C3262E83ADD ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
01:56:28.0719 3060 Intel(R) PROSet Monitoring Service - ok
01:56:28.0719 3060 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:56:28.0719 3060 intelide - ok
01:56:28.0719 3060 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:56:28.0719 3060 intelppm - ok
01:56:28.0719 3060 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:56:28.0735 3060 IPBusEnum - ok
01:56:28.0735 3060 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:56:28.0735 3060 IpFilterDriver - ok
01:56:28.0735 3060 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:56:28.0735 3060 IPMIDRV - ok
01:56:28.0735 3060 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:56:28.0750 3060 IPNAT - ok
01:56:28.0750 3060 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:56:28.0766 3060 iPod Service - ok
01:56:28.0766 3060 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:56:28.0766 3060 IRENUM - ok
01:56:28.0766 3060 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:56:28.0766 3060 isapnp - ok
01:56:28.0782 3060 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:56:28.0782 3060 iScsiPrt - ok
01:56:28.0782 3060 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
01:56:28.0782 3060 jhi_service - ok
01:56:28.0797 3060 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:56:28.0797 3060 kbdclass - ok
01:56:28.0797 3060 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:56:28.0797 3060 kbdhid - ok
01:56:28.0797 3060 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:56:28.0797 3060 KeyIso - ok
01:56:28.0797 3060 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:56:28.0813 3060 KSecDD - ok
01:56:28.0813 3060 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:56:28.0813 3060 KSecPkg - ok
01:56:28.0813 3060 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:56:28.0813 3060 ksthunk - ok
01:56:28.0828 3060 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:56:28.0828 3060 KtmRm - ok
01:56:28.0828 3060 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:56:28.0844 3060 LanmanServer - ok
01:56:28.0844 3060 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:56:28.0844 3060 LanmanWorkstation - ok
01:56:28.0844 3060 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:56:28.0860 3060 lltdio - ok
01:56:28.0860 3060 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:56:28.0860 3060 lltdsvc - ok
01:56:28.0860 3060 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:56:28.0875 3060 lmhosts - ok
01:56:28.0875 3060 [ 519D66259DF1672AABCE9D2E0ACC5552 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:56:28.0875 3060 LMS - ok
01:56:28.0891 3060 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:56:28.0891 3060 LSI_FC - ok
01:56:28.0891 3060 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:56:28.0891 3060 LSI_SAS - ok
01:56:28.0891 3060 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:56:28.0891 3060 LSI_SAS2 - ok
01:56:28.0906 3060 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:56:28.0906 3060 LSI_SCSI - ok
01:56:28.0906 3060 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:56:28.0906 3060 luafv - ok
01:56:28.0906 3060 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:56:28.0922 3060 Mcx2Svc - ok
01:56:28.0922 3060 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:56:28.0922 3060 megasas - ok
01:56:28.0922 3060 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:56:28.0922 3060 MegaSR - ok
01:56:28.0938 3060 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
01:56:28.0938 3060 MEIx64 - ok
01:56:28.0938 3060 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:56:28.0938 3060 MMCSS - ok
01:56:28.0938 3060 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:56:28.0938 3060 Modem - ok
01:56:28.0953 3060 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:56:28.0953 3060 monitor - ok
01:56:28.0953 3060 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:56:28.0953 3060 mouclass - ok
01:56:28.0953 3060 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:56:28.0953 3060 mouhid - ok
01:56:28.0953 3060 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:56:28.0953 3060 mountmgr - ok
01:56:28.0969 3060 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:56:28.0969 3060 MozillaMaintenance - ok
01:56:28.0969 3060 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:56:28.0969 3060 mpio - ok
01:56:28.0984 3060 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:56:28.0984 3060 mpsdrv - ok
01:56:28.0984 3060 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:56:28.0984 3060 MRxDAV - ok
01:56:28.0984 3060 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:56:29.0000 3060 mrxsmb - ok
01:56:29.0000 3060 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:56:29.0000 3060 mrxsmb10 - ok
01:56:29.0000 3060 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:56:29.0016 3060 mrxsmb20 - ok
01:56:29.0016 3060 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:56:29.0016 3060 msahci - ok
01:56:29.0016 3060 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:56:29.0016 3060 msdsm - ok
01:56:29.0031 3060 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:56:29.0031 3060 MSDTC - ok
01:56:29.0031 3060 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:56:29.0031 3060 Msfs - ok
01:56:29.0031 3060 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:56:29.0031 3060 mshidkmdf - ok
01:56:29.0047 3060 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:56:29.0047 3060 msisadrv - ok
01:56:29.0047 3060 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:56:29.0047 3060 MSiSCSI - ok
01:56:29.0047 3060 msiserver - ok
01:56:29.0062 3060 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:56:29.0062 3060 MSKSSRV - ok
01:56:29.0062 3060 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:56:29.0062 3060 MSPCLOCK - ok
01:56:29.0062 3060 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:56:29.0062 3060 MSPQM - ok
01:56:29.0078 3060 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:56:29.0078 3060 MsRPC - ok
01:56:29.0078 3060 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:56:29.0078 3060 mssmbios - ok
01:56:29.0078 3060 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:56:29.0078 3060 MSTEE - ok
01:56:29.0094 3060 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:56:29.0094 3060 MTConfig - ok
01:56:29.0094 3060 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:56:29.0094 3060 Mup - ok
01:56:29.0094 3060 [ E4D623555C20FAB03FC952B23811D0D8 ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
01:56:29.0094 3060 NAL - ok
01:56:29.0109 3060 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:56:29.0109 3060 napagent - ok
01:56:29.0125 3060 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:56:29.0125 3060 NativeWifiP - ok
01:56:29.0140 3060 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:56:29.0156 3060 NDIS - ok
01:56:29.0156 3060 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:56:29.0156 3060 NdisCap - ok
01:56:29.0156 3060 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:56:29.0156 3060 NdisTapi - ok
01:56:29.0156 3060 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:56:29.0156 3060 Ndisuio - ok
01:56:29.0172 3060 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:56:29.0172 3060 NdisWan - ok
01:56:29.0172 3060 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:56:29.0172 3060 NDProxy - ok
01:56:29.0187 3060 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:56:29.0187 3060 NetBIOS - ok
01:56:29.0187 3060 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:56:29.0187 3060 NetBT - ok
01:56:29.0187 3060 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:56:29.0187 3060 Netlogon - ok
01:56:29.0203 3060 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:56:29.0203 3060 Netman - ok
01:56:29.0218 3060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:56:29.0218 3060 NetMsmqActivator - ok
01:56:29.0218 3060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:56:29.0218 3060 NetPipeActivator - ok
01:56:29.0234 3060 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:56:29.0234 3060 netprofm - ok
01:56:29.0234 3060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:56:29.0234 3060 NetTcpActivator - ok
01:56:29.0250 3060 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:56:29.0250 3060 NetTcpPortSharing - ok
01:56:29.0250 3060 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
01:56:29.0250 3060 netvsc - ok
01:56:29.0343 3060 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
01:56:29.0421 3060 NETwNs64 - ok
01:56:29.0421 3060 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:56:29.0421 3060 nfrd960 - ok
01:56:29.0437 3060 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:56:29.0437 3060 NlaSvc - ok
01:56:29.0437 3060 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:56:29.0437 3060 Npfs - ok
01:56:29.0452 3060 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:56:29.0452 3060 nsi - ok
01:56:29.0452 3060 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:56:29.0452 3060 nsiproxy - ok
01:56:29.0468 3060 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:56:29.0484 3060 Ntfs - ok
01:56:29.0499 3060 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:56:29.0499 3060 Null - ok
01:56:29.0499 3060 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:56:29.0499 3060 NVHDA - ok
01:56:29.0640 3060 [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:56:29.0764 3060 nvlddmkm - ok
01:56:29.0764 3060 [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
01:56:29.0764 3060 nvpciflt - ok
01:56:29.0764 3060 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:56:29.0780 3060 nvraid - ok
01:56:29.0780 3060 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:56:29.0780 3060 nvstor - ok
01:56:29.0796 3060 [ E04FCE1D149CF05C3449E3171F9C3E41 ] NVSvc C:\Windows\system32\nvvsvc.exe
01:56:29.0811 3060 NVSvc - ok
01:56:29.0827 3060 [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
01:56:29.0858 3060 nvUpdatusService - ok
01:56:29.0858 3060 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:56:29.0858 3060 nv_agp - ok
01:56:29.0858 3060 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
01:56:29.0858 3060 O2FLASH - ok
01:56:29.0874 3060 [ 6172DB160FC566CF24307941C0E94D8E ] O2MDFRDR C:\Windows\system32\drivers\O2MDFw7x64.sys
01:56:29.0874 3060 O2MDFRDR - ok
01:56:29.0874 3060 [ 8ED738ABA394BBF6D7802698BE453112 ] O2MDRRDR C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
01:56:29.0874 3060 O2MDRRDR - ok
01:56:29.0905 3060 [ 4635935FC972C582632BF45C26BFCB0E ] O2SDIOAssist c:\Windows\SysWOW64\srvany.exe
01:56:29.0905 3060 O2SDIOAssist - ok
01:56:29.0905 3060 [ A9C1E6B7C134FAD124338B7944FA996D ] O2SDJRDR C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
01:56:29.0905 3060 O2SDJRDR - ok
01:56:29.0920 3060 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:56:29.0920 3060 ohci1394 - ok
01:56:29.0920 3060 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:56:29.0920 3060 ose - ok
01:56:29.0983 3060 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:56:30.0030 3060 osppsvc - ok
01:56:30.0030 3060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:56:30.0045 3060 p2pimsvc - ok
01:56:30.0045 3060 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:56:30.0061 3060 p2psvc - ok
01:56:30.0061 3060 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:56:30.0061 3060 Parport - ok
01:56:30.0061 3060 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:56:30.0061 3060 partmgr - ok
01:56:30.0076 3060 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
01:56:30.0076 3060 PBADRV - ok
01:56:30.0076 3060 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:56:30.0076 3060 PcaSvc - ok
01:56:30.0076 3060 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:56:30.0092 3060 pci - ok
01:56:30.0092 3060 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:56:30.0092 3060 pciide - ok
01:56:30.0092 3060 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:56:30.0092 3060 pcmcia - ok
01:56:30.0108 3060 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:56:30.0108 3060 pcw - ok
01:56:30.0108 3060 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:56:30.0123 3060 PEAUTH - ok
01:56:30.0139 3060 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
01:56:30.0154 3060 PeerDistSvc - ok
01:56:30.0154 3060 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:56:30.0154 3060 PerfHost - ok
01:56:30.0186 3060 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:56:30.0201 3060 pla - ok
01:56:30.0201 3060 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:56:30.0217 3060 PlugPlay - ok
01:56:30.0217 3060 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:56:30.0217 3060 PNRPAutoReg - ok
01:56:30.0217 3060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:56:30.0232 3060 PNRPsvc - ok
01:56:30.0232 3060 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:56:30.0232 3060 PolicyAgent - ok
01:56:30.0248 3060 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:56:30.0248 3060 Power - ok
01:56:30.0248 3060 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:56:30.0264 3060 PptpMiniport - ok
01:56:30.0264 3060 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:56:30.0264 3060 Processor - ok
01:56:30.0264 3060 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:56:30.0264 3060 ProfSvc - ok
01:56:30.0279 3060 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:56:30.0279 3060 ProtectedStorage - ok
01:56:30.0279 3060 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:56:30.0279 3060 Psched - ok
01:56:30.0279 3060 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
01:56:30.0295 3060 PxHlpa64 - ok
01:56:30.0310 3060 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:56:30.0326 3060 ql2300 - ok
01:56:30.0326 3060 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:56:30.0326 3060 ql40xx - ok
01:56:30.0342 3060 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:56:30.0342 3060 QWAVE - ok
01:56:30.0342 3060 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:56:30.0342 3060 QWAVEdrv - ok
01:56:30.0342 3060 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:56:30.0342 3060 RasAcd - ok
01:56:30.0357 3060 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:56:30.0357 3060 RasAgileVpn - ok
01:56:30.0357 3060 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:56:30.0357 3060 RasAuto - ok
01:56:30.0357 3060 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:56:30.0373 3060 Rasl2tp - ok
01:56:30.0373 3060 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:56:30.0373 3060 RasMan - ok
01:56:30.0388 3060 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:56:30.0388 3060 RasPppoe - ok
01:56:30.0388 3060 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:56:30.0388 3060 RasSstp - ok
01:56:30.0388 3060 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:56:30.0404 3060 rdbss - ok
01:56:30.0404 3060 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:56:30.0404 3060 rdpbus - ok
01:56:30.0404 3060 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:56:30.0404 3060 RDPCDD - ok
01:56:30.0420 3060 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
01:56:30.0420 3060 RDPDR - ok
01:56:30.0420 3060 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:56:30.0420 3060 RDPENCDD - ok
01:56:30.0420 3060 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:56:30.0420 3060 RDPREFMP - ok
01:56:30.0435 3060 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:56:30.0435 3060 RDPWD - ok
01:56:30.0435 3060 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:56:30.0435 3060 rdyboost - ok
01:56:30.0451 3060 [ F90CC59135F2945A6EBB1670A7BBD8B3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:56:30.0466 3060 RegSrvc - ok
01:56:30.0466 3060 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:56:30.0466 3060 RemoteAccess - ok
01:56:30.0482 3060 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:56:30.0482 3060 RemoteRegistry - ok
01:56:30.0482 3060 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:56:30.0482 3060 RFCOMM - ok
01:56:30.0513 3060 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
01:56:30.0513 3060 RoxMediaDB12OEM - ok
01:56:30.0529 3060 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
01:56:30.0529 3060 RoxWatch12 - ok
01:56:30.0529 3060 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:56:30.0529 3060 RpcEptMapper - ok
01:56:30.0529 3060 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:56:30.0529 3060 RpcLocator - ok
01:56:30.0544 3060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:56:30.0544 3060 RpcSs - ok
01:56:30.0560 3060 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:56:30.0560 3060 rspndr - ok
01:56:30.0560 3060 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
01:56:30.0560 3060 s3cap - ok
01:56:30.0560 3060 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:56:30.0560 3060 SamSs - ok
01:56:30.0560 3060 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:56:30.0560 3060 sbp2port - ok
01:56:30.0576 3060 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:56:30.0576 3060 SCardSvr - ok
01:56:30.0576 3060 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:56:30.0576 3060 scfilter - ok
01:56:30.0591 3060 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:56:30.0607 3060 Schedule - ok
01:56:30.0607 3060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:56:30.0607 3060 SCPolicySvc - ok
01:56:30.0622 3060 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:56:30.0622 3060 SDRSVC - ok
01:56:30.0622 3060 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:56:30.0622 3060 secdrv - ok
01:56:30.0622 3060 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:56:30.0638 3060 seclogon - ok
01:56:30.0654 3060 [ 8365191D0FE7DF5972B889821ADBE62B ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
01:56:30.0685 3060 SecureStorageService - ok
01:56:30.0685 3060 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:56:30.0685 3060 SENS - ok
01:56:30.0700 3060 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:56:30.0700 3060 SensrSvc - ok
01:56:30.0700 3060 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:56:30.0700 3060 Serenum - ok
01:56:30.0700 3060 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:56:30.0700 3060 Serial - ok
01:56:30.0716 3060 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:56:30.0716 3060 sermouse - ok
01:56:30.0716 3060 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:56:30.0716 3060 SessionEnv - ok
01:56:30.0732 3060 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:56:30.0732 3060 sffdisk - ok
01:56:30.0732 3060 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:56:30.0732 3060 sffp_mmc - ok
01:56:30.0732 3060 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:56:30.0732 3060 sffp_sd - ok
01:56:30.0732 3060 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:56:30.0732 3060 sfloppy - ok
01:56:30.0747 3060 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:56:30.0747 3060 ShellHWDetection - ok
01:56:30.0763 3060 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:56:30.0763 3060 SiSRaid2 - ok
01:56:30.0763 3060 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:56:30.0763 3060 SiSRaid4 - ok
01:56:30.0763 3060 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:56:30.0778 3060 SkypeUpdate - ok
01:56:30.0778 3060 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:56:30.0778 3060 Smb - ok
01:56:30.0778 3060 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:56:30.0778 3060 SNMPTRAP - ok
01:56:30.0794 3060 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:56:30.0794 3060 spldr - ok
01:56:30.0794 3060 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:56:30.0810 3060 Spooler - ok
01:56:30.0841 3060 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:56:30.0872 3060 sppsvc - ok
01:56:30.0888 3060 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:56:30.0888 3060 sppuinotify - ok
01:56:30.0888 3060 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:56:30.0903 3060 srv - ok
01:56:30.0903 3060 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:56:30.0919 3060 srv2 - ok
01:56:30.0919 3060 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:56:30.0919 3060 srvnet - ok
01:56:30.0919 3060 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:56:30.0934 3060 SSDPSRV - ok
01:56:30.0934 3060 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:56:30.0934 3060 SstpSvc - ok
01:56:30.0950 3060 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
01:56:30.0950 3060 STacSV - ok
01:56:30.0950 3060 [ E4EA2412FB1B8AEE33667A9CC6D456A4 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
01:56:30.0950 3060 stdcfltn - ok
01:56:30.0966 3060 [ 479321C119B54D7F13A91E16CF7C2E9A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:56:30.0966 3060 Stereo Service - ok
01:56:30.0966 3060 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:56:30.0966 3060 stexstor - ok
01:56:30.0981 3060 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
01:56:30.0981 3060 STHDA - ok
01:56:30.0997 3060 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:56:30.0997 3060 stisvc - ok
01:56:31.0012 3060 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:56:31.0012 3060 stllssvr - ok
01:56:31.0012 3060 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
01:56:31.0012 3060 StorSvc - ok
01:56:31.0012 3060 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
01:56:31.0012 3060 storvsc - ok
01:56:31.0012 3060 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:56:31.0028 3060 swenum - ok
01:56:31.0028 3060 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:56:31.0044 3060 swprv - ok
01:56:31.0044 3060 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
01:56:31.0044 3060 SynthVid - ok
01:56:31.0059 3060 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:56:31.0075 3060 SysMain - ok
01:56:31.0090 3060 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:56:31.0090 3060 TabletInputService - ok
01:56:31.0090 3060 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:56:31.0106 3060 TapiSrv - ok
01:56:31.0106 3060 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:56:31.0106 3060 TBS - ok
01:56:31.0137 3060 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:56:31.0153 3060 Tcpip - ok
01:56:31.0168 3060 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:56:31.0184 3060 TCPIP6 - ok
01:56:31.0184 3060 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:56:31.0200 3060 tcpipreg - ok
01:56:31.0215 3060 [ 3D52B206D9F6F3ECFDB5D676614E47B6 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
01:56:31.0231 3060 tcsd_win32.exe - ok
01:56:31.0278 3060 [ E2F626E4A23E12DE31D8820FF143A456 ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
01:56:31.0309 3060 TdmService - ok
01:56:31.0309 3060 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:56:31.0324 3060 TDPIPE - ok
01:56:31.0324 3060 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:56:31.0324 3060 TDTCP - ok
01:56:31.0324 3060 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:56:31.0324 3060 tdx - ok
01:56:31.0324 3060 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:56:31.0324 3060 TermDD - ok
01:56:31.0340 3060 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:56:31.0356 3060 TermService - ok
01:56:31.0356 3060 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:56:31.0356 3060 Themes - ok
01:56:31.0356 3060 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:56:31.0356 3060 THREADORDER - ok
01:56:31.0371 3060 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:56:31.0371 3060 TrkWks - ok
01:56:31.0371 3060 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:56:31.0371 3060 TrustedInstaller - ok
01:56:31.0387 3060 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:56:31.0387 3060 tssecsrv - ok
01:56:31.0387 3060 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:56:31.0387 3060 TsUsbFlt - ok
01:56:31.0387 3060 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:56:31.0387 3060 TsUsbGD - ok
01:56:31.0402 3060 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:56:31.0402 3060 tunnel - ok
01:56:31.0402 3060 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:56:31.0402 3060 uagp35 - ok
01:56:31.0402 3060 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:56:31.0418 3060 udfs - ok
01:56:31.0418 3060 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:56:31.0418 3060 UI0Detect - ok
01:56:31.0418 3060 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:56:31.0418 3060 uliagpkx - ok
01:56:31.0434 3060 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:56:31.0434 3060 umbus - ok
01:56:31.0434 3060 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:56:31.0434 3060 UmPass - ok
01:56:31.0434 3060 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
01:56:31.0449 3060 UmRdpService - ok
01:56:31.0480 3060 [ 1B71370AEC1115F80D9A4A209317C968 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:56:31.0496 3060 UNS - ok
01:56:31.0512 3060 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:56:31.0512 3060 upnphost - ok
01:56:31.0527 3060 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:56:31.0527 3060 USBAAPL64 - ok
01:56:31.0527 3060 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:56:31.0527 3060 usbaudio - ok
01:56:31.0527 3060 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:56:31.0527 3060 usbccgp - ok
01:56:31.0543 3060 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:56:31.0543 3060 usbcir - ok
01:56:31.0543 3060 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:56:31.0543 3060 usbehci - ok
01:56:31.0558 3060 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:56:31.0558 3060 usbhub - ok
01:56:31.0558 3060 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:56:31.0558 3060 usbohci - ok
01:56:31.0558 3060 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:56:31.0558 3060 usbprint - ok
01:56:31.0574 3060 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:56:31.0574 3060 USBSTOR - ok
01:56:31.0574 3060 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:56:31.0574 3060 usbuhci - ok
01:56:31.0574 3060 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:56:31.0590 3060 usbvideo - ok
01:56:31.0590 3060 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:56:31.0590 3060 UxSms - ok
01:56:31.0590 3060 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:56:31.0590 3060 VaultSvc - ok
01:56:31.0590 3060 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:56:31.0605 3060 vdrvroot - ok
01:56:31.0605 3060 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:56:31.0621 3060 vds - ok
01:56:31.0621 3060 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:56:31.0621 3060 vga - ok
01:56:31.0621 3060 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:56:31.0621 3060 VgaSave - ok
01:56:31.0621 3060 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:56:31.0636 3060 vhdmp - ok
01:56:31.0636 3060 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:56:31.0636 3060 viaide - ok
01:56:31.0636 3060 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
01:56:31.0636 3060 VMBusHID - ok
01:56:31.0636 3060 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:56:31.0652 3060 volmgr - ok
01:56:31.0652 3060 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:56:31.0652 3060 volmgrx - ok
01:56:31.0668 3060 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:56:31.0668 3060 volsnap - ok
01:56:31.0668 3060 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:56:31.0668 3060 vsmraid - ok
01:56:31.0699 3060 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:56:31.0714 3060 VSS - ok
01:56:31.0714 3060 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:56:31.0714 3060 vwifibus - ok
01:56:31.0714 3060 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:56:31.0714 3060 vwififlt - ok
01:56:31.0714 3060 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:56:31.0714 3060 vwifimp - ok
01:56:31.0730 3060 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:56:31.0730 3060 W32Time - ok
01:56:31.0746 3060 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:56:31.0746 3060 WacomPen - ok
01:56:31.0746 3060 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:56:31.0746 3060 WANARP - ok
01:56:31.0746 3060 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:56:31.0746 3060 Wanarpv6 - ok
01:56:31.0777 3060 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:56:31.0777 3060 WatAdminSvc - ok
01:56:31.0808 3060 [ E45BCE01F15EEB240FE9DB83B9D86BE3 ] Wave Authentication Manager Service C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
01:56:31.0824 3060 Wave Authentication Manager Service - ok
01:56:31.0839 3060 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:56:31.0855 3060 wbengine - ok
01:56:31.0855 3060 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:56:31.0870 3060 WbioSrvc - ok
01:56:31.0870 3060 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:56:31.0870 3060 wcncsvc - ok
01:56:31.0886 3060 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:56:31.0886 3060 WcsPlugInService - ok
01:56:31.0886 3060 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:56:31.0886 3060 Wd - ok
01:56:31.0886 3060 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
01:56:31.0886 3060 WDC_SAM - ok
01:56:31.0902 3060 [ E6050FE6B60FA91188B8ABDB5B1E339F ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
01:56:31.0902 3060 WDDMService - ok
01:56:31.0917 3060 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:56:31.0917 3060 Wdf01000 - ok
01:56:31.0933 3060 [ B83D5071B32A70BEBDB3330BFA7ACB80 ] WDFME C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
01:56:31.0948 3060 WDFME - ok
01:56:31.0948 3060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:56:31.0964 3060 WdiServiceHost - ok
01:56:31.0964 3060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:56:31.0964 3060 WdiSystemHost - ok
01:56:31.0964 3060 [ 517DE2C5568CBA6B2A24A557AC60C30B ] WDSC C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
01:56:31.0980 3060 WDSC - ok
01:56:31.0980 3060 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:56:31.0980 3060 WebClient - ok
01:56:31.0995 3060 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:56:31.0995 3060 Wecsvc - ok
01:56:31.0995 3060 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:56:31.0995 3060 wercplsupport - ok
01:56:32.0011 3060 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:56:32.0011 3060 WerSvc - ok
01:56:32.0011 3060 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:56:32.0011 3060 WfpLwf - ok
01:56:32.0011 3060 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:56:32.0011 3060 WIMMount - ok
01:56:32.0026 3060 WinHttpAutoProxySvc - ok
01:56:32.0042 3060 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:56:32.0042 3060 Winmgmt - ok
01:56:32.0058 3060 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:56:32.0089 3060 WinRM - ok
01:56:32.0089 3060 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
01:56:32.0089 3060 WinUsb - ok
01:56:32.0104 3060 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:56:32.0120 3060 Wlansvc - ok
01:56:32.0120 3060 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:56:32.0120 3060 wlcrasvc - ok
01:56:32.0151 3060 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:56:32.0167 3060 wlidsvc - ok
01:56:32.0182 3060 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:56:32.0182 3060 WmiAcpi - ok
01:56:32.0182 3060 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:56:32.0182 3060 wmiApSrv - ok
01:56:32.0198 3060 WMPNetworkSvc - ok
01:56:32.0198 3060 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:56:32.0198 3060 WPCSvc - ok
01:56:32.0198 3060 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:56:32.0198 3060 WPDBusEnum - ok
01:56:32.0214 3060 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:56:32.0214 3060 ws2ifsl - ok
01:56:32.0214 3060 WSearch - ok
01:56:32.0245 3060 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:56:32.0260 3060 wuauserv - ok
01:56:32.0276 3060 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:56:32.0276 3060 WudfPf - ok
01:56:32.0276 3060 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:56:32.0276 3060 WUDFRd - ok
01:56:32.0276 3060 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:56:32.0292 3060 wudfsvc - ok
01:56:32.0292 3060 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:56:32.0292 3060 WwanSvc - ok
01:56:32.0307 3060 [ B87E12317928739E22D2E3ACC7CCAC80 ] ZcfgSvc7 C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
01:56:32.0323 3060 ZcfgSvc7 - ok
01:56:32.0323 3060 ================ Scan global ===============================
01:56:32.0338 3060 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:56:32.0338 3060 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:56:32.0354 3060 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:56:32.0354 3060 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:56:32.0354 3060 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:56:32.0370 3060 [Global] - ok
01:56:32.0370 3060 ================ Scan MBR ==================================
01:56:32.0370 3060 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:56:32.0448 3060 \Device\Harddisk0\DR0 - ok
01:56:32.0448 3060 ================ Scan VBR ==================================
01:56:32.0463 3060 [ DB2501EDEA7A7D0C56164D3F4ADA922F ] \Device\Harddisk0\DR0\Partition1
01:56:32.0463 3060 \Device\Harddisk0\DR0\Partition1 - ok
01:56:32.0463 3060 [ D29C8962C3D39C9CB8B37D278589FF53 ] \Device\Harddisk0\DR0\Partition2
01:56:32.0463 3060 \Device\Harddisk0\DR0\Partition2 - ok
01:56:32.0463 3060 ============================================================
01:56:32.0463 3060 Scan finished
01:56:32.0463 3060 ============================================================
01:56:32.0463 1564 Detected object count: 0
01:56:32.0463 1564 Actual detected object count: 0
01:57:03.0227 0816 Deinitialize success

Hallo Peter,

kein Problem, auf Geschwindigkeit sind wir nicht aus hier, ich bin ja auch nicht permanent verfügbar.
Kannst du mal noch versuchen, ob aswMBR im abgesicherten Modus durchläuft?

Hallo Peter,

dann versuch mal dieses Tool hier auszuführen.
Wie läuft der Rechner im Moment?

Lade dir MbrScan herunter und speichere es auf den Desktop.

Starte die MbrScan.exe.
Drücke auf Scan.
Wenn der Scan abgeschlossen ist, drücke auf Report.
Es öffnet sich ein Notepadfenster. Bitte poste dessen gesamten Inhalt hier.
(Nachträglich findest du diese Logdatei auch unter MbrScan.log auf dem Dekstop.)

Hallo Leo,

hat leider länger bei mir gedauert. Hoffe, du bist noch aktiv.
Der Rechner läuft meiner Meinung nach normal, kann keine
Unregelmässigkeiten feststellen.

Trotzdem überlege ich das B-System nochmal neu aufzusetzen um ganz auf Nummer sicher
zu gehen.

Na, schauen wir mal.

Anbei die mbar-log

Beste Grüße

Peter

Ups, so jetzt die Datei

Hallo Peter,

Zitat:

Trotzdem überlege ich das B-System nochmal neu aufzusetzen um ganz auf Nummer sicher zu gehen.

Das ist nach solchen Infektionen (du hattest zwei schwerwiegende davon parallel) nie eine schlechte Idee.

Teile mir doch mit, ob du mit der Bereinigung fortfahren oder das System neuaufsetzen möchtest.

Hallo Leo,

danke für Deine Antwort.
Grundsätzlich würde ich gerne mit der Bereinigung fortfahren, da ich kein Freund von unerledigten halbfertigen Arbeiten bin.
Da ich noch nicht genau sagen kann, wann ich ein Neuaufsetzen durchführen kann, würde ich die Bereinigung zunächst vorziehen.
Gruß

Peter

Hallo Peter,

in Ordnung, ich wollte dich nur noch darauf hingewiesen haben, dass das hier kein harmloser Fall ist.
Dann machen wir jetzt so weiter:

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von Combofix
Log von OTL

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Hi Leo,

sorry, bin beruflich gerade sehr einbebunden.
Ich komme erst übers Wochenende dazu mich um darum vollständig zu kümmern.
Werde mich heute Abend nochmal melden und die Logfiles senden.
Vielen Dank.

Grusß

Peter

Ok, alles klar. Danke für die Mitteilung.

Hallo Leo,
hat gestern leider nicht mehr geklappt.
Anbei die Logfiles

Beste Grüße

PEter

Hallo Peter,

Zitat:

OTL logfile created on: 28.02.2013 23:29:09 - Run 1

Das angehängte OTL-Logfile ist noch ein altes.
Kannst du bitte das frische OTL-Log posten, oder falls du es nicht findest, ein neues machen und hier einfügen.
(Die Logfiles bitte nicht anhängen, sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)

Hallo Leo,

anbei jüngste OTL Logfile:

Code:



        Code:


        
Inhalt Logfile

Hallo Peter,

vom Logfile seh ich da nicht viel.. ;)
Kopiere den gesamten Inhalt des Logfiles im Texteditor und füge ihn zwischen den beiden Codetags ein.
(Wenn das nicht klappt, kannst du das Log auch wie zuvor anhängen.)

OK, sorry, da habe ich etwas falsch gemacht.
Hier noch einmal:

Code:

OTL logfile created on: 10.03.2013 09:14:53 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pstendel\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,88 Gb Total Physical Memory | 4,87 Gb Available Physical Memory | 61,82% Memory free

15,77 Gb Paging File | 12,24 Gb Available in Paging File | 77,64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 225,66 Gb Total Space | 37,73 Gb Free Space | 16,72% Space Free | Partition Type: NTFS

 

Computer Name: STENDEL-LAPTOP | User Name: PStendel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - File not found -- 

PRC - [2013.03.01 00:08:21 | 001,274,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013.02.28 23:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pstendel\Desktop\OTL.exe

PRC - [2012.12.04 13:40:24 | 005,100,544 | ---- | M] () -- C:\Program Files (x86)\UseNeXT\UseNeXT.exe

PRC - [2012.11.28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2012.08.09 09:34:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.05.10 08:06:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

PRC - [2012.05.10 08:06:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.10 08:06:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2011.07.25 15:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.05.12 22:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

PRC - [2011.02.24 06:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2011.02.08 07:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe

PRC - [2010.03.12 16:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009.07.06 20:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.03.01 00:08:19 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll

MOD - [2013.03.01 00:08:18 | 012,637,136 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll

MOD - [2013.03.01 00:08:16 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll

MOD - [2013.03.01 00:07:25 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\libglesv2.dll

MOD - [2013.03.01 00:07:24 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\libegl.dll

MOD - [2013.03.01 00:07:21 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll

MOD - [2013.02.16 03:20:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013.01.10 13:36:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll

MOD - [2013.01.10 13:36:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll

MOD - [2013.01.10 13:31:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013.01.10 13:30:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013.01.10 13:30:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013.01.10 13:30:31 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll

MOD - [2013.01.10 13:30:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013.01.10 13:30:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013.01.10 13:30:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013.01.10 13:30:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2012.12.04 13:40:24 | 005,100,544 | ---- | M] () -- C:\Program Files (x86)\UseNeXT\UseNeXT.exe

MOD - [2011.10.28 20:30:55 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2011.10.28 20:30:55 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.07.25 15:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2011.06.05 16:22:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2010.09.22 06:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)

SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013.03.08 14:57:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.03.02 04:59:11 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.05.10 08:06:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2012.05.10 08:06:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.10 08:06:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.08.24 22:17:34 | 002,279,320 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)

SRV - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011.07.01 19:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)

SRV - [2011.06.07 18:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.05.27 23:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)

SRV - [2011.05.24 21:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

SRV - [2011.05.13 16:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)

SRV - [2011.05.13 16:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)

SRV - [2011.05.12 22:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)

SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)

SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2011.02.24 06:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2011.02.17 15:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)

SRV - [2010.12.23 20:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2010.12.23 20:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)

SRV - [2010.12.23 20:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.05.10 08:06:21 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.10 08:06:21 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.28 20:30:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.10.28 20:30:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.10.28 18:53:55 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011.10.28 18:53:55 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011.10.28 18:53:55 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011.10.28 18:53:55 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011.10.28 18:53:55 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.07.22 21:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)

DRV:64bit: - [2011.07.20 09:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2011.07.19 23:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HBtnKey.sys -- (HBtnKey)

DRV:64bit: - [2011.07.15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2011.06.10 20:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.06.05 16:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011.05.26 19:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011.05.10 20:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)

DRV:64bit: - [2011.05.10 11:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)

DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)

DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)

DRV:64bit: - [2010.12.21 20:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)

DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)

DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.10.20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010.09.17 09:02:24 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)

DRV:64bit: - [2010.07.21 19:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)

DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{B0A6D7D5-B085-47B9-841E-5EFBED44261A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{B0A6D7D5-B085-47B9-841E-5EFBED44261A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8

IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8

IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8

IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..\SearchScopes\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000

IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7B10743931-94DF-476f-A987-4391233C17A2%7D:1.1.13

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:57:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013.02.15 22:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pstendel\AppData\Roaming\mozilla\Extensions

[2013.03.09 09:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pstendel\AppData\Roaming\mozilla\Firefox\Profiles\kiqjlfcl.default\extensions

[2013.02.15 22:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.02.15 22:38:29 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}

[2012.12.11 09:35:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013.03.08 14:57:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013.02.21 11:00:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.02.21 11:00:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013.02.21 11:00:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2013.02.21 11:00:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.02.21 11:00:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.02.21 11:00:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Mail = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013.03.09 10:13:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)

O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)

O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found

O4 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found

O4 - Startup: C:\Users\istendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found

O4 - Startup: C:\Users\Peter Stendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found

O4 - Startup: C:\Users\pstendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found

O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SteuerberatungStendel.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68E104BF-C02E-4356-A04A-F1C55BE9C487}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7303AD-7DFE-4F01-B8A5-4B93B40EBF00}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.09 10:15:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5

[2013.03.09 10:15:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.03.09 10:03:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.03.09 10:03:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.03.09 10:03:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.03.09 10:00:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.03.09 09:59:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.03.09 09:57:43 | 005,037,067 | R--- | C] (Swearware) -- C:\Users\pstendel\Desktop\ComboFix.exe

[2013.03.08 12:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013.03.02 20:34:21 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

[2013.03.02 05:05:07 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Documents\Rezepte

[2013.03.02 04:38:52 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Documents\Im_Sundern

[2013.03.01 20:40:32 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\pstendel\Desktop\MbrScan.exe

[2013.03.01 00:44:59 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Desktop\mbar-1.01.0.1020

[2013.03.01 00:35:52 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\pstendel\Desktop\tdsskiller.exe

[2013.03.01 00:30:54 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\pstendel\Desktop\aswMBR.exe

[2013.02.28 23:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013.02.28 23:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2013.02.28 23:27:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pstendel\Desktop\OTL.exe

[2013.02.28 21:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.02.28 21:58:20 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\unhide(1).exe

[2013.02.28 21:54:46 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Desktop\rkill

[2013.02.28 21:54:21 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\rkill(1).com

[2013.02.27 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Roaming\Malwarebytes

[2013.02.27 13:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.02.27 13:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.02.27 12:59:57 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Local\Programs

[2013.02.25 17:59:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013.02.15 22:37:51 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Local\MedienTeam66

[2013.02.15 22:37:35 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Documents\YouTube Recordings

[2013.02.15 22:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MT66 Software Update

[2013.02.15 22:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66

[2013.02.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MedienTeam66

[2013.02.14 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013.02.14 21:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.10 09:03:02 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.10 09:02:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.03.10 09:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.03.09 10:40:40 | 000,006,946 | ---- | M] () -- C:\Users\pstendel\Desktop\ComboFix_Log.zip

[2013.03.09 10:21:59 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.09 10:21:59 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.09 10:18:59 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.03.09 10:18:59 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.03.09 10:18:59 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.03.09 10:18:59 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.03.09 10:18:59 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.03.09 10:14:59 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.09 10:14:35 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.09 10:13:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.03.09 09:58:12 | 005,037,067 | R--- | M] (Swearware) -- C:\Users\pstendel\Desktop\ComboFix.exe

[2013.03.09 09:54:51 | 000,001,813 | ---- | M] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].zip

[2013.03.09 09:54:09 | 000,001,781 | ---- | M] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].rar

[2013.03.08 04:31:32 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job

[2013.03.05 14:24:27 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.03.02 12:57:15 | 005,401,728 | ---- | M] () -- C:\Users\pstendel\Desktop\4865.pdf

[2013.03.01 20:45:43 | 000,005,523 | ---- | M] () -- C:\Users\pstendel\Desktop\MbrScan.zip

[2013.03.01 20:41:29 | 000,000,512 | ---- | M] () -- C:\Users\pstendel\Desktop\Dump_Hdd0_DR0.mbr

[2013.03.01 20:40:20 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\pstendel\Desktop\MbrScan.exe

[2013.03.01 09:40:17 | 000,024,148 | ---- | M] () -- C:\Users\pstendel\Desktop\TDSSKiller.2.8.16.0_01.03.2013_01.56.21_log.rar

[2013.03.01 00:44:32 | 013,711,621 | ---- | M] () -- C:\Users\pstendel\Desktop\mbar-1.01.0.1020.zip

[2013.03.01 00:35:51 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pstendel\Desktop\tdsskiller.exe

[2013.03.01 00:31:58 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\pstendel\Desktop\aswMBR.exe

[2013.03.01 00:00:15 | 000,036,196 | ---- | M] () -- C:\Users\pstendel\Desktop\Logfiles.zip

[2013.02.28 23:57:54 | 000,007,673 | ---- | M] () -- C:\Users\pstendel\Desktop\Gmer.zip

[2013.02.28 23:47:42 | 001,110,476 | ---- | M] () -- C:\Users\pstendel\Desktop\7z920.exe

[2013.02.28 23:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pstendel\Desktop\OTL.exe

[2013.02.28 23:08:37 | 000,377,856 | ---- | M] () -- C:\Users\pstendel\Desktop\2i6ethzv.exe

[2013.02.28 22:57:44 | 000,000,000 | ---- | M] () -- C:\Users\pstendel\defogger_reenable

[2013.02.28 22:55:31 | 000,050,477 | ---- | M] () -- C:\Users\pstendel\Desktop\Defogger.exe

[2013.02.28 21:57:10 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\unhide(1).exe

[2013.02.28 21:50:18 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\rkill(1).com

[2013.02.27 15:38:24 | 000,000,005 | ---- | M] () -- C:\Users\pstendel\AppData\Roaming\mbam.context.scan

[2013.02.27 12:58:54 | 000,000,000 | ---- | M] () -- C:\Cookies

[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwDr

[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwD

[2013.02.25 17:59:14 | 671,435,064 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.02.16 03:20:04 | 000,462,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.02.15 21:51:52 | 000,001,160 | ---- | M] () -- C:\WirelessDiagLog.csv

[2013.02.08 13:04:27 | 000,000,089 | ---- | M] () -- C:\Windows\hmdglob.ini

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.03.09 10:40:40 | 000,006,946 | ---- | C] () -- C:\Users\pstendel\Desktop\ComboFix_Log.zip

[2013.03.09 10:03:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.03.09 10:03:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.03.09 10:03:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.03.09 10:03:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.03.09 10:03:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.03.09 09:54:09 | 000,001,781 | ---- | C] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].rar

[2013.03.09 09:53:45 | 000,001,813 | ---- | C] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].zip

[2013.03.02 12:57:14 | 005,401,728 | ---- | C] () -- C:\Users\pstendel\Desktop\4865.pdf

[2013.03.01 20:45:43 | 000,005,523 | ---- | C] () -- C:\Users\pstendel\Desktop\MbrScan.zip

[2013.03.01 20:40:53 | 000,000,512 | ---- | C] () -- C:\Users\pstendel\Desktop\Dump_Hdd0_DR0.mbr

[2013.03.01 09:40:17 | 000,024,148 | ---- | C] () -- C:\Users\pstendel\Desktop\TDSSKiller.2.8.16.0_01.03.2013_01.56.21_log.rar

[2013.03.01 00:43:44 | 013,711,621 | ---- | C] () -- C:\Users\pstendel\Desktop\mbar-1.01.0.1020.zip

[2013.02.28 23:58:54 | 000,036,196 | ---- | C] () -- C:\Users\pstendel\Desktop\Logfiles.zip

[2013.02.28 23:54:46 | 000,007,673 | ---- | C] () -- C:\Users\pstendel\Desktop\Gmer.zip

[2013.02.28 23:47:46 | 001,110,476 | ---- | C] () -- C:\Users\pstendel\Desktop\7z920.exe

[2013.02.28 23:08:49 | 000,377,856 | ---- | C] () -- C:\Users\pstendel\Desktop\2i6ethzv.exe

[2013.02.28 22:57:44 | 000,000,000 | ---- | C] () -- C:\Users\pstendel\defogger_reenable

[2013.02.28 22:55:45 | 000,050,477 | ---- | C] () -- C:\Users\pstendel\Desktop\Defogger.exe

[2013.02.28 21:59:06 | 000,002,591 | ---- | C] () -- C:\Users\Public\Desktop\ASP.Client.lnk

[2013.02.28 21:59:06 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2013.02.28 21:59:06 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.02.28 21:59:06 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2013.02.28 21:59:06 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013.02.28 21:59:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2013.02.28 21:59:06 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2013.02.28 21:59:06 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2013.02.28 21:59:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

[2013.02.28 21:59:06 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2013.02.28 21:59:06 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2013.02.28 21:59:06 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk

[2013.02.28 21:59:06 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2013.02.28 21:59:06 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2013.02.28 21:59:06 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2013.02.28 21:59:06 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2013.02.28 21:59:06 | 000,000,545 | ---- | C] () -- C:\Users\Public\Desktop\WinMenü.lnk

[2013.02.28 21:59:06 | 000,000,545 | ---- | C] () -- C:\Users\Public\Desktop\Personal Cockpit.lnk

[2013.02.28 21:59:05 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2013.02.28 21:59:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2013.02.28 21:59:05 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk

[2013.02.28 21:59:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2013.02.27 13:17:44 | 000,000,005 | ---- | C] () -- C:\Users\pstendel\AppData\Roaming\mbam.context.scan

[2013.02.27 12:58:54 | 000,000,000 | ---- | C] () -- C:\Cookies

[2013.02.27 01:11:08 | 000,000,152 | ---- | C] () -- C:\ProgramData\-ltCNsxmSemgqBwDr

[2013.02.27 01:11:08 | 000,000,152 | ---- | C] () -- C:\ProgramData\-ltCNsxmSemgqBwD

[2013.02.25 17:59:14 | 671,435,064 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013.02.15 22:27:57 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\MT66 Software Update.job

[2011.12.16 12:36:02 | 000,000,089 | ---- | C] () -- C:\Windows\hmdglob.ini

[2011.11.18 15:40:20 | 000,226,816 | ---- | C] () -- C:\Windows\SysWow64\VCFI5DE.dll

[2011.11.18 15:40:04 | 000,230,912 | ---- | C] () -- C:\Windows\SysWow64\Zipit.dll

[2011.11.18 15:40:04 | 000,099,840 | ---- | C] ( ) -- C:\Windows\SysWow64\Zipdll.dll

[2011.11.18 15:40:04 | 000,008,839 | ---- | C] () -- C:\Windows\hai.ini

[2011.11.18 15:40:02 | 000,059,392 | ---- | C] () -- C:\Windows\SysWow64\vcf15de.dll

[2011.11.18 15:40:01 | 000,225,403 | ---- | C] () -- C:\Windows\SysWow64\nativeview.dll

[2011.11.18 15:40:01 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\Unzdll.dll

[2011.11.18 15:40:01 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\rtf32.dll

[2011.11.18 15:40:01 | 000,020,554 | ---- | C] () -- C:\Windows\SysWow64\jawt.dll

[2011.11.18 15:40:01 | 000,015,156 | ---- | C] () -- C:\Windows\SysWow64\self32.ini

[2011.11.18 15:39:57 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\hmdpop.dll

[2011.11.18 15:39:56 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hmdmd5.dll

[2011.11.18 15:39:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hmdhso.dll

[2011.11.18 15:39:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\hmdftp.dll

[2011.11.18 15:00:21 | 000,002,774 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.10.28 20:27:26 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.10.28 20:27:25 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.10.28 20:27:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.10.28 20:27:25 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.10.28 20:27:24 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011.10.28 19:00:21 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll

[2011.10.28 18:58:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.10.12 06:41:44 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\gnupg

[2011.11.24 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\hmd

[2013.03.09 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\UseNeXT

[2012.11.01 19:46:42 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\Windows Live Writer

 
 ========== Purity Check ==========

 

 
 

< End of report >

Hi,

wie läuft der Rechner im Moment? Bemerkst du noch Probleme?

Hinweis: Deaktivierte Benutzerkontensteuerung

Ich sehe, dass die Benutzerkontensteuerung (UAC) bei dir deaktiviert ist. Hast du sie bewusst selbst ausgeschaltet?
Aus der Sicherheitsperspektive her gesehen sollte man die Benutzerkontensteuerung eingeschaltet lassen, auch wenn sie manchmal etwas mühsam ist.

Ich empfehle dir, sie gemäss dieser Anleitung wieder zu aktivieren.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

:OTL

IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..\SearchScopes\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000

O3 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwDr

[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwD
 

:commands

[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 1, Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

Hallo Leo,
der Rechner läuft meines Erachtens normal.
Keine ungewöhnlichen Aktivitäten.

Anbei die Logfiles:

Code:

Error: Unable to interpret <OTL Logfile:
 

        Code:


        
OTL logfile created on: 10.03.2013 09:14:53 - Run 3> in the current context!

Error: Unable to interpret <OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pstendel\Desktop> in the current context!

Error: Unable to interpret <64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!

Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context!

Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <7,88 Gb Total Physical Memory | 4,87 Gb Available Physical Memory | 61,82% Memory free> in the current context!

Error: Unable to interpret <15,77 Gb Paging File | 12,24 Gb Available in Paging File | 77,64% Paging File free> in the current context!

Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!

Error: Unable to interpret <Drive C: | 225,66 Gb Total Space | 37,73 Gb Free Space | 16,72% Space Free | Partition Type: NTFS> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Computer Name: STENDEL-LAPTOP | User Name: PStendel | Logged in as Administrator.> in the current context!

Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans> in the current context!

Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <PRC - File not found -- > in the current context!

Error: Unable to interpret <PRC - [2013.03.01 00:08:21 | 001,274,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe> in the current context!

Error: Unable to interpret <PRC - [2013.02.28 23:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pstendel\Desktop\OTL.exe> in the current context!

Error: Unable to interpret <PRC - [2012.12.04 13:40:24 | 005,100,544 | ---- | M] () -- C:\Program Files (x86)\UseNeXT\UseNeXT.exe> in the current context!

Error: Unable to interpret <PRC - [2012.11.28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe> in the current context!

Error: Unable to interpret <PRC - [2012.08.09 09:34:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe> in the current context!

Error: Unable to interpret <PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe> in the current context!

Error: Unable to interpret <PRC - [2012.05.10 08:06:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE> in the current context!

Error: Unable to interpret <PRC - [2012.05.10 08:06:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe> in the current context!

Error: Unable to interpret <PRC - [2012.05.10 08:06:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe> in the current context!

Error: Unable to interpret <PRC - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe> in the current context!

Error: Unable to interpret <PRC - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe> in the current context!

Error: Unable to interpret <PRC - [2011.07.25 15:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe> in the current context!

Error: Unable to interpret <PRC - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe> in the current context!

Error: Unable to interpret <PRC - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe> in the current context!

Error: Unable to interpret <PRC - [2011.05.12 22:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE> in the current context!

Error: Unable to interpret <PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe> in the current context!

Error: Unable to interpret <PRC - [2011.02.24 06:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe> in the current context!

Error: Unable to interpret <PRC - [2011.02.08 07:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe> in the current context!

Error: Unable to interpret <PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe> in the current context!

Error: Unable to interpret <PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe> in the current context!

Error: Unable to interpret <PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe> in the current context!

Error: Unable to interpret <PRC - [2010.03.12 16:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe> in the current context!

Error: Unable to interpret <PRC - [2009.07.06 20:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <MOD - [2013.03.01 00:08:19 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll> in the current context!

Error: Unable to interpret <MOD - [2013.03.01 00:08:18 | 012,637,136 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll> in the current context!

Error: Unable to interpret <MOD - [2013.03.01 00:08:16 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll> in the current context!

Error: Unable to interpret <MOD - [2013.03.01 00:07:25 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\libglesv2.dll> in the current context!

Error: Unable to interpret <MOD - [2013.03.01 00:07:24 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\libegl.dll> in the current context!

Error: Unable to interpret <MOD - [2013.03.01 00:07:21 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll> in the current context!

Error: Unable to interpret <MOD - [2013.02.16 03:20:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:36:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:36:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:31:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:30:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:30:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:30:31 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:30:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:30:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:30:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2013.01.10 13:30:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll> in the current context!

Error: Unable to interpret <MOD - [2012.12.04 13:40:24 | 005,100,544 | ---- | M] () -- C:\Program Files (x86)\UseNeXT\UseNeXT.exe> in the current context!

Error: Unable to interpret <MOD - [2011.10.28 20:30:55 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll> in the current context!

Error: Unable to interpret <MOD - [2011.10.28 20:30:55 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll> in the current context!

Error: Unable to interpret <MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll> in the current context!

Error: Unable to interpret <MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll> in the current context!

Error: Unable to interpret <MOD - [2011.07.25 15:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe> in the current context!

Error: Unable to interpret <MOD - [2011.06.05 16:22:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll> in the current context!

Error: Unable to interpret <MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf> in the current context!

Error: Unable to interpret <MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll> in the current context!

Error: Unable to interpret <MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Services (SafeList) ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <SRV:64bit: - [2010.09.22 06:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)> in the current context!

Error: Unable to interpret <SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)> in the current context!

Error: Unable to interpret <SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)> in the current context!

Error: Unable to interpret <SRV - [2013.03.08 14:57:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)> in the current context!

Error: Unable to interpret <SRV - [2013.03.02 04:59:11 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)> in the current context!

Error: Unable to interpret <SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)> in the current context!

Error: Unable to interpret <SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)> in the current context!

Error: Unable to interpret <SRV - [2012.05.10 08:06:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)> in the current context!

Error: Unable to interpret <SRV - [2012.05.10 08:06:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)> in the current context!

Error: Unable to interpret <SRV - [2012.05.10 08:06:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)> in the current context!

Error: Unable to interpret <SRV - [2011.08.24 22:17:34 | 002,279,320 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)> in the current context!

Error: Unable to interpret <SRV - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)> in the current context!

Error: Unable to interpret <SRV - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)> in the current context!

Error: Unable to interpret <SRV - [2011.07.01 19:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)> in the current context!

Error: Unable to interpret <SRV - [2011.06.07 18:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)> in the current context!

Error: Unable to interpret <SRV - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)> in the current context!

Error: Unable to interpret <SRV - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)> in the current context!

Error: Unable to interpret <SRV - [2011.05.27 23:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)> in the current context!

Error: Unable to interpret <SRV - [2011.05.24 21:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)> in the current context!

Error: Unable to interpret <SRV - [2011.05.13 16:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)> in the current context!

Error: Unable to interpret <SRV - [2011.05.13 16:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)> in the current context!

Error: Unable to interpret <SRV - [2011.05.12 22:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)> in the current context!

Error: Unable to interpret <SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)> in the current context!

Error: Unable to interpret <SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)> in the current context!

Error: Unable to interpret <SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)> in the current context!

Error: Unable to interpret <SRV - [2011.02.24 06:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)> in the current context!

Error: Unable to interpret <SRV - [2011.02.17 15:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)> in the current context!

Error: Unable to interpret <SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)> in the current context!

Error: Unable to interpret <SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)> in the current context!

Error: Unable to interpret <SRV - [2010.12.23 20:23:48 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)> in the current context!

Error: Unable to interpret <SRV - [2010.12.23 20:14:10 | 000,992,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)> in the current context!

Error: Unable to interpret <SRV - [2010.12.23 20:07:12 | 000,845,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)> in the current context!

Error: Unable to interpret <SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)> in the current context!

Error: Unable to interpret <SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)> in the current context!

Error: Unable to interpret <SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)> in the current context!

Error: Unable to interpret <SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)> in the current context!

Error: Unable to interpret <SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)> in the current context!

Error: Unable to interpret <SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)> in the current context!

Error: Unable to interpret <SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)> in the current context!

Error: Unable to interpret <SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)> in the current context!

Error: Unable to interpret <SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)> in the current context!

Error: Unable to interpret <SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2012.05.10 08:06:21 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2012.05.10 08:06:21 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.28 20:30:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.28 20:30:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.28 18:53:55 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.28 18:53:55 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.28 18:53:55 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.28 18:53:55 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.28 18:53:55 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.07.22 21:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.07.20 09:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.07.19 23:24:20 | 000,020,424 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HBtnKey.sys -- (HBtnKey)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.07.15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.06.10 20:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.06.05 16:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.05.26 19:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.05.10 20:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.05.10 11:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.12.21 20:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.10.20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.09.17 09:02:24 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.07.21 19:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)> in the current context!

Error: Unable to interpret <DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)> in the current context!

Error: Unable to interpret <DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Internet Explorer ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = > in the current context!

Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{B0A6D7D5-B085-47B9-841E-5EFBED44261A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox> in the current context!

Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm> in the current context!

Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = > in the current context!

Error: Unable to interpret <IE - HKLM\..\SearchScopes\{B0A6D7D5-B085-47B9-841E-5EFBED44261A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\..\SearchScopes,DefaultScope = > in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..\SearchScopes,DefaultScope = > in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..\SearchScopes\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== FireFox ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"> in the current context!

Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: %7B10743931-94DF-476f-A987-4391233C17A2%7D:1.1.13> in the current context!

Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2> in the current context!

Error: Unable to interpret <FF - prefs.js..network.proxy.type: 0> in the current context!

Error: Unable to interpret <FF - user.js - File not found> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found> in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)> in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:57:17 | 000,000,000 | ---D | M]> in the current context!

Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[2013.02.15 22:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pstendel\AppData\Roaming\mozilla\Extensions> in the current context!

Error: Unable to interpret <[2013.03.09 09:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pstendel\AppData\Roaming\mozilla\Firefox\Profiles\kiqjlfcl.default\extensions> in the current context!

Error: Unable to interpret <[2013.02.15 22:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions> in the current context!

Error: Unable to interpret <[2013.02.15 22:38:29 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}> in the current context!

Error: Unable to interpret <[2012.12.11 09:35:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}> in the current context!

Error: Unable to interpret <[2013.03.08 14:57:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll> in the current context!

Error: Unable to interpret <[2013.02.21 11:00:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!

Error: Unable to interpret <[2013.02.21 11:00:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml> in the current context!

Error: Unable to interpret <[2013.02.21 11:00:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml> in the current context!

Error: Unable to interpret <[2013.02.21 11:00:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!

Error: Unable to interpret <[2013.02.21 11:00:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!

Error: Unable to interpret <[2013.02.21 11:00:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Chrome  ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <CHR - default_search_provider: Google (Enabled)> in the current context!

Error: Unable to interpret <CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}> in the current context!

Error: Unable to interpret <CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}> in the current context!

Error: Unable to interpret <CHR - homepage: hxxp://www.google.com/> in the current context!

Error: Unable to interpret <CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer> in the current context!

Error: Unable to interpret <CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll> in the current context!

Error: Unable to interpret <CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll> in the current context!

Error: Unable to interpret <CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll> in the current context!

Error: Unable to interpret <CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll> in the current context!

Error: Unable to interpret <CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll> in the current context!

Error: Unable to interpret <CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll> in the current context!

Error: Unable to interpret <CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll> in the current context!

Error: Unable to interpret <CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL> in the current context!

Error: Unable to interpret <CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL> in the current context!

Error: Unable to interpret <CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll> in the current context!

Error: Unable to interpret <CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll> in the current context!

Error: Unable to interpret <CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll> in the current context!

Error: Unable to interpret <CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll> in the current context!

Error: Unable to interpret <CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll> in the current context!

Error: Unable to interpret <CHR - Extension: Google Docs = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\> in the current context!

Error: Unable to interpret <CHR - Extension: Google Drive = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\> in the current context!

Error: Unable to interpret <CHR - Extension: YouTube = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\> in the current context!

Error: Unable to interpret <CHR - Extension: Google-Suche = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\> in the current context!

Error: Unable to interpret <CHR - Extension: Google Mail = C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <O1 HOSTS File: ([2013.03.09 10:13:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts> in the current context!

Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!

Error: Unable to interpret <O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)> in the current context!

Error: Unable to interpret <O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)> in the current context!

Error: Unable to interpret <O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!

Error: Unable to interpret <O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)> in the current context!

Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)> in the current context!

Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)> in the current context!

Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)> in the current context!

Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)> in the current context!

Error: Unable to interpret <O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: []  File not found> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)> in the current context!

Error: Unable to interpret <O4 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found> in the current context!

Error: Unable to interpret <O4 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O4 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)> in the current context!

Error: Unable to interpret <O4 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!

Error: Unable to interpret <O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found> in the current context!

Error: Unable to interpret <O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found> in the current context!

Error: Unable to interpret <O4 - Startup: C:\Users\istendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found> in the current context!

Error: Unable to interpret <O4 - Startup: C:\Users\Peter Stendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found> in the current context!

Error: Unable to interpret <O4 - Startup: C:\Users\pstendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found> in the current context!

Error: Unable to interpret <O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found> in the current context!

Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0> in the current context!

Error: Unable to interpret <O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!

Error: Unable to interpret <O7 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context!

Error: Unable to interpret <O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found> in the current context!

Error: Unable to interpret <O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()> in the current context!

Error: Unable to interpret <O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found> in the current context!

Error: Unable to interpret <O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!

Error: Unable to interpret <O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found> in the current context!

Error: Unable to interpret <O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()> in the current context!

Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found> in the current context!

Error: Unable to interpret <O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!

Error: Unable to interpret <O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!

Error: Unable to interpret <O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!

Error: Unable to interpret <O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!

Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!

Error: Unable to interpret <O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!

Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!

Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)> in the current context!

Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)> in the current context!

Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!

Error: Unable to interpret <O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!

Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context!

Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!

Error: Unable to interpret <O15 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)> in the current context!

Error: Unable to interpret <O15 - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)> in the current context!

Error: Unable to interpret <O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)> in the current context!

Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)> in the current context!

Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)> in the current context!

Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.17.2)> in the current context!

Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1> in the current context!

Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SteuerberatungStendel.local> in the current context!

Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68E104BF-C02E-4356-A04A-F1C55BE9C487}: DhcpNameServer = 192.168.254.254> in the current context!

Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7303AD-7DFE-4F01-B8A5-4B93B40EBF00}: DhcpNameServer = 192.168.178.1> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help - No CLSID value found> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com - No CLSID value found> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!

Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)> in the current context!

Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!

Error: Unable to interpret <O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)> in the current context!

Error: Unable to interpret <O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)> in the current context!

Error: Unable to interpret <O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)> in the current context!

Error: Unable to interpret <O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)> in the current context!

Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!

Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!

Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!

Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!

Error: Unable to interpret <O35:64bit: - HKLM\..comfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <O35:64bit: - HKLM\..exefile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*> in the current context!

Error: Unable to interpret <O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!

Error: Unable to interpret <O37 - HKLM\...com [@ = ComFile] -- "%1" %*> in the current context!

Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!

Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!

Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!

Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[2013.03.09 10:15:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5> in the current context!

Error: Unable to interpret <[2013.03.09 10:15:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe> in the current context!

Error: Unable to interpret <[2013.03.09 10:00:15 | 000,000,000 | ---D | C] -- C:\Qoobox> in the current context!

Error: Unable to interpret <[2013.03.09 09:59:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt> in the current context!

Error: Unable to interpret <[2013.03.09 09:57:43 | 005,037,067 | R--- | C] (Swearware) -- C:\Users\pstendel\Desktop\ComboFix.exe> in the current context!

Error: Unable to interpret <[2013.03.08 12:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java> in the current context!

Error: Unable to interpret <[2013.03.02 20:34:21 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte> in the current context!

Error: Unable to interpret <[2013.03.02 05:05:07 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Documents\Rezepte> in the current context!

Error: Unable to interpret <[2013.03.02 04:38:52 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Documents\Im_Sundern> in the current context!

Error: Unable to interpret <[2013.03.01 20:40:32 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\pstendel\Desktop\MbrScan.exe> in the current context!

Error: Unable to interpret <[2013.03.01 00:44:59 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Desktop\mbar-1.01.0.1020> in the current context!

Error: Unable to interpret <[2013.03.01 00:35:52 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\pstendel\Desktop\tdsskiller.exe> in the current context!

Error: Unable to interpret <[2013.03.01 00:30:54 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\pstendel\Desktop\aswMBR.exe> in the current context!

Error: Unable to interpret <[2013.02.28 23:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip> in the current context!

Error: Unable to interpret <[2013.02.28 23:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip> in the current context!

Error: Unable to interpret <[2013.02.28 23:27:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pstendel\Desktop\OTL.exe> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware> in the current context!

Error: Unable to interpret <[2013.02.28 21:58:20 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\unhide(1).exe> in the current context!

Error: Unable to interpret <[2013.02.28 21:54:46 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Desktop\rkill> in the current context!

Error: Unable to interpret <[2013.02.28 21:54:21 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\rkill(1).com> in the current context!

Error: Unable to interpret <[2013.02.27 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Roaming\Malwarebytes> in the current context!

Error: Unable to interpret <[2013.02.27 13:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes> in the current context!

Error: Unable to interpret <[2013.02.27 13:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware> in the current context!

Error: Unable to interpret <[2013.02.27 12:59:57 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Local\Programs> in the current context!

Error: Unable to interpret <[2013.02.25 17:59:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump> in the current context!

Error: Unable to interpret <[2013.02.15 22:37:51 | 000,000,000 | ---D | C] -- C:\Users\pstendel\AppData\Local\MedienTeam66> in the current context!

Error: Unable to interpret <[2013.02.15 22:37:35 | 000,000,000 | ---D | C] -- C:\Users\pstendel\Documents\YouTube Recordings> in the current context!

Error: Unable to interpret <[2013.02.15 22:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MT66 Software Update> in the current context!

Error: Unable to interpret <[2013.02.15 22:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66> in the current context!

Error: Unable to interpret <[2013.02.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MedienTeam66> in the current context!

Error: Unable to interpret <[2013.02.14 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype> in the current context!

Error: Unable to interpret <[2013.02.14 21:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype> in the current context!

Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[2013.03.10 09:03:02 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context!

Error: Unable to interpret <[2013.03.10 09:02:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job> in the current context!

Error: Unable to interpret <[2013.03.10 09:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!

Error: Unable to interpret <[2013.03.09 10:40:40 | 000,006,946 | ---- | M] () -- C:\Users\pstendel\Desktop\ComboFix_Log.zip> in the current context!

Error: Unable to interpret <[2013.03.09 10:21:59 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!

Error: Unable to interpret <[2013.03.09 10:21:59 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!

Error: Unable to interpret <[2013.03.09 10:18:59 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI> in the current context!

Error: Unable to interpret <[2013.03.09 10:18:59 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat> in the current context!

Error: Unable to interpret <[2013.03.09 10:18:59 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat> in the current context!

Error: Unable to interpret <[2013.03.09 10:18:59 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat> in the current context!

Error: Unable to interpret <[2013.03.09 10:18:59 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat> in the current context!

Error: Unable to interpret <[2013.03.09 10:14:59 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context!

Error: Unable to interpret <[2013.03.09 10:14:35 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys> in the current context!

Error: Unable to interpret <[2013.03.09 10:13:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts> in the current context!

Error: Unable to interpret <[2013.03.09 09:58:12 | 005,037,067 | R--- | M] (Swearware) -- C:\Users\pstendel\Desktop\ComboFix.exe> in the current context!

Error: Unable to interpret <[2013.03.09 09:54:51 | 000,001,813 | ---- | M] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].zip> in the current context!

Error: Unable to interpret <[2013.03.09 09:54:09 | 000,001,781 | ---- | M] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].rar> in the current context!

Error: Unable to interpret <[2013.03.08 04:31:32 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job> in the current context!

Error: Unable to interpret <[2013.03.05 14:24:27 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk> in the current context!

Error: Unable to interpret <[2013.03.02 12:57:15 | 005,401,728 | ---- | M] () -- C:\Users\pstendel\Desktop\4865.pdf> in the current context!

Error: Unable to interpret <[2013.03.01 20:45:43 | 000,005,523 | ---- | M] () -- C:\Users\pstendel\Desktop\MbrScan.zip> in the current context!

Error: Unable to interpret <[2013.03.01 20:41:29 | 000,000,512 | ---- | M] () -- C:\Users\pstendel\Desktop\Dump_Hdd0_DR0.mbr> in the current context!

Error: Unable to interpret <[2013.03.01 20:40:20 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\pstendel\Desktop\MbrScan.exe> in the current context!

Error: Unable to interpret <[2013.03.01 09:40:17 | 000,024,148 | ---- | M] () -- C:\Users\pstendel\Desktop\TDSSKiller.2.8.16.0_01.03.2013_01.56.21_log.rar> in the current context!

Error: Unable to interpret <[2013.03.01 00:44:32 | 013,711,621 | ---- | M] () -- C:\Users\pstendel\Desktop\mbar-1.01.0.1020.zip> in the current context!

Error: Unable to interpret <[2013.03.01 00:35:51 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pstendel\Desktop\tdsskiller.exe> in the current context!

Error: Unable to interpret <[2013.03.01 00:31:58 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\pstendel\Desktop\aswMBR.exe> in the current context!

Error: Unable to interpret <[2013.03.01 00:00:15 | 000,036,196 | ---- | M] () -- C:\Users\pstendel\Desktop\Logfiles.zip> in the current context!

Error: Unable to interpret <[2013.02.28 23:57:54 | 000,007,673 | ---- | M] () -- C:\Users\pstendel\Desktop\Gmer.zip> in the current context!

Error: Unable to interpret <[2013.02.28 23:47:42 | 001,110,476 | ---- | M] () -- C:\Users\pstendel\Desktop\7z920.exe> in the current context!

Error: Unable to interpret <[2013.02.28 23:27:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pstendel\Desktop\OTL.exe> in the current context!

Error: Unable to interpret <[2013.02.28 23:08:37 | 000,377,856 | ---- | M] () -- C:\Users\pstendel\Desktop\2i6ethzv.exe> in the current context!

Error: Unable to interpret <[2013.02.28 22:57:44 | 000,000,000 | ---- | M] () -- C:\Users\pstendel\defogger_reenable> in the current context!

Error: Unable to interpret <[2013.02.28 22:55:31 | 000,050,477 | ---- | M] () -- C:\Users\pstendel\Desktop\Defogger.exe> in the current context!

Error: Unable to interpret <[2013.02.28 21:57:10 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\unhide(1).exe> in the current context!

Error: Unable to interpret <[2013.02.28 21:50:18 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\pstendel\Desktop\rkill(1).com> in the current context!

Error: Unable to interpret <[2013.02.27 15:38:24 | 000,000,005 | ---- | M] () -- C:\Users\pstendel\AppData\Roaming\mbam.context.scan> in the current context!

Error: Unable to interpret <[2013.02.27 12:58:54 | 000,000,000 | ---- | M] () -- C:\Cookies> in the current context!

Error: Unable to interpret <[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwDr> in the current context!

Error: Unable to interpret <[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwD> in the current context!

Error: Unable to interpret <[2013.02.25 17:59:14 | 671,435,064 | ---- | M] () -- C:\Windows\MEMORY.DMP> in the current context!

Error: Unable to interpret <[2013.02.16 03:20:04 | 000,462,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT> in the current context!

Error: Unable to interpret <[2013.02.15 21:51:52 | 000,001,160 | ---- | M] () -- C:\WirelessDiagLog.csv> in the current context!

Error: Unable to interpret <[2013.02.08 13:04:27 | 000,000,089 | ---- | M] () -- C:\Windows\hmdglob.ini> in the current context!

Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[2013.03.09 10:40:40 | 000,006,946 | ---- | C] () -- C:\Users\pstendel\Desktop\ComboFix_Log.zip> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe> in the current context!

Error: Unable to interpret <[2013.03.09 10:03:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe> in the current context!

Error: Unable to interpret <[2013.03.09 09:54:09 | 000,001,781 | ---- | C] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].rar> in the current context!

Error: Unable to interpret <[2013.03.09 09:53:45 | 000,001,813 | ---- | C] () -- C:\Users\pstendel\Desktop\AdwCleaner[S1].zip> in the current context!

Error: Unable to interpret <[2013.03.02 12:57:14 | 005,401,728 | ---- | C] () -- C:\Users\pstendel\Desktop\4865.pdf> in the current context!

Error: Unable to interpret <[2013.03.01 20:45:43 | 000,005,523 | ---- | C] () -- C:\Users\pstendel\Desktop\MbrScan.zip> in the current context!

Error: Unable to interpret <[2013.03.01 20:40:53 | 000,000,512 | ---- | C] () -- C:\Users\pstendel\Desktop\Dump_Hdd0_DR0.mbr> in the current context!

Error: Unable to interpret <[2013.03.01 09:40:17 | 000,024,148 | ---- | C] () -- C:\Users\pstendel\Desktop\TDSSKiller.2.8.16.0_01.03.2013_01.56.21_log.rar> in the current context!

Error: Unable to interpret <[2013.03.01 00:43:44 | 013,711,621 | ---- | C] () -- C:\Users\pstendel\Desktop\mbar-1.01.0.1020.zip> in the current context!

Error: Unable to interpret <[2013.02.28 23:58:54 | 000,036,196 | ---- | C] () -- C:\Users\pstendel\Desktop\Logfiles.zip> in the current context!

Error: Unable to interpret <[2013.02.28 23:54:46 | 000,007,673 | ---- | C] () -- C:\Users\pstendel\Desktop\Gmer.zip> in the current context!

Error: Unable to interpret <[2013.02.28 23:47:46 | 001,110,476 | ---- | C] () -- C:\Users\pstendel\Desktop\7z920.exe> in the current context!

Error: Unable to interpret <[2013.02.28 23:08:49 | 000,377,856 | ---- | C] () -- C:\Users\pstendel\Desktop\2i6ethzv.exe> in the current context!

Error: Unable to interpret <[2013.02.28 22:57:44 | 000,000,000 | ---- | C] () -- C:\Users\pstendel\defogger_reenable> in the current context!

Error: Unable to interpret <[2013.02.28 22:55:45 | 000,050,477 | ---- | C] () -- C:\Users\pstendel\Desktop\Defogger.exe> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,002,591 | ---- | C] () -- C:\Users\Public\Desktop\ASP.Client.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,000,545 | ---- | C] () -- C:\Users\Public\Desktop\WinMenü.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:06 | 000,000,545 | ---- | C] () -- C:\Users\Public\Desktop\Personal Cockpit.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:05 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:05 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk> in the current context!

Error: Unable to interpret <[2013.02.28 21:59:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk> in the current context!

Error: Unable to interpret <[2013.02.27 13:17:44 | 000,000,005 | ---- | C] () -- C:\Users\pstendel\AppData\Roaming\mbam.context.scan> in the current context!

Error: Unable to interpret <[2013.02.27 12:58:54 | 000,000,000 | ---- | C] () -- C:\Cookies> in the current context!

Error: Unable to interpret <[2013.02.27 01:11:08 | 000,000,152 | ---- | C] () -- C:\ProgramData\-ltCNsxmSemgqBwDr> in the current context!

Error: Unable to interpret <[2013.02.27 01:11:08 | 000,000,152 | ---- | C] () -- C:\ProgramData\-ltCNsxmSemgqBwD> in the current context!

Error: Unable to interpret <[2013.02.25 17:59:14 | 671,435,064 | ---- | C] () -- C:\Windows\MEMORY.DMP> in the current context!

Error: Unable to interpret <[2013.02.15 22:27:57 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\MT66 Software Update.job> in the current context!

Error: Unable to interpret <[2011.12.16 12:36:02 | 000,000,089 | ---- | C] () -- C:\Windows\hmdglob.ini> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:20 | 000,226,816 | ---- | C] () -- C:\Windows\SysWow64\VCFI5DE.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:04 | 000,230,912 | ---- | C] () -- C:\Windows\SysWow64\Zipit.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:04 | 000,099,840 | ---- | C] ( ) -- C:\Windows\SysWow64\Zipdll.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:04 | 000,008,839 | ---- | C] () -- C:\Windows\hai.ini> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:02 | 000,059,392 | ---- | C] () -- C:\Windows\SysWow64\vcf15de.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:01 | 000,225,403 | ---- | C] () -- C:\Windows\SysWow64\nativeview.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:01 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\Unzdll.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:01 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\rtf32.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:01 | 000,020,554 | ---- | C] () -- C:\Windows\SysWow64\jawt.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:40:01 | 000,015,156 | ---- | C] () -- C:\Windows\SysWow64\self32.ini> in the current context!

Error: Unable to interpret <[2011.11.18 15:39:57 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\hmdpop.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:39:56 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hmdmd5.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:39:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hmdhso.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:39:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\hmdftp.dll> in the current context!

Error: Unable to interpret <[2011.11.18 15:00:21 | 000,002,774 | RHS- | C] () -- C:\ProgramData\ntuser.pol> in the current context!

Error: Unable to interpret <[2011.10.28 20:27:26 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin> in the current context!

Error: Unable to interpret <[2011.10.28 20:27:25 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin> in the current context!

Error: Unable to interpret <[2011.10.28 20:27:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin> in the current context!

Error: Unable to interpret <[2011.10.28 20:27:25 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll> in the current context!

Error: Unable to interpret <[2011.10.28 20:27:24 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll> in the current context!

Error: Unable to interpret <[2011.10.28 19:00:21 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll> in the current context!

Error: Unable to interpret <[2011.10.28 18:58:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== ZeroAccess Check ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64> in the current context!

Error: Unable to interpret <"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)> in the current context!

Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]> in the current context!

Error: Unable to interpret <"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)> in the current context!

Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64> in the current context!

Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)> in the current context!

Error: Unable to interpret <"ThreadingModel" = Free> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]> in the current context!

Error: Unable to interpret <"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)> in the current context!

Error: Unable to interpret <"ThreadingModel" = Free> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64> in the current context!

Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)> in the current context!

Error: Unable to interpret <"ThreadingModel" = Both> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== LOP Check ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[2012.10.12 06:41:44 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\gnupg> in the current context!

Error: Unable to interpret <[2011.11.24 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\hmd> in the current context!

Error: Unable to interpret <[2013.03.09 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\UseNeXT> in the current context!

Error: Unable to interpret <[2012.11.01 19:46:42 | 000,000,000 | ---D | M] -- C:\Users\pstendel\AppData\Roaming\Windows Live Writer> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Purity Check ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret << End of report >

 
--- --- ---

> in the current context!

 

OTL by OldTimer - Version 3.2.69.0 log created on 03112013_193809

Code:

Malwarebytes Anti-Malware (Test) 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.03.11.09
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

PStendel :: STENDEL-LAPTOP [Administrator]
 

Schutz: Deaktiviert
 

11.03.2013 19:48:53

mbam-log-2013-03-11 (19-48-53).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 284085

Laufzeit: 1 Minute(n), 9 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

C:\Users\pstendel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\458ab93c-4064c724 multiple threats

Code:

 Results of screen317's Security Check version 0.99.61  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 9  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.70.0.1100  

 Java(TM) 6 Update 27  

 Java 7 Update 17  

 Adobe Flash Player 11.6.602.171  

 Adobe Reader 10.1.4 Adobe Reader out of Date!  

 Mozilla Firefox (19.0.2) 

 Google Chrome 25.0.1364.152  

 Google Chrome 25.0.1364.97  
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Schönen Abend noch.

Gruß

Peter

Hallo Peter,

beim OTL-Fix (Schritt 1) ist wohl etwas schief gelaufen. Es sieht so aus, als hättest du das OTL-Log in die Fixes-Box eingefügt und nicht meinen Fix.
Bitte diesen Schritt nochmals machen:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

:OTL

IE - HKU\S-1-5-21-901657276-1553592934-1975412381-1003\..\SearchScopes\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000

O3 - HKU\S-1-5-21-1437675832-1833751925-2561520803-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwDr

[2013.02.27 01:30:56 | 000,000,152 | ---- | M] () -- C:\ProgramData\-ltCNsxmSemgqBwD
 

:commands

[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von OTL

Moin,

hoffe diese sind jetzt richtig:

Code:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Microsoft\Internet Explorer\SearchScopes\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}\ not found.

Registry value HKEY_USERS\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

C:\ProgramData\-ltCNsxmSemgqBwDr moved successfully.

C:\ProgramData\-ltCNsxmSemgqBwD moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: istendel

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Peter Stendel

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 68640589 bytes

->Flash cache emptied: 566 bytes

 

User: pstendel

->Temp folder emptied: 129082499 bytes

->Temporary Internet Files folder emptied: 93434754 bytes

->Java cache emptied: 21161640 bytes

->FireFox cache emptied: 4782598 bytes

->Google Chrome cache emptied: 378355460 bytes

->Flash cache emptied: 1216 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 69557654 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 908437 bytes

 

Total Files Cleaned = 730,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 03122013_065141
 

Files\Folders moved on Reboot...

C:\Users\pstendel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.

File\Folder C:\Windows\temp\etilqs_2XvVpmSde3B7zrGr0PDW not found!

File\Folder C:\Windows\temp\etilqs_DZdlHPBzjp1qKAsb58Ft not found!

File\Folder C:\Windows\temp\etilqs_K2pCekeFh1QyrWglIr74 not found!

File\Folder C:\Windows\temp\etilqs_S47Sb0QfM5v4BYcA7xVQ not found!
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Code:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-901657276-1553592934-1975412381-1003\Software\Microsoft\Internet Explorer\SearchScopes\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544F44CD-D21A-4453-B3DE-14F4A997A0AB}\ not found.

Registry value HKEY_USERS\S-1-5-21-1437675832-1833751925-2561520803-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

C:\ProgramData\-ltCNsxmSemgqBwDr moved successfully.

C:\ProgramData\-ltCNsxmSemgqBwD moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: istendel

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Peter Stendel

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 68640589 bytes

->Flash cache emptied: 566 bytes

 

User: pstendel

->Temp folder emptied: 129082499 bytes

->Temporary Internet Files folder emptied: 93434754 bytes

->Java cache emptied: 21161640 bytes

->FireFox cache emptied: 4782598 bytes

->Google Chrome cache emptied: 378355460 bytes

->Flash cache emptied: 1216 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 69557654 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 908437 bytes

 

Total Files Cleaned = 730,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 03122013_065141
 

Files\Folders moved on Reboot...

C:\Users\pstendel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\pstendel\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.

File\Folder C:\Windows\temp\etilqs_2XvVpmSde3B7zrGr0PDW not found!

File\Folder C:\Windows\temp\etilqs_DZdlHPBzjp1qKAsb58Ft not found!

File\Folder C:\Windows\temp\etilqs_K2pCekeFh1QyrWglIr74 not found!

File\Folder C:\Windows\temp\etilqs_S47Sb0QfM5v4BYcA7xVQ not found!
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Gruß

Peter

Hallo Peter,

gut, dann schliessen wir jetzt noch die vorhandenen Sicherheitslücken (veraltete Software) und räumen zum Schluss alles auf.

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
- Java(TM) 6 Update 27
- Java(TM) 6 Update 27 (64-bit)
- Adobe Reader X (10.1.4) - Deutsch
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 3

Starte defogger und drücke den Button Re-enable.

Schritt 4

Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, kopiere folgenden Text in das Ausführen Fenster

Code:

Combofix /Uninstall

und drücke OK.
Du kannst die eben deaktivierten Programme nun wieder einschalten.

Schritt 5

Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen.
Falls du ESET aber deinstallieren möchtest, dann:

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, kopiere folgenden Text in das Ausführen Fenster

Code:

"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"

und drücke OK.

Schritt 6

Downloade dir bitte delfix auf deinen Desktop.

Schliesse alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Klicke auf Start.
DelFix entfernt alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Sollte denoch etwas übrig bleiben, kannst du es manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

HAllo Leo,

habe alle weiteren Instruktionen befolgt.
Nur das Update ADOBE Reader kann ich nicht durchführen, auch nicht als Admin.

Mal schauen, dass sollte ich aber hinkriegen.

Zunächst möchte ich mich nochmal herzlichst für Deine Bemühungen und unermüdlichen Einsatz bedanken.

Spende ist selbstverständlich für eure Leistungen und ist schon überwiesen.

Beste Grüße

und alles Gute weitehin.

PEter

Danke für die Rückmeldung, Peter, und auch dir alles Gute.
Und im Namen des Teams vielen Dank für die Spende.

Freut mich, dass wir helfen konnten. :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.