Programme öffnen nur sehr langsam

panther2 · 12.03.2013, 12:28

Hallo,
also ich bin verzweifelt.
Mein Nachbar hat seit einigen Wochen Probleme mit seinem Notebook.
Wo es früher nur wenige Milisekunden ;-) gedauert hat, dass sich Firefox oder Outlook öffnen, dauert es nun wesentlich länger.
Hab mir das angesehen und Firefox braucht wirklich ganz schön lange sich zu öffnen, NICHT IMMER, aber doch ab und zu. Selbiges gilt für Outlook, manchmal öffnet es sich auch überhaupt nicht.

Ich habe schon des Öfteren Viren/Malware etc. entfernt und bin da mit meinen Diagnose-Tools ran (MBAM, TDSSKILLER, Desinfec't, MBAM Rootkit). Mit der traurigen Ernüchterung, das nichts gefunden wurde, das System (in meinen Augen) scheint sauber.

Also wende ich mich nun an euch Profis

Hoffe ihr habt eine Erklärung dafür.
Die Prozessorauslastung ebenso die Arbeitsspeicherauslastung sind alle normal.
Autostart-Einträge stehen auch keine verdächtigen drin.

Zum Notebook: Ein Samsung mit i7-3610Q @ 2.3GHz; 8GB RAM

Danke schon im Voraus

lg

Edit: Kaspersky Internet Security 2013 ist installiert.

/schubs

/schubs

cosinus · 13.03.2013, 13:21

Zitat:

Ich habe schon des Öfteren Viren/Malware etc. entfernt

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

panther2 · 13.03.2013, 13:38

Die Logs hab ich nicht mehr.
Da ich nichts gefunden hatte, hab ich die Programme auch wieder entfernt, dazu die Logs gelöscht.

Kann aber neue Scans wieder durchführen, mit welchen Programmen? MalwareBytes?

cosinus · 13.03.2013, 13:39

D.h. es wurde nie etwas gefunden?

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

panther2 · 13.03.2013, 14:01

Nein, das ist ja das Skurrile es wurde nie etwas gefunden,
bin total am Verzweifeln gewesen

Hoffe ihr könnt etwas entdecken. Wenn ich nicht selbst sehen würde wie langsam das System manchmal wird, würd ich sagen mein Nachbar spinnt ^^
Falls nicht, hilft halt nur noch die Recovery.

Danke aufjedenfall schonmal für deine Hilfe

OTL.log:

Code:

ATTFilter

OTL logfile created on: 13.03.2013 13:45:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 74,19% Memory free
15,80 Gb Paging File | 13,56 Gb Available in Paging File | 85,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673,69 Gb Total Space | 233,28 Gb Free Space | 34,63% Space Free | Partition Type: NTFS
 
Computer Name: ****-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rudi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (SAMSUNG ELECTRONICS CO., Ltd.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (SGDrv) -- C:\Windows\SysNative\drivers\SGDrv64.sys (Phoenix Technologies Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-3430731319-1793148985-3886667869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-3430731319-1793148985-3886667869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3430731319-1793148985-3886667869-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3430731319-1793148985-3886667869-1001\..\SearchScopes\{99BFA1C9-69A6-46E3-A5EB-C21AD283914C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=5ED19CB8-CCE7-4241-ADEC-12E87821176D&apn_sauid=6491F84E-F0B4-458A-9B0B-1CA889769141
IE - HKU\S-1-5-21-3430731319-1793148985-3886667869-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3430731319-1793148985-3886667869-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.orf.at"
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.23 20:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.23 20:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.23 20:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.23 20:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.23 20:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 15:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.24 01:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudi\AppData\Roaming\mozilla\Extensions
[2012.12.10 19:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Rudi\AppData\Roaming\mozilla\firefox\profiles\yuk83n6q.default\searchplugins\askcom.xml
[2013.03.11 15:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.23 20:09:35 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.11 15:03:32 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3430731319-1793148985-3886667869-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3430731319-1793148985-3886667869-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3430731319-1793148985-3886667869-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3430731319-1793148985-3886667869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C11367D7-98C9-4525-987D-E1EBE4AFDBC5}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 13:44:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rudi\Desktop\OTL.exe
[2013.03.13 10:00:29 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.03.13 10:00:29 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.03.13 10:00:29 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.03.13 10:00:29 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013.03.13 10:00:29 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013.03.13 10:00:29 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 10:00:29 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013.03.13 10:00:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.03.13 10:00:29 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013.03.13 10:00:29 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013.03.13 10:00:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.03.13 10:00:29 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013.03.13 10:00:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.03.13 10:00:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.03.13 10:00:29 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.03.13 10:00:29 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013.03.13 10:00:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013.03.13 10:00:29 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.03.13 10:00:29 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013.03.13 10:00:29 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013.03.13 10:00:29 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.03.13 10:00:29 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.03.13 10:00:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013.03.13 10:00:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013.03.13 10:00:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013.03.13 10:00:29 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013.03.13 10:00:29 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.03.13 10:00:29 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013.03.13 10:00:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013.03.13 10:00:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013.03.13 10:00:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013.03.13 10:00:29 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013.03.13 10:00:29 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013.03.13 10:00:29 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.03.13 10:00:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.03.13 10:00:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013.03.13 10:00:29 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013.03.13 10:00:29 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013.03.13 10:00:29 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013.03.13 10:00:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013.03.13 10:00:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.03.13 10:00:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013.03.13 10:00:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.03.13 10:00:29 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 10:00:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 10:00:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013.03.13 10:00:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013.03.13 10:00:29 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.03.13 10:00:29 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013.03.13 10:00:29 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 10:00:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 10:00:29 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013.03.13 10:00:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.03.13 10:00:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013.03.13 10:00:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013.03.13 10:00:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.03.13 10:00:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013.03.13 10:00:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.03.13 10:00:29 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013.03.13 10:00:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013.03.13 10:00:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013.03.13 10:00:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.03.13 10:00:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.03.13 10:00:29 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013.03.13 10:00:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013.03.13 10:00:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013.03.13 10:00:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013.03.13 10:00:29 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013.03.13 09:57:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013.03.13 09:02:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mapi32.old.dll
[2013.03.13 09:02:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mapi32.dll
[2013.03.13 08:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.12 12:14:27 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2013.03.12 12:14:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.03.12 12:14:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.03.12 12:14:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2013.03.12 12:14:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbGD.sys
[2013.03.12 12:14:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2013.03.12 12:14:25 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013.03.12 12:14:25 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013.03.12 12:14:25 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2013.03.12 12:14:25 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2013.03.12 12:14:25 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2013.03.12 12:14:25 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2013.03.12 12:14:25 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013.03.12 12:14:25 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013.03.12 12:14:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2013.03.12 12:14:25 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2013.03.12 12:14:25 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2013.03.12 12:14:25 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2013.03.12 12:14:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2013.03.12 12:14:25 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2013.03.12 12:14:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013.03.12 12:14:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2013.03.12 12:14:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013.03.12 12:14:25 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2013.03.12 12:14:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2013.03.12 12:10:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013.03.12 12:10:04 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2013.03.12 12:10:04 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2013.03.11 15:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.06 20:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.02.28 05:18:14 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 05:18:13 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013.02.28 05:18:13 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013.02.28 05:18:13 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013.02.28 05:18:09 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013.02.28 05:18:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013.02.28 05:18:07 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013.02.28 05:18:07 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013.02.28 05:18:07 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 05:18:07 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013.02.28 05:18:07 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 05:18:07 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 05:18:07 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 05:18:07 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 05:18:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 05:18:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 05:18:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 05:18:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 05:18:07 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 05:18:07 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 05:18:06 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013.02.28 05:18:06 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013.02.28 05:18:06 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013.02.28 05:18:06 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013.02.28 05:18:06 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013.02.28 05:18:06 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013.02.28 05:18:06 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013.02.28 05:18:06 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013.02.28 05:18:06 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013.02.28 05:18:06 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 05:18:06 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 05:18:06 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 05:18:06 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 05:18:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 05:18:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 05:18:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 05:18:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 05:18:05 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013.02.28 05:18:05 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013.02.28 05:18:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013.02.28 05:18:05 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013.02.24 09:17:20 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.02.24 09:17:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.02.24 09:17:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.02.24 09:17:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.24 09:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.13 16:45:06 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013.02.13 16:45:06 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013.02.13 16:45:05 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013.02.13 16:44:57 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.02.13 16:44:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.02.13 16:44:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.02.13 16:44:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.02.13 16:44:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.02.13 16:44:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.02.13 16:44:55 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Users\Rudi\Documents\*.tmp files -> C:\Users\Rudi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 13:50:17 | 000,021,216 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 13:50:17 | 000,021,216 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 13:47:11 | 001,507,106 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.03.13 13:47:11 | 000,657,676 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.03.13 13:47:11 | 000,618,912 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.03.13 13:47:11 | 000,131,016 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.03.13 13:47:11 | 000,107,232 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.03.13 13:44:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rudi\Desktop\OTL.exe
[2013.03.13 13:42:44 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.03.13 13:42:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.13 13:42:30 | 4187,402,239 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 10:12:40 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 10:00:29 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.03.13 10:00:29 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.03.13 10:00:29 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.03.13 10:00:29 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013.03.13 10:00:29 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013.03.13 10:00:29 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 10:00:29 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013.03.13 10:00:29 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.03.13 10:00:29 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013.03.13 10:00:29 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013.03.13 10:00:29 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.03.13 10:00:29 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013.03.13 10:00:29 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.03.13 10:00:29 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.03.13 10:00:29 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.03.13 10:00:29 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013.03.13 10:00:29 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013.03.13 10:00:29 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.03.13 10:00:29 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013.03.13 10:00:29 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013.03.13 10:00:29 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.03.13 10:00:29 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.03.13 10:00:29 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013.03.13 10:00:29 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013.03.13 10:00:29 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013.03.13 10:00:29 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013.03.13 10:00:29 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.03.13 10:00:29 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013.03.13 10:00:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013.03.13 10:00:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013.03.13 10:00:29 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013.03.13 10:00:29 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013.03.13 10:00:29 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013.03.13 10:00:29 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.03.13 10:00:29 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.03.13 10:00:29 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013.03.13 10:00:29 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013.03.13 10:00:29 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013.03.13 10:00:29 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013.03.13 10:00:29 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013.03.13 10:00:29 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.03.13 10:00:29 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013.03.13 10:00:29 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.03.13 10:00:29 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 10:00:29 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 10:00:29 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013.03.13 10:00:29 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013.03.13 10:00:29 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.03.13 10:00:29 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013.03.13 10:00:29 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 10:00:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 10:00:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013.03.13 10:00:29 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.03.13 10:00:29 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013.03.13 10:00:29 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013.03.13 10:00:29 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.03.13 10:00:29 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013.03.13 10:00:29 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.03.13 10:00:29 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013.03.13 10:00:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013.03.13 10:00:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013.03.13 10:00:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.03.13 10:00:29 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.03.13 10:00:29 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013.03.13 10:00:29 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013.03.13 10:00:29 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013.03.13 10:00:29 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013.03.13 10:00:29 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013.03.13 10:00:29 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013.03.13 10:00:29 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013.03.13 09:28:13 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 09:28:13 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 08:15:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.12 12:06:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.12 12:06:01 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.10 13:33:09 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.03.06 20:36:59 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.02.24 09:17:12 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.02.24 09:17:12 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013.02.24 09:17:12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.02.24 09:17:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.02.24 09:17:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.02.24 09:17:12 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.14 14:42:33 | 000,480,608 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.12 05:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[1 C:\Users\Rudi\Documents\*.tmp files -> C:\Users\Rudi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.13 10:00:29 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013.03.13 10:00:29 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013.03.13 08:15:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.06 20:36:59 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.12.24 11:09:41 | 000,067,866 | ---- | C] () -- C:\Users\Rudi\netwlan5.img
[2012.12.24 01:32:49 | 003,131,248 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.07.28 04:36:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012.07.28 03:33:57 | 000,001,820 | ---- | C] () -- C:\windows\HotFixList.ini
[2012.02.06 03:29:35 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012.02.06 03:29:30 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012.02.06 03:29:27 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 03:29:25 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012.02.02 14:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 13.03.2013 13:45:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 74,19% Memory free
15,80 Gb Paging File | 13,56 Gb Available in Paging File | 85,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673,69 Gb Total Space | 233,28 Gb Free Space | 34,63% Space Free | Partition Type: NTFS
 
Computer Name: RUDI-LAPTOP | User Name: Rudi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3430731319-1793148985-3886667869-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93F6FD4E-7DE9-47CF-BA97-314790BF7CC9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9897FC9A-F4E8-4E39-AE2C-7FE5B70336E0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C7A9CB97-F103-4860-8C29-76831261A188}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0247DAFA-56D6-4D46-A3FD-B2780D1D9AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1EC14EA0-FF02-4C57-A065-4AA9E82DCD31}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{28647D81-55D2-46A2-ADFF-3B882D65FC3C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{2C9415E7-E55E-412E-AB53-7C06D16B3881}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"{3544DF8E-425A-4698-82B0-AD97EC5DDAA3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{3F2357C5-0FA9-48D4-AFCD-8356F9F35CDE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{51B8F223-4BD1-4459-B2B3-548B948977A3}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{5C4BAB28-2829-4696-9A0F-B8BBEACC8518}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{7F9B8898-ED66-42CA-ABBA-D1A3242162E6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{88DDF1FF-EC6E-4FD9-A57C-3A50643E7036}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{8A16C3DA-1254-4C97-BBDA-77D2AEE19F8B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9CA48B73-58D4-4EA4-8FEE-D82FAA2A1637}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B5D091AC-AE8D-4B0A-8ACD-C454F1D56C9D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{DF2E7B37-590F-4BD6-8CD1-E7D511B4B5D2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F3AA35B8-61BF-43AE-A18E-DD16BEBB0A91}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F86D38F3-6D49-489A-A17F-4683A38D0B8F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDE7A262-DB20-4432-A630-2ACEE186C416}" = Easy Migration
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonUpdate" = aonUpdate
"CanonMyPrinter" = Canon My Printer
"dreamboxEDIT" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Game Console - WildGames" = WildTangent ORB Game Console
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2012 15:55:06 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2012 02:41:22 | Computer Name = Rudi-Laptop | Source = Customer Experience Improvement Program | ID = 1006
Description = 
 
Error - 24.12.2012 05:50:21 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2012 06:00:23 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2012 06:00:23 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2012 06:00:24 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2012 09:59:07 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2012 09:59:08 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2012 09:59:08 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.12.2012 06:59:35 | Computer Name = Rudi-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ OSession Events ]
Error - 12.03.2013 08:06:47 | Computer Name = Rudi-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2811
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.02.2013 09:51:58 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 21.02.2013 10:01:05 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 23.02.2013 03:11:51 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 25.02.2013 09:17:00 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 26.02.2013 09:25:01 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 28.02.2013 09:32:39 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 01.03.2013 00:19:32 | Computer Name = Rudi-Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 01.03.2013 00:20:02 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 02.03.2013 07:07:17 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 04.03.2013 09:24:19 | Computer Name = Rudi-Laptop | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

cosinus · 13.03.2013, 14:13

Zitat:

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

panther2 · 13.03.2013, 14:15

Zitat:

Zitat von cosinus

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Nein, aber wenn du von Samsung ein Business-Notebook kaufst - weil du einfach eine leistungsfähigere Maschine möchtest - wird die Business aufgedrückt, ob du nun willst oder nicht. Ist leider so

cosinus · 13.03.2013, 14:28

Ok, danke für die Erklärung

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

panther2 · 13.03.2013, 14:52

Ich sage Danke für die Hilfe

GMER.log:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-13 14:36:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF4O 698,64GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwliypod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2168] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey                      0000000077c7fa88 5 bytes JMP 000000017243139e
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2168] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory               0000000077c80018 5 bytes JMP 0000000172431a54
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075871465 2 bytes [87, 75]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000758714bb 2 bytes [87, 75]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3240] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075871465 2 bytes [87, 75]
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3240] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000758714bb 2 bytes [87, 75]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000075871465 2 bytes [87, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000758714bb 2 bytes [87, 75]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\windows\system32\svchost.exe [1132:6304]                                                                                                            000007fef12dd3c8
Thread  C:\windows\system32\svchost.exe [1132:6308]                                                                                                            000007fef12dd3c8
Thread  C:\windows\system32\svchost.exe [1132:6312]                                                                                                            000007fef12dd3c8
Thread  C:\windows\system32\svchost.exe [1132:6316]                                                                                                            000007fef12dd3c8
Thread  C:\windows\system32\taskhost.exe [1908:2036]                                                                                                           000007fef8f91f38
Thread  C:\windows\system32\taskhost.exe [1908:2140]                                                                                                           000007fefa6f1010
Thread  C:\windows\system32\taskhost.exe [1908:5096]                                                                                                           000007fef8b55170
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6272:6520]                                                                                         000007fefba12a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [6272:6732]                                                                                         000007fef55d5124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5B61F68C-BCFD-493A-8350-9E0FC7005137}\Connection@Name            isatap.{EDE6460F-6CA2-4159-A607-697FA4F530A2}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6A24FF0A-5CCC-4C3C-AA41-EF57C2695AB1}\Connection@Name            isatap.{A6501B2A-EAE0-44CC-AB9C-5B7ECA9C9622}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind               \Device\{6A24FF0A-5CCC-4C3C-AA41-EF57C2695AB1}?\Device\{75F2A001-E099-4356-9E22-ABF93C1BFA16}?\Device\{5B61F68C-BCFD-493A-8350-9E0FC7005137}?\Device\{8F73AF05-F4B1-4E2A-A324-905594EF7124}?\Device\{8E01138D-1462-4943-99BD-388532EFB640}?\Device\{EE293016-83F8-4E0B-8EBB-1247257AD236}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route              "{6A24FF0A-5CCC-4C3C-AA41-EF57C2695AB1}"?"{75F2A001-E099-4356-9E22-ABF93C1BFA16}"?"{5B61F68C-BCFD-493A-8350-9E0FC7005137}"?"{8F73AF05-F4B1-4E2A-A324-905594EF7124}"?"{8E01138D-1462-4943-99BD-388532EFB640}"?"{EE293016-83F8-4E0B-8EBB-1247257AD236}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export             \Device\TCPIP6TUNNEL_{6A24FF0A-5CCC-4C3C-AA41-EF57C2695AB1}?\Device\TCPIP6TUNNEL_{75F2A001-E099-4356-9E22-ABF93C1BFA16}?\Device\TCPIP6TUNNEL_{5B61F68C-BCFD-493A-8350-9E0FC7005137}?\Device\TCPIP6TUNNEL_{8F73AF05-F4B1-4E2A-A324-905594EF7124}?\Device\TCPIP6TUNNEL_{8E01138D-1462-4943-99BD-388532EFB640}?\Device\TCPIP6TUNNEL_{EE293016-83F8-4E0B-8EBB-1247257AD236}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\448500035e34                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c4850854d16a                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5B61F68C-BCFD-493A-8350-9E0FC7005137}@InterfaceName                                 isatap.{EDE6460F-6CA2-4159-A607-697FA4F530A2}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5B61F68C-BCFD-493A-8350-9E0FC7005137}@ReusableType                                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6A24FF0A-5CCC-4C3C-AA41-EF57C2695AB1}@InterfaceName                                 isatap.{A6501B2A-EAE0-44CC-AB9C-5B7ECA9C9622}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6A24FF0A-5CCC-4C3C-AA41-EF57C2695AB1}@ReusableType                                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                        12986
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                       1766
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\448500035e34 (not active ControlSet)                                                        
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c4850854d16a (not active ControlSet)                                                        

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----

MBAR:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Rudi :: ****-LAPTOP [administrator]

13.03.2013 14:51:18
mbar-log-2013-03-13 (14-51-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31678
Time elapsed: 14 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 13.03.2013, 16:06

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

panther2 · 13.03.2013, 16:33

Hier mal der Log vom TDSSKILLER, aswMBR braucht noch etwas:

Code:

ATTFilter

16:30:00.0484 0264  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:30:00.0796 0264  ============================================================
16:30:00.0796 0264  Current date / time: 2013/03/13 16:30:00.0796
16:30:00.0796 0264  SystemInfo:
16:30:00.0796 0264  
16:30:00.0796 0264  OS Version: 6.1.7601 ServicePack: 1.0
16:30:00.0796 0264  Product type: Workstation
16:30:00.0796 0264  ComputerName: ****-LAPTOP
16:30:00.0796 0264  UserName: ****
16:30:00.0796 0264  Windows directory: C:\windows
16:30:00.0796 0264  System windows directory: C:\windows
16:30:00.0796 0264  Running under WOW64
16:30:00.0796 0264  Processor architecture: Intel x64
16:30:00.0796 0264  Number of processors: 8
16:30:00.0796 0264  Page size: 0x1000
16:30:00.0796 0264  Boot type: Normal boot
16:30:00.0796 0264  ============================================================
16:30:01.0810 0264  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:30:01.0826 0264  ============================================================
16:30:01.0826 0264  \Device\Harddisk0\DR0:
16:30:01.0841 0264  MBR partitions:
16:30:01.0841 0264  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:30:01.0841 0264  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x54361800
16:30:01.0841 0264  ============================================================
16:30:01.0888 0264  C: <-> \Device\Harddisk0\DR0\Partition2
16:30:01.0888 0264  ============================================================
16:30:01.0904 0264  Initialize success
16:30:01.0904 0264  ============================================================
16:30:07.0005 6828  ============================================================
16:30:07.0005 6828  Scan started
16:30:07.0005 6828  Mode: Manual; SigCheck; TDLFS; 
16:30:07.0005 6828  ============================================================
16:30:07.0847 6828  ================ Scan system memory ========================
16:30:07.0847 6828  System memory - ok
16:30:07.0847 6828  ================ Scan services =============================
16:30:08.0939 6828  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:30:09.0127 6828  1394ohci - ok
16:30:09.0251 6828  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:30:09.0267 6828  ACPI - ok
16:30:09.0314 6828  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:30:09.0485 6828  AcpiPmi - ok
16:30:09.0735 6828  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:30:09.0766 6828  AdobeARMservice - ok
16:30:10.0172 6828  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:30:10.0203 6828  AdobeFlashPlayerUpdateSvc - ok
16:30:10.0328 6828  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:30:10.0375 6828  adp94xx - ok
16:30:10.0453 6828  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:30:10.0515 6828  adpahci - ok
16:30:10.0640 6828  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:30:10.0655 6828  adpu320 - ok
16:30:10.0702 6828  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:30:11.0404 6828  AeLookupSvc - ok
16:30:11.0498 6828  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
16:30:11.0638 6828  AFD - ok
16:30:11.0716 6828  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
16:30:11.0747 6828  agp440 - ok
16:30:11.0825 6828  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
16:30:11.0966 6828  ALG - ok
16:30:12.0091 6828  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
16:30:12.0122 6828  aliide - ok
16:30:12.0137 6828  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
16:30:12.0153 6828  amdide - ok
16:30:12.0231 6828  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:30:12.0340 6828  AmdK8 - ok
16:30:12.0371 6828  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:30:12.0434 6828  AmdPPM - ok
16:30:12.0512 6828  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:30:12.0559 6828  amdsata - ok
16:30:12.0605 6828  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:30:12.0637 6828  amdsbs - ok
16:30:12.0699 6828  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:30:12.0730 6828  amdxata - ok
16:30:12.0808 6828  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPAL          C:\windows\system32\DRIVERS\AMPPAL.sys
16:30:12.0917 6828  AMPPAL - ok
16:30:12.0933 6828  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPALP         C:\windows\system32\DRIVERS\amppal.sys
16:30:12.0949 6828  AMPPALP - ok
16:30:13.0089 6828  [ AB6E5B9333101E414D8F04BC570064F1 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:30:13.0120 6828  AMPPALR3 - ok
16:30:13.0214 6828  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
16:30:13.0323 6828  AppID - ok
16:30:13.0417 6828  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:30:13.0541 6828  AppIDSvc - ok
16:30:13.0682 6828  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
16:30:13.0791 6828  Appinfo - ok
16:30:13.0931 6828  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:30:13.0947 6828  Apple Mobile Device - ok
16:30:14.0025 6828  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
16:30:14.0150 6828  AppMgmt - ok
16:30:14.0212 6828  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
16:30:14.0243 6828  arc - ok
16:30:14.0259 6828  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:30:14.0290 6828  arcsas - ok
16:30:14.0368 6828  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:30:14.0477 6828  AsyncMac - ok
16:30:14.0540 6828  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
16:30:14.0587 6828  atapi - ok
16:30:14.0743 6828  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:30:14.0836 6828  AudioEndpointBuilder - ok
16:30:14.0930 6828  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:30:14.0992 6828  AudioSrv - ok
16:30:15.0179 6828  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
16:30:15.0195 6828  AVP - ok
16:30:15.0304 6828  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:30:15.0398 6828  AxInstSV - ok
16:30:15.0476 6828  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
16:30:15.0585 6828  b06bdrv - ok
16:30:15.0710 6828  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:30:15.0772 6828  b57nd60a - ok
16:30:15.0881 6828  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
16:30:15.0991 6828  BDESVC - ok
16:30:16.0069 6828  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
16:30:16.0147 6828  Beep - ok
16:30:16.0271 6828  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
16:30:16.0381 6828  BFE - ok
16:30:16.0474 6828  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
16:30:16.0661 6828  BITS - ok
16:30:16.0724 6828  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:30:16.0786 6828  blbdrive - ok
16:30:17.0098 6828  [ A52EA1D8C2900055323C93DDB252A3DA ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:30:17.0129 6828  Bluetooth Device Monitor - ok
16:30:17.0239 6828  [ 091210450CA7CED08F360D9D7FEC5D11 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:30:17.0285 6828  Bluetooth Media Service - ok
16:30:17.0410 6828  [ 392450754E17FF778CBC5B9D20583AD1 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:30:17.0441 6828  Bluetooth OBEX Service - ok
16:30:17.0566 6828  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:30:17.0597 6828  Bonjour Service - ok
16:30:17.0675 6828  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:30:17.0738 6828  bowser - ok
16:30:17.0816 6828  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:30:17.0878 6828  BrFiltLo - ok
16:30:17.0925 6828  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:30:17.0941 6828  BrFiltUp - ok
16:30:18.0034 6828  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
16:30:18.0097 6828  Browser - ok
16:30:18.0190 6828  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:30:18.0315 6828  Brserid - ok
16:30:18.0377 6828  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:30:18.0455 6828  BrSerWdm - ok
16:30:18.0487 6828  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:30:18.0565 6828  BrUsbMdm - ok
16:30:18.0627 6828  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:30:18.0689 6828  BrUsbSer - ok
16:30:18.0783 6828  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:30:18.0923 6828  BthEnum - ok
16:30:18.0986 6828  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
16:30:19.0048 6828  BTHMODEM - ok
16:30:19.0142 6828  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:30:19.0204 6828  BthPan - ok
16:30:19.0298 6828  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:30:19.0391 6828  BTHPORT - ok
16:30:19.0454 6828  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
16:30:19.0532 6828  bthserv - ok
16:30:19.0547 6828  [ 588762F716C2B7A2054AFBC3D58E5C21 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:30:19.0563 6828  BTHSSecurityMgr - ok
16:30:19.0610 6828  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:30:19.0672 6828  BTHUSB - ok
16:30:19.0781 6828  [ 988CC6CC49303665D3B2435C51505C3F ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
16:30:19.0891 6828  btmaux - ok
16:30:19.0937 6828  [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
16:30:20.0047 6828  btmhsf - ok
16:30:20.0125 6828  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:30:20.0234 6828  cdfs - ok
16:30:20.0296 6828  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:30:20.0374 6828  cdrom - ok
16:30:20.0468 6828  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
16:30:20.0577 6828  CertPropSvc - ok
16:30:20.0686 6828  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
16:30:20.0749 6828  circlass - ok
16:30:20.0889 6828  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
16:30:20.0936 6828  CLFS - ok
16:30:21.0029 6828  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:21.0076 6828  clr_optimization_v2.0.50727_32 - ok
16:30:21.0185 6828  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:30:21.0232 6828  clr_optimization_v2.0.50727_64 - ok
16:30:21.0529 6828  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:30:21.0544 6828  clr_optimization_v4.0.30319_32 - ok
16:30:21.0669 6828  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:30:21.0700 6828  clr_optimization_v4.0.30319_64 - ok
16:30:21.0794 6828  [ E13A438F9E51DD034730678E33B73290 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
16:30:21.0825 6828  clwvd - ok
16:30:21.0887 6828  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:30:21.0950 6828  CmBatt - ok
16:30:21.0981 6828  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:30:21.0997 6828  cmdide - ok
16:30:22.0090 6828  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
16:30:22.0168 6828  CNG - ok
16:30:22.0262 6828  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:30:22.0309 6828  Compbatt - ok
16:30:22.0387 6828  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
16:30:22.0465 6828  CompositeBus - ok
16:30:22.0496 6828  COMSysApp - ok
16:30:22.0667 6828  [ 6625A43592D123EE9AF0AB42B27B2384 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
16:30:22.0699 6828  cphs - ok
16:30:22.0777 6828  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:30:22.0808 6828  crcdisk - ok
16:30:22.0917 6828  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:30:23.0011 6828  CryptSvc - ok
16:30:23.0089 6828  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\windows\system32\drivers\csc.sys
16:30:23.0198 6828  CSC - ok
16:30:23.0291 6828  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
16:30:23.0385 6828  CscService - ok
16:30:23.0525 6828  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:30:23.0635 6828  DcomLaunch - ok
16:30:23.0775 6828  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
16:30:23.0884 6828  defragsvc - ok
16:30:23.0962 6828  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:30:24.0056 6828  DfsC - ok
16:30:24.0134 6828  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
16:30:24.0212 6828  Dhcp - ok
16:30:24.0290 6828  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
16:30:24.0383 6828  discache - ok
16:30:24.0461 6828  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
16:30:24.0493 6828  Disk - ok
16:30:24.0539 6828  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\windows\system32\drivers\dmvsc.sys
16:30:24.0649 6828  dmvsc - ok
16:30:24.0695 6828  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:30:24.0836 6828  Dnscache - ok
16:30:24.0898 6828  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
16:30:24.0992 6828  dot3svc - ok
16:30:25.0007 6828  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
16:30:25.0117 6828  DPS - ok
16:30:25.0195 6828  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:30:25.0273 6828  drmkaud - ok
16:30:25.0319 6828  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:30:25.0366 6828  DXGKrnl - ok
16:30:25.0413 6828  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
16:30:25.0491 6828  EapHost - ok
16:30:25.0756 6828  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
16:30:25.0912 6828  ebdrv - ok
16:30:25.0990 6828  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
16:30:26.0068 6828  EFS - ok
16:30:26.0177 6828  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:30:26.0349 6828  ehRecvr - ok
16:30:26.0380 6828  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
16:30:26.0474 6828  ehSched - ok
16:30:26.0599 6828  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:30:26.0645 6828  elxstor - ok
16:30:26.0661 6828  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:30:26.0723 6828  ErrDev - ok
16:30:26.0848 6828  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
16:30:26.0942 6828  EventSystem - ok
16:30:27.0098 6828  [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:30:27.0129 6828  EvtEng - ok
16:30:27.0207 6828  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
16:30:27.0316 6828  exfat - ok
16:30:27.0347 6828  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:30:27.0441 6828  fastfat - ok
16:30:27.0535 6828  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
16:30:27.0659 6828  Fax - ok
16:30:27.0738 6828  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
16:30:27.0800 6828  fdc - ok
16:30:27.0878 6828  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
16:30:27.0987 6828  fdPHost - ok
16:30:28.0034 6828  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
16:30:28.0096 6828  FDResPub - ok
16:30:28.0159 6828  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:30:28.0206 6828  FileInfo - ok
16:30:28.0237 6828  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:30:28.0330 6828  Filetrace - ok
16:30:28.0377 6828  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:30:28.0408 6828  flpydisk - ok
16:30:28.0471 6828  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:30:28.0502 6828  FltMgr - ok
16:30:28.0689 6828  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
16:30:28.0767 6828  FontCache - ok
16:30:28.0892 6828  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:30:28.0923 6828  FontCache3.0.0.0 - ok
16:30:28.0954 6828  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:30:28.0986 6828  FsDepends - ok
16:30:29.0173 6828  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:30:29.0220 6828  Fs_Rec - ok
16:30:29.0391 6828  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:30:29.0422 6828  fvevol - ok
16:30:29.0469 6828  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:30:29.0500 6828  gagp30kx - ok
16:30:29.0672 6828  [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
16:30:29.0703 6828  GameConsoleService - ok
16:30:29.0812 6828  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:30:29.0844 6828  GEARAspiWDM - ok
16:30:29.0953 6828  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
16:30:30.0031 6828  gpsvc - ok
16:30:30.0187 6828  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:30:30.0202 6828  gupdate - ok
16:30:30.0249 6828  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:30:30.0265 6828  gupdatem - ok
16:30:30.0343 6828  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:30:30.0421 6828  hcw85cir - ok
16:30:30.0514 6828  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:30:30.0592 6828  HdAudAddService - ok
16:30:30.0670 6828  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
16:30:30.0733 6828  HDAudBus - ok
16:30:30.0764 6828  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:30:30.0826 6828  HidBatt - ok
16:30:30.0858 6828  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
16:30:30.0967 6828  HidBth - ok
16:30:31.0029 6828  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
16:30:31.0060 6828  HidIr - ok
16:30:31.0092 6828  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
16:30:31.0201 6828  hidserv - ok
16:30:31.0310 6828  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:30:31.0357 6828  HidUsb - ok
16:30:31.0450 6828  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:30:31.0575 6828  hkmsvc - ok
16:30:31.0606 6828  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:30:31.0700 6828  HomeGroupListener - ok
16:30:31.0747 6828  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:30:31.0809 6828  HomeGroupProvider - ok
16:30:31.0903 6828  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:30:31.0950 6828  HpSAMD - ok
16:30:32.0043 6828  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:30:32.0121 6828  HTTP - ok
16:30:32.0293 6828  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:30:32.0308 6828  hwpolicy - ok
16:30:32.0464 6828  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
16:30:32.0496 6828  i8042prt - ok
16:30:32.0605 6828  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:30:32.0636 6828  iaStor - ok
16:30:32.0745 6828  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:30:32.0776 6828  iaStorV - ok
16:30:32.0839 6828  [ 60CC7AE9AEDB4D1E7923BD053B176D97 ] ibtfltcoex      C:\windows\system32\DRIVERS\iBtFltCoex.sys
16:30:32.0901 6828  ibtfltcoex - ok
16:30:33.0057 6828  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:30:33.0120 6828  idsvc - ok
16:30:34.0243 6828  [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
16:30:34.0804 6828  igfx - ok
16:30:34.0882 6828  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:30:34.0914 6828  iirsp - ok
16:30:35.0070 6828  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
16:30:35.0179 6828  IKEEXT - ok
16:30:35.0272 6828  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
16:30:35.0288 6828  intaud_WaveExtensible - ok
16:30:35.0631 6828  [ 6EF96DF5184DDB95A12107B8D7531FB7 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
16:30:35.0803 6828  IntcAzAudAddService - ok
16:30:35.0912 6828  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
16:30:35.0974 6828  IntcDAud - ok
16:30:36.0099 6828  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:30:36.0130 6828  Intel(R) Capability Licensing Service Interface - ok
16:30:36.0224 6828  [ 9571D8BDB56EBC52280E8020574508E6 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:30:36.0240 6828  Intel(R) ME Service - ok
16:30:36.0286 6828  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
16:30:36.0318 6828  intelide - ok
16:30:36.0380 6828  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:30:36.0442 6828  intelppm - ok
16:30:36.0520 6828  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:30:36.0614 6828  IPBusEnum - ok
16:30:36.0676 6828  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:30:36.0770 6828  IpFilterDriver - ok
16:30:36.0895 6828  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:30:36.0973 6828  iphlpsvc - ok
16:30:36.0988 6828  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:30:37.0051 6828  IPMIDRV - ok
16:30:37.0098 6828  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:30:37.0176 6828  IPNAT - ok
16:30:37.0254 6828  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:30:37.0285 6828  iPod Service - ok
16:30:37.0332 6828  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:30:37.0410 6828  IRENUM - ok
16:30:37.0488 6828  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:30:37.0519 6828  isapnp - ok
16:30:37.0581 6828  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:30:37.0612 6828  iScsiPrt - ok
16:30:37.0675 6828  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\windows\system32\DRIVERS\iusb3hcs.sys
16:30:37.0706 6828  iusb3hcs - ok
16:30:37.0768 6828  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
16:30:37.0800 6828  iusb3hub - ok
16:30:37.0862 6828  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\windows\system32\DRIVERS\iusb3xhc.sys
16:30:37.0909 6828  iusb3xhc - ok
16:30:37.0987 6828  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
16:30:38.0018 6828  iwdbus - ok
16:30:38.0065 6828  [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:30:38.0080 6828  jhi_service - ok
16:30:38.0158 6828  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:30:38.0190 6828  kbdclass - ok
16:30:38.0252 6828  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:30:38.0314 6828  kbdhid - ok
16:30:38.0377 6828  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
16:30:38.0392 6828  KeyIso - ok
16:30:38.0517 6828  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\windows\system32\DRIVERS\kl1.sys
16:30:38.0548 6828  kl1 - ok
16:30:38.0626 6828  [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF            C:\windows\system32\DRIVERS\klif.sys
16:30:38.0658 6828  KLIF - ok
16:30:38.0689 6828  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\windows\system32\DRIVERS\klim6.sys
16:30:38.0704 6828  KLIM6 - ok
16:30:38.0767 6828  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\windows\system32\DRIVERS\klkbdflt.sys
16:30:38.0782 6828  klkbdflt - ok
16:30:38.0814 6828  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\windows\system32\DRIVERS\klmouflt.sys
16:30:38.0829 6828  klmouflt - ok
16:30:38.0876 6828  [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi           C:\windows\system32\DRIVERS\kltdi.sys
16:30:38.0907 6828  kltdi - ok
16:30:38.0985 6828  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\windows\system32\DRIVERS\kneps.sys
16:30:39.0016 6828  kneps - ok
16:30:39.0063 6828  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:30:39.0110 6828  KSecDD - ok
16:30:39.0141 6828  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:30:39.0188 6828  KSecPkg - ok
16:30:39.0282 6828  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:30:39.0406 6828  ksthunk - ok
16:30:39.0484 6828  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
16:30:39.0594 6828  KtmRm - ok
16:30:39.0672 6828  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
16:30:39.0765 6828  LanmanServer - ok
16:30:39.0828 6828  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:30:39.0937 6828  LanmanWorkstation - ok
16:30:40.0030 6828  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:30:40.0140 6828  lltdio - ok
16:30:40.0218 6828  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:30:40.0327 6828  lltdsvc - ok
16:30:40.0389 6828  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:30:40.0498 6828  lmhosts - ok
16:30:40.0670 6828  [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:30:40.0701 6828  LMS - ok
16:30:40.0764 6828  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:30:40.0795 6828  LSI_FC - ok
16:30:40.0857 6828  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:30:40.0904 6828  LSI_SAS - ok
16:30:40.0920 6828  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:30:40.0951 6828  LSI_SAS2 - ok
16:30:41.0013 6828  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:30:41.0060 6828  LSI_SCSI - ok
16:30:41.0138 6828  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
16:30:41.0232 6828  luafv - ok
16:30:41.0310 6828  [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter      C:\windows\system32\drivers\massfilter.sys
16:30:41.0372 6828  massfilter - ok
16:30:41.0403 6828  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:30:41.0481 6828  Mcx2Svc - ok
16:30:41.0512 6828  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
16:30:41.0544 6828  megasas - ok
16:30:41.0622 6828  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:30:41.0668 6828  MegaSR - ok
16:30:41.0731 6828  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
16:30:41.0762 6828  MEIx64 - ok
16:30:41.0902 6828  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:30:41.0934 6828  Microsoft Office Groove Audit Service - ok
16:30:41.0996 6828  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
16:30:42.0074 6828  MMCSS - ok
16:30:42.0105 6828  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
16:30:42.0214 6828  Modem - ok
16:30:42.0324 6828  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:30:42.0370 6828  monitor - ok
16:30:42.0448 6828  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:30:42.0464 6828  mouclass - ok
16:30:42.0558 6828  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:30:42.0573 6828  mouhid - ok
16:30:42.0651 6828  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:30:42.0667 6828  mountmgr - ok
16:30:42.0807 6828  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:30:42.0838 6828  MozillaMaintenance - ok
16:30:42.0870 6828  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
16:30:42.0901 6828  mpio - ok
16:30:42.0932 6828  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:30:43.0010 6828  mpsdrv - ok
16:30:43.0072 6828  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:30:43.0182 6828  MpsSvc - ok
16:30:43.0228 6828  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:30:43.0306 6828  MRxDAV - ok
16:30:43.0353 6828  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:30:43.0462 6828  mrxsmb - ok
16:30:43.0494 6828  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:30:43.0525 6828  mrxsmb10 - ok
16:30:43.0572 6828  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:30:43.0587 6828  mrxsmb20 - ok
16:30:43.0634 6828  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
16:30:43.0665 6828  msahci - ok
16:30:43.0696 6828  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:30:43.0743 6828  msdsm - ok
16:30:43.0774 6828  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
16:30:43.0837 6828  MSDTC - ok
16:30:43.0884 6828  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:30:44.0008 6828  Msfs - ok
16:30:44.0071 6828  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:30:44.0180 6828  mshidkmdf - ok
16:30:44.0211 6828  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:30:44.0258 6828  msisadrv - ok
16:30:44.0336 6828  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:30:44.0430 6828  MSiSCSI - ok
16:30:44.0445 6828  msiserver - ok
16:30:44.0508 6828  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:30:44.0601 6828  MSKSSRV - ok
16:30:44.0664 6828  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:30:44.0742 6828  MSPCLOCK - ok
16:30:44.0820 6828  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:30:44.0898 6828  MSPQM - ok
16:30:44.0944 6828  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:30:44.0991 6828  MsRPC - ok
16:30:45.0038 6828  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
16:30:45.0069 6828  mssmbios - ok
16:30:45.0132 6828  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:30:45.0241 6828  MSTEE - ok
16:30:45.0272 6828  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:30:45.0334 6828  MTConfig - ok
16:30:45.0366 6828  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
16:30:45.0397 6828  Mup - ok
16:30:45.0506 6828  [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:30:45.0553 6828  MyWiFiDHCPDNS - ok
16:30:45.0584 6828  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
16:30:45.0693 6828  napagent - ok
16:30:45.0818 6828  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:30:45.0896 6828  NativeWifiP - ok
16:30:46.0005 6828  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:30:46.0052 6828  NDIS - ok
16:30:46.0130 6828  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:30:46.0224 6828  NdisCap - ok
16:30:46.0302 6828  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:30:46.0380 6828  NdisTapi - ok
16:30:46.0411 6828  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:30:46.0504 6828  Ndisuio - ok
16:30:46.0536 6828  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:30:46.0645 6828  NdisWan - ok
16:30:46.0707 6828  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:30:46.0801 6828  NDProxy - ok
16:30:46.0848 6828  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:30:46.0941 6828  NetBIOS - ok
16:30:46.0988 6828  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:30:47.0066 6828  NetBT - ok
16:30:47.0113 6828  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
16:30:47.0128 6828  Netlogon - ok
16:30:47.0238 6828  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
16:30:47.0347 6828  Netman - ok
16:30:47.0378 6828  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
16:30:47.0487 6828  netprofm - ok
16:30:47.0565 6828  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:30:47.0596 6828  NetTcpPortSharing - ok
16:30:48.0486 6828  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
16:30:48.0876 6828  NETwNs64 - ok
16:30:48.0954 6828  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:30:48.0985 6828  nfrd960 - ok
16:30:49.0110 6828  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:30:49.0203 6828  NlaSvc - ok
16:30:49.0234 6828  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:30:49.0297 6828  Npfs - ok
16:30:49.0344 6828  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
16:30:49.0406 6828  nsi - ok
16:30:49.0484 6828  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:30:49.0578 6828  nsiproxy - ok
16:30:49.0702 6828  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:30:49.0796 6828  Ntfs - ok
16:30:49.0827 6828  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
16:30:49.0936 6828  Null - ok
16:30:51.0496 6828  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
16:30:52.0027 6828  nvlddmkm - ok
16:30:52.0058 6828  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
16:30:52.0089 6828  nvpciflt - ok
16:30:52.0167 6828  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:30:52.0214 6828  nvraid - ok
16:30:52.0245 6828  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:30:52.0292 6828  nvstor - ok
16:30:52.0417 6828  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\windows\system32\nvvsvc.exe
16:30:52.0464 6828  nvsvc - ok
16:30:52.0573 6828  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:30:52.0620 6828  nvUpdatusService - ok
16:30:52.0698 6828  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:30:52.0744 6828  nv_agp - ok
16:30:52.0932 6828  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:30:52.0963 6828  odserv - ok
16:30:52.0994 6828  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:30:53.0056 6828  ohci1394 - ok
16:30:53.0134 6828  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:30:53.0166 6828  ose - ok
16:30:53.0259 6828  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:30:53.0368 6828  p2pimsvc - ok
16:30:53.0446 6828  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
16:30:53.0509 6828  p2psvc - ok
16:30:53.0634 6828  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
16:30:53.0665 6828  Parport - ok
16:30:53.0712 6828  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:30:53.0727 6828  partmgr - ok
16:30:53.0790 6828  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:30:53.0883 6828  PcaSvc - ok
16:30:53.0946 6828  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
16:30:53.0992 6828  pci - ok
16:30:54.0070 6828  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
16:30:54.0102 6828  pciide - ok
16:30:54.0148 6828  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:30:54.0195 6828  pcmcia - ok
16:30:54.0211 6828  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
16:30:54.0226 6828  pcw - ok
16:30:54.0336 6828  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:30:54.0445 6828  PEAUTH - ok
16:30:54.0523 6828  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
16:30:54.0616 6828  PeerDistSvc - ok
16:30:55.0022 6828  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:30:55.0100 6828  PerfHost - ok
16:30:55.0272 6828  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
16:30:55.0396 6828  pla - ok
16:30:55.0521 6828  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:30:55.0630 6828  PlugPlay - ok
16:30:55.0662 6828  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:30:55.0740 6828  PNRPAutoReg - ok
16:30:55.0802 6828  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:30:55.0833 6828  PNRPsvc - ok
16:30:55.0896 6828  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:30:56.0005 6828  PolicyAgent - ok
16:30:56.0083 6828  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
16:30:56.0192 6828  Power - ok
16:30:56.0270 6828  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:30:56.0379 6828  PptpMiniport - ok
16:30:56.0457 6828  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
16:30:56.0504 6828  Processor - ok
16:30:56.0566 6828  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
16:30:56.0613 6828  ProfSvc - ok
16:30:56.0644 6828  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:30:56.0676 6828  ProtectedStorage - ok
16:30:56.0738 6828  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:30:56.0832 6828  Psched - ok
16:30:56.0988 6828  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:30:57.0066 6828  ql2300 - ok
16:30:57.0128 6828  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:30:57.0144 6828  ql40xx - ok
16:30:57.0206 6828  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
16:30:57.0253 6828  QWAVE - ok
16:30:57.0284 6828  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:30:57.0346 6828  QWAVEdrv - ok
16:30:57.0378 6828  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:30:57.0456 6828  RasAcd - ok
16:30:57.0518 6828  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:30:57.0612 6828  RasAgileVpn - ok
16:30:57.0705 6828  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
16:30:57.0799 6828  RasAuto - ok
16:30:57.0892 6828  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:30:57.0986 6828  Rasl2tp - ok
16:30:58.0080 6828  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
16:30:58.0189 6828  RasMan - ok
16:30:58.0251 6828  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:30:58.0329 6828  RasPppoe - ok
16:30:58.0392 6828  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:30:58.0470 6828  RasSstp - ok
16:30:58.0501 6828  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:30:58.0594 6828  rdbss - ok
16:30:58.0641 6828  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
16:30:58.0704 6828  rdpbus - ok
16:30:58.0782 6828  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:30:58.0860 6828  RDPCDD - ok
16:30:58.0906 6828  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
16:30:59.0016 6828  RDPDR - ok
16:30:59.0062 6828  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:30:59.0125 6828  RDPENCDD - ok
16:30:59.0172 6828  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:30:59.0250 6828  RDPREFMP - ok
16:30:59.0421 6828  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:30:59.0515 6828  RdpVideoMiniport - ok
16:30:59.0546 6828  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:30:59.0640 6828  RDPWD - ok
16:30:59.0702 6828  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:30:59.0733 6828  rdyboost - ok
16:30:59.0858 6828  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:30:59.0874 6828  RegSrvc - ok
16:30:59.0952 6828  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:31:00.0061 6828  RemoteAccess - ok
16:31:00.0139 6828  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:31:00.0248 6828  RemoteRegistry - ok
16:31:00.0404 6828  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:31:00.0482 6828  RFCOMM - ok
16:31:00.0669 6828  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:31:00.0685 6828  RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:31:00.0685 6828  RichVideo - detected UnsignedFile.Multi.Generic (1)
16:31:00.0747 6828  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:31:00.0872 6828  RpcEptMapper - ok
16:31:00.0903 6828  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
16:31:00.0950 6828  RpcLocator - ok
16:31:01.0028 6828  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
16:31:01.0106 6828  RpcSs - ok
16:31:01.0200 6828  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:31:01.0324 6828  rspndr - ok
16:31:01.0434 6828  [ 6CF9DB101A75360E98659F823852E540 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
16:31:01.0480 6828  RTL8167 - ok
16:31:01.0527 6828  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
16:31:01.0574 6828  s3cap - ok
16:31:01.0652 6828  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\windows\system32\Drivers\SABI.sys
16:31:01.0746 6828  SABI - ok
16:31:01.0761 6828  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
16:31:01.0792 6828  SamSs - ok
16:31:01.0917 6828  [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
16:31:01.0933 6828  SamsungDeviceConfigurationWinService - ok
16:31:01.0964 6828  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:31:01.0980 6828  sbp2port - ok
16:31:02.0026 6828  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:31:02.0120 6828  SCardSvr - ok
16:31:02.0151 6828  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:31:02.0245 6828  scfilter - ok
16:31:02.0354 6828  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
16:31:02.0495 6828  Schedule - ok
16:31:02.0527 6828  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:31:02.0589 6828  SCPolicySvc - ok
16:31:02.0620 6828  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:31:02.0729 6828  SDRSVC - ok
16:31:02.0792 6828  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:31:02.0885 6828  secdrv - ok
16:31:02.0932 6828  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
16:31:03.0010 6828  seclogon - ok
16:31:03.0073 6828  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
16:31:03.0213 6828  SENS - ok
16:31:03.0275 6828  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:31:03.0338 6828  SensrSvc - ok
16:31:03.0431 6828  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
16:31:03.0478 6828  Serenum - ok
16:31:03.0541 6828  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
16:31:03.0603 6828  Serial - ok
16:31:03.0697 6828  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
16:31:03.0743 6828  sermouse - ok
16:31:03.0775 6828  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
16:31:03.0853 6828  SessionEnv - ok
16:31:03.0884 6828  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:31:03.0946 6828  sffdisk - ok
16:31:03.0977 6828  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:31:04.0024 6828  sffp_mmc - ok
16:31:04.0055 6828  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:31:04.0102 6828  sffp_sd - ok
16:31:04.0180 6828  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
16:31:04.0243 6828  sfloppy - ok
16:31:04.0352 6828  [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv           C:\windows\system32\DRIVERS\SGdrv64.sys
16:31:04.0414 6828  SGDrv - ok
16:31:04.0508 6828  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:31:04.0617 6828  SharedAccess - ok
16:31:04.0664 6828  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:31:04.0773 6828  ShellHWDetection - ok
16:31:04.0835 6828  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
16:31:04.0867 6828  SiSRaid2 - ok
16:31:04.0913 6828  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
16:31:04.0945 6828  SiSRaid4 - ok
16:31:04.0991 6828  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:31:05.0101 6828  Smb - ok
16:31:05.0179 6828  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:31:05.0272 6828  SNMPTRAP - ok
16:31:05.0366 6828  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
16:31:05.0397 6828  spldr - ok
16:31:05.0491 6828  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
16:31:05.0537 6828  Spooler - ok
16:31:05.0771 6828  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
16:31:05.0943 6828  sppsvc - ok
16:31:05.0974 6828  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:31:06.0083 6828  sppuinotify - ok
16:31:06.0146 6828  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
16:31:06.0239 6828  srv - ok
16:31:06.0286 6828  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:31:06.0349 6828  srv2 - ok
16:31:06.0411 6828  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:31:06.0473 6828  srvnet - ok
16:31:06.0536 6828  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:31:06.0645 6828  SSDPSRV - ok
16:31:06.0661 6828  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:31:06.0723 6828  SstpSvc - ok
16:31:06.0754 6828  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
16:31:06.0801 6828  stexstor - ok
16:31:06.0910 6828  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
16:31:07.0004 6828  stisvc - ok
16:31:07.0035 6828  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
16:31:07.0066 6828  storflt - ok
16:31:07.0097 6828  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
16:31:07.0191 6828  StorSvc - ok
16:31:07.0269 6828  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\windows\system32\drivers\storvsc.sys
16:31:07.0300 6828  storvsc - ok
16:31:07.0331 6828  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
16:31:07.0363 6828  swenum - ok
16:31:07.0409 6828  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
16:31:07.0519 6828  swprv - ok
16:31:07.0643 6828  [ 7E488378004FF5F9DCD1711522B1241A ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:31:07.0690 6828  SynTP - ok
16:31:07.0799 6828  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
16:31:07.0877 6828  SysMain - ok
16:31:07.0924 6828  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:31:08.0002 6828  TabletInputService - ok
16:31:08.0033 6828  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
16:31:08.0127 6828  TapiSrv - ok
16:31:08.0174 6828  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
16:31:08.0267 6828  TBS - ok
16:31:08.0408 6828  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:31:08.0501 6828  Tcpip - ok
16:31:08.0626 6828  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:31:08.0689 6828  TCPIP6 - ok
16:31:08.0751 6828  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:31:08.0813 6828  tcpipreg - ok
16:31:08.0845 6828  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:31:08.0907 6828  TDPIPE - ok
16:31:08.0954 6828  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:31:09.0001 6828  TDTCP - ok
16:31:09.0063 6828  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:31:09.0141 6828  tdx - ok
16:31:09.0188 6828  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
16:31:09.0235 6828  TermDD - ok
16:31:09.0375 6828  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
16:31:09.0469 6828  TermService - ok
16:31:09.0500 6828  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
16:31:09.0578 6828  Themes - ok
16:31:09.0625 6828  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
16:31:09.0687 6828  THREADORDER - ok
16:31:09.0781 6828  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
16:31:09.0859 6828  TrkWks - ok
16:31:09.0968 6828  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:31:10.0015 6828  TrustedInstaller - ok
16:31:10.0046 6828  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:31:10.0124 6828  tssecsrv - ok
16:31:10.0186 6828  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:31:10.0264 6828  TsUsbFlt - ok
16:31:10.0295 6828  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
16:31:10.0358 6828  TsUsbGD - ok
16:31:10.0451 6828  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:31:10.0561 6828  tunnel - ok
16:31:10.0592 6828  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
16:31:10.0623 6828  uagp35 - ok
16:31:10.0654 6828  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:31:10.0763 6828  udfs - ok
16:31:10.0795 6828  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:31:10.0841 6828  UI0Detect - ok
16:31:10.0935 6828  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:31:10.0982 6828  uliagpkx - ok
16:31:11.0029 6828  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:31:11.0075 6828  umbus - ok
16:31:11.0153 6828  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
16:31:11.0216 6828  UmPass - ok
16:31:11.0294 6828  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
16:31:11.0387 6828  UmRdpService - ok
16:31:11.0606 6828  [ D80B1075B69B57A3AB78F750CE463ECE ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:31:11.0637 6828  UNS - ok
16:31:11.0699 6828  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
16:31:11.0809 6828  upnphost - ok
16:31:11.0902 6828  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:31:11.0996 6828  usbccgp - ok
16:31:12.0074 6828  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:31:12.0121 6828  usbcir - ok
16:31:12.0230 6828  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:31:12.0292 6828  usbehci - ok
16:31:12.0355 6828  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:31:12.0417 6828  usbhub - ok
16:31:12.0464 6828  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:31:12.0526 6828  usbohci - ok
16:31:12.0620 6828  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:31:12.0682 6828  usbprint - ok
16:31:12.0776 6828  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
16:31:12.0823 6828  usbscan - ok
16:31:12.0854 6828  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:31:12.0932 6828  USBSTOR - ok
16:31:12.0994 6828  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:31:13.0057 6828  usbuhci - ok
16:31:13.0103 6828  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
16:31:13.0166 6828  usbvideo - ok
16:31:13.0228 6828  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
16:31:13.0337 6828  UxSms - ok
16:31:13.0400 6828  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
16:31:13.0415 6828  VaultSvc - ok
16:31:13.0509 6828  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:31:13.0540 6828  vdrvroot - ok
16:31:13.0571 6828  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
16:31:13.0681 6828  vds - ok
16:31:13.0727 6828  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:31:13.0774 6828  vga - ok
16:31:13.0805 6828  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
16:31:13.0899 6828  VgaSave - ok
16:31:13.0961 6828  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:31:13.0993 6828  vhdmp - ok
16:31:14.0055 6828  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
16:31:14.0071 6828  viaide - ok
16:31:14.0117 6828  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\windows\system32\drivers\vmbus.sys
16:31:14.0149 6828  vmbus - ok
16:31:14.0180 6828  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
16:31:14.0227 6828  VMBusHID - ok
16:31:14.0320 6828  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:31:14.0351 6828  volmgr - ok
16:31:14.0398 6828  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:31:14.0429 6828  volmgrx - ok
16:31:14.0523 6828  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:31:14.0570 6828  volsnap - ok
16:31:14.0663 6828  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
16:31:14.0710 6828  vsmraid - ok
16:31:14.0944 6828  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
16:31:15.0085 6828  VSS - ok
16:31:15.0116 6828  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:31:15.0194 6828  vwifibus - ok
16:31:15.0319 6828  [ 13A0DECD1794DE60A8427862C8669D27 ] VWiFiFlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:31:15.0350 6828  VWiFiFlt - ok
16:31:15.0397 6828  [ 49003B357D101CDC474937437ECF5ABC ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:31:15.0443 6828  vwifimp - ok
16:31:15.0553 6828  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
16:31:15.0646 6828  W32Time - ok
16:31:15.0677 6828  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
16:31:15.0740 6828  WacomPen - ok
16:31:15.0818 6828  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:31:15.0911 6828  WANARP - ok
16:31:15.0943 6828  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:31:15.0989 6828  Wanarpv6 - ok
16:31:16.0099 6828  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:31:16.0192 6828  WatAdminSvc - ok
16:31:16.0317 6828  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
16:31:16.0442 6828  wbengine - ok
16:31:16.0457 6828  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:31:16.0535 6828  WbioSrvc - ok
16:31:16.0613 6828  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:31:16.0660 6828  wcncsvc - ok
16:31:16.0691 6828  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:31:16.0769 6828  WcsPlugInService - ok
16:31:16.0816 6828  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
16:31:16.0847 6828  Wd - ok
16:31:16.0910 6828  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:31:16.0972 6828  Wdf01000 - ok
16:31:17.0003 6828  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:31:17.0315 6828  WdiServiceHost - ok
16:31:17.0347 6828  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:31:17.0378 6828  WdiSystemHost - ok
16:31:17.0456 6828  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
16:31:17.0534 6828  WebClient - ok
16:31:17.0549 6828  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:31:17.0659 6828  Wecsvc - ok
16:31:17.0690 6828  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:31:17.0768 6828  wercplsupport - ok
16:31:17.0830 6828  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
16:31:17.0924 6828  WerSvc - ok
16:31:18.0002 6828  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:31:18.0080 6828  WfpLwf - ok
16:31:18.0158 6828  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:31:18.0189 6828  WIMMount - ok
16:31:18.0236 6828  WinDefend - ok
16:31:18.0267 6828  WinHttpAutoProxySvc - ok
16:31:18.0376 6828  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:31:18.0454 6828  Winmgmt - ok
16:31:18.0610 6828  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
16:31:18.0719 6828  WinRM - ok
16:31:18.0860 6828  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:31:18.0922 6828  WinUsb - ok
16:31:18.0985 6828  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
16:31:19.0063 6828  Wlansvc - ok
16:31:19.0187 6828  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:31:19.0203 6828  wlcrasvc - ok
16:31:19.0609 6828  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:31:19.0733 6828  wlidsvc - ok
16:31:19.0749 6828  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
16:31:19.0780 6828  WmiAcpi - ok
16:31:19.0874 6828  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:31:19.0921 6828  wmiApSrv - ok
16:31:19.0952 6828  WMPNetworkSvc - ok
16:31:20.0045 6828  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:31:20.0108 6828  WPCSvc - ok
16:31:20.0139 6828  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:31:20.0170 6828  WPDBusEnum - ok
16:31:20.0217 6828  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:31:20.0279 6828  ws2ifsl - ok
16:31:20.0311 6828  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
16:31:20.0373 6828  wscsvc - ok
16:31:20.0373 6828  WSearch - ok
16:31:20.0513 6828  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
16:31:20.0638 6828  wuauserv - ok
16:31:20.0685 6828  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:31:20.0763 6828  WudfPf - ok
16:31:20.0872 6828  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:31:20.0919 6828  WUDFRd - ok
16:31:20.0966 6828  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:31:21.0028 6828  wudfsvc - ok
16:31:21.0075 6828  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
16:31:21.0137 6828  WwanSvc - ok
16:31:21.0340 6828  [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
16:31:21.0371 6828  ZeroConfigService - ok
16:31:21.0496 6828  [ F98415E5B83742C901D0A336972509A0 ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
16:31:21.0543 6828  ZTEusbmdm6k - ok
16:31:21.0559 6828  [ F98415E5B83742C901D0A336972509A0 ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
16:31:21.0590 6828  ZTEusbnmea - ok
16:31:21.0637 6828  [ F98415E5B83742C901D0A336972509A0 ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
16:31:21.0699 6828  ZTEusbser6k - ok
16:31:21.0793 6828  ================ Scan global ===============================
16:31:21.0824 6828  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:31:21.0902 6828  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:31:21.0949 6828  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:31:21.0980 6828  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:31:22.0027 6828  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:31:22.0027 6828  [Global] - ok
16:31:22.0027 6828  ================ Scan MBR ==================================
16:31:22.0058 6828  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
16:31:24.0866 6828  \Device\Harddisk0\DR0 - ok
16:31:24.0866 6828  ================ Scan VBR ==================================
16:31:24.0913 6828  [ 512BBDB699F60D6E19AC0353832C2D90 ] \Device\Harddisk0\DR0\Partition1
16:31:24.0928 6828  \Device\Harddisk0\DR0\Partition1 - ok
16:31:24.0959 6828  [ 94EB4751278F3128112A0E181DD407B4 ] \Device\Harddisk0\DR0\Partition2
16:31:24.0991 6828  \Device\Harddisk0\DR0\Partition2 - ok
16:31:24.0991 6828  ============================================================
16:31:24.0991 6828  Scan finished
16:31:24.0991 6828  ============================================================
16:31:25.0006 2496  Detected object count: 1
16:31:25.0006 2496  Actual detected object count: 1
16:31:32.0681 2496  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:31:32.0681 2496  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

aswMBR hängt sich bei einer Stelle immer auf, gibt es eine alternative?

Nun hat es geklappt:

asw.log:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-13 17:42:39
-----------------------------
17:42:39.945    OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:39.945    Number of processors: 8 586 0x3A09
17:42:39.945    ComputerName: ****-LAPTOP  UserName: ****
17:42:42.848    Initialize success
17:43:02.488    AVAST engine defs: 13031300
17:43:56.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:43:56.656    Disk 0 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
17:43:56.656    Disk 0 MBR read successfully
17:43:56.672    Disk 0 MBR scan
17:43:56.672    Disk 0 unknown MBR code
17:43:56.687    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:43:56.703    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       689859 MB offset 206848
17:43:56.718    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        25444 MB offset 1413038080
17:43:56.765    Disk 0 scanning C:\windows\system32\drivers
17:44:08.855    Service scanning
17:44:38.074    Modules scanning
17:44:38.074    Disk 0 trace - called modules:
17:44:38.152    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
17:44:38.168    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a20790]
17:44:38.168    3 CLASSPNP.SYS[fffff8800206c43f] -> nt!IofCallDriver -> [0xfffffa80079f0950]
17:44:38.183    5 ACPI.sys[fffff88000f147a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008d34050]
17:44:40.632    AVAST engine scan C:\windows
17:44:45.032    AVAST engine scan C:\windows\system32
17:47:34.065    AVAST engine scan C:\windows\system32\drivers
17:47:49.478    AVAST engine scan C:\Users\****
18:01:31.277    Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
18:01:31.277    The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"

cosinus · 13.03.2013, 19:37

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

panther2 · 13.03.2013, 19:55

Hallo cosinus,
ok, ich entschuldige mich jetzt gleich dafür, doch ich hab das Problem lokalisiert.
Es war anscheinend kein Virus.
Das sich Outlook so langsam/manchmal gar nicht öffnet liegt an einem Micros(schr)ot(t)-Dienst.
Der nennt sich fixmapi und ist dafür zuständig aus anderen Programmen Dateien in den Mail-Anhang zu schieben.
Bis man da mal drauf kommt

Wenn ich diesen Dienst quittiere öffnet Outlook schnell wie eh und je.
Ich weiß ja wieso ich zum Arbeiten auf den Mac umgestiegen bin.

Also trotz allem, tausend Dank für deine Bemühungen

lg

cosinus · 14.03.2013, 10:50

Zitat:

Ich weiß ja wieso ich zum Arbeiten auf den Mac umgestiegen bin.

Mit sehr teurer Hardware und der Apple-Politik?

Warum nimmst nicht ein Linux deiner Wahl?

panther2 · 14.03.2013, 10:54

Ja, ok, zugegeben zurzeit bin ich mit Apples Politik auch nicht ganz auf einer Wellenlänge, aber ihre Produkte halten was sie versprechen.
Linux hab ich in der Tat schon probiert, mit Ubuntu, also dem Klicki Bunti Linux

Hab mich aber überhaupt nicht zurechtgefunden

Hat glaub ich mal ne halbe Stunde gedauert bis ich rausgefunden hab, wie man Programme darauf installiert.
Habs dann auch zügig wieder von der Platte genommen.

Mein nächster Ausflug auf Linux wird also erst wieder stattfinden, wenn sie ihr mobiles OS rausgebracht haben, das find ich wirklich schick.

Programme öffnen nur sehr langsam

Log-Analyse und Auswertung: Programme öffnen nur sehr langsam