Trojanisches Pferd TR/Crypt.XPACK.Gen3 gefunden ... Fehlalarm?

cakken · 04.04.2013, 22:24

Hallo Trojaner Board ich hab hier den Laptop meiner Schwägerin die sachte ich soll mal drüber schauen weil AV ne Meldung gebracht hatte.

Leider werd ich daraus auch nicht so richtig schlau.

AV meckert auch das irgendein Planer nicht aktiviert ist.

Sodele denn schick ich mal die Logs hinterher.

AV Ereignisse

Code:

ATTFilter

Exportierte Ereignisse:

03.04.2013 18:48 [Echtzeit Scanner] Malware gefunden
      In der Datei 
      'C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\x86_microsoft-windows-ie-c
      ontrols_31bf3856ad364e35_10.2.9200.16521_none_eb9c55fb0808e55a\licmgr10.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

03.04.2013 18:48 [Echtzeit Scanner] Malware gefunden
      In der Datei 
      'C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\wow64_microsoft-windows-ie
      -setup-support_31bf3856ad364e35_10.2.9200.16521_none_4dfef90b034da92c\iesetup.dl
      l'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

03.04.2013 18:48 [Echtzeit Scanner] Malware gefunden
      In der Datei 
      'C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\wow64_microsoft-windows-ie
      -directxtransforms_31bf3856ad364e35_10.2.9200.16521_none_1ff492f626787225\dxtmsf
      t.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

AV Scans

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 3. April 2013  18:49

Es wird nach 3546669 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen seit s nicht mehr zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : HELENKEPPLER-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.861     41826 Bytes  19.10.2011 18:18:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  25.10.2011 18:07:35
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  11.10.2011 12:59:58
LUKE.DLL       : 12.1.0.17      68304 Bytes  11.10.2011 12:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  08.12.2011 15:36:28
AVREG.DLL      : 12.1.0.25     227024 Bytes  08.12.2011 15:36:28
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.3.0     1950720 Bytes  09.02.2011 15:08:51
VBASE003.VDF   : 7.11.5.225   1980416 Bytes  07.04.2011 10:00:55
VBASE004.VDF   : 7.11.8.178   2354176 Bytes  31.05.2011 10:18:22
VBASE005.VDF   : 7.11.10.251  1788416 Bytes  07.07.2011 12:12:53
VBASE006.VDF   : 7.11.13.60   6411776 Bytes  16.08.2011 07:26:09
VBASE007.VDF   : 7.11.15.106  2389504 Bytes  05.10.2011 12:59:54
VBASE008.VDF   : 7.11.18.32   2132992 Bytes  24.11.2011 20:48:39
VBASE009.VDF   : 7.11.18.33      2048 Bytes  24.11.2011 20:48:39
VBASE010.VDF   : 7.11.18.34      2048 Bytes  24.11.2011 20:48:39
VBASE011.VDF   : 7.11.18.35      2048 Bytes  24.11.2011 20:48:39
VBASE012.VDF   : 7.11.18.36      2048 Bytes  24.11.2011 20:48:39
VBASE013.VDF   : 7.11.18.89    204800 Bytes  28.11.2011 20:47:30
VBASE014.VDF   : 7.11.18.145   143872 Bytes  01.12.2011 14:55:10
VBASE015.VDF   : 7.11.18.180   173056 Bytes  02.12.2011 14:55:10
VBASE016.VDF   : 7.11.18.208   164864 Bytes  05.12.2011 15:31:19
VBASE017.VDF   : 7.11.18.239   177152 Bytes  06.12.2011 15:31:00
VBASE018.VDF   : 7.11.18.240     2048 Bytes  06.12.2011 15:31:00
VBASE019.VDF   : 7.11.18.241     2048 Bytes  06.12.2011 15:31:00
VBASE020.VDF   : 7.11.18.242     2048 Bytes  06.12.2011 15:31:00
VBASE021.VDF   : 7.11.18.243     2048 Bytes  06.12.2011 15:31:00
VBASE022.VDF   : 7.11.18.244     2048 Bytes  06.12.2011 15:31:01
VBASE023.VDF   : 7.11.18.245     2048 Bytes  06.12.2011 15:31:01
VBASE024.VDF   : 7.11.18.246     2048 Bytes  06.12.2011 15:31:01
VBASE025.VDF   : 7.11.18.247     2048 Bytes  06.12.2011 15:31:01
VBASE026.VDF   : 7.11.18.248     2048 Bytes  06.12.2011 15:31:01
VBASE027.VDF   : 7.11.18.249     2048 Bytes  06.12.2011 15:31:01
VBASE028.VDF   : 7.11.18.250     2048 Bytes  06.12.2011 15:31:02
VBASE029.VDF   : 7.11.18.251     2048 Bytes  06.12.2011 15:31:02
VBASE030.VDF   : 7.11.18.252     2048 Bytes  06.12.2011 15:31:02
VBASE031.VDF   : 7.11.19.28    130048 Bytes  08.12.2011 15:36:26
Engineversion  : 8.2.6.128 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 18:07:34
AESCRIPT.DLL   : 8.1.3.88      479611 Bytes  02.12.2011 14:55:13
AESCN.DLL      : 8.1.7.2       127349 Bytes  01.09.2011 21:46:02
AESBX.DLL      : 8.2.4.5       434549 Bytes  02.12.2011 14:55:13
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.14.4      741752 Bytes  02.12.2011 14:55:13
AEOFFICE.DLL   : 8.1.2.21      201084 Bytes  02.12.2011 14:55:13
AEHEUR.DLL     : 8.1.3.3      3871095 Bytes  02.12.2011 14:55:13
AEHELP.DLL     : 8.1.18.0      254327 Bytes  25.10.2011 18:07:21
AEGEN.DLL      : 8.1.5.15      405878 Bytes  02.12.2011 14:55:11
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.24.0      196983 Bytes  25.10.2011 18:07:19
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL     : 12.1.0.17     223184 Bytes  11.10.2011 12:59:36
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_515c5c3f\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Mittwoch, 3. April 2013  18:49

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WU-IE10-Windows7-x64.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Windows\SoftwareDistribution\Download\Install\WU-IE10-Windows7-x64.exe>
  [WARNUNG]   'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBChargerPlus.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SonicFocusTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AutoStartupService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_10.2.9200.16521_none_1ff492f626787225\dxtmsft.dll'
C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_10.2.9200.16521_none_1ff492f626787225\dxtmsft.dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
  [WARNUNG]   'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
Beginne mit der Suche in 'C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.2.9200.16521_none_4dfef90b034da92c\iesetup.dll'
C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.2.9200.16521_none_4dfef90b034da92c\iesetup.dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
  [WARNUNG]   'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
Beginne mit der Suche in 'C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\x86_microsoft-windows-ie-controls_31bf3856ad364e35_10.2.9200.16521_none_eb9c55fb0808e55a\licmgr10.dll'
C:\Windows\Temp\D419B4FD-833F-4B5B-B276-CB7B5238494B\x86_microsoft-windows-ie-controls_31bf3856ad364e35_10.2.9200.16521_none_eb9c55fb0808e55a\licmgr10.dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
  [WARNUNG]   'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.


Ende des Suchlaufs: Mittwoch, 3. April 2013  18:50
Benötigte Zeit: 00:07 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
  10516 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  10516 Dateien ohne Befall
     10 Archive wurden durchsucht
      4 Warnungen
      0 Hinweise

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 3. April 2013 19:07

Es wird nach 3546669 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen seit s nicht mehr zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Helen Keppler
Computername : HELENKEPPLER-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.861 Bytes 19.10.2011 18:18:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25.10.2011 18:07:35
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08.12.2011 15:36:28
AVREG.DLL : 12.1.0.25 227024 Bytes 08.12.2011 15:36:28
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 12:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 12:59:54
VBASE008.VDF : 7.11.18.32 2132992 Bytes 24.11.2011 20:48:39
VBASE009.VDF : 7.11.18.33 2048 Bytes 24.11.2011 20:48:39
VBASE010.VDF : 7.11.18.34 2048 Bytes 24.11.2011 20:48:39
VBASE011.VDF : 7.11.18.35 2048 Bytes 24.11.2011 20:48:39
VBASE012.VDF : 7.11.18.36 2048 Bytes 24.11.2011 20:48:39
VBASE013.VDF : 7.11.18.89 204800 Bytes 28.11.2011 20:47:30
VBASE014.VDF : 7.11.18.145 143872 Bytes 01.12.2011 14:55:10
VBASE015.VDF : 7.11.18.180 173056 Bytes 02.12.2011 14:55:10
VBASE016.VDF : 7.11.18.208 164864 Bytes 05.12.2011 15:31:19
VBASE017.VDF : 7.11.18.239 177152 Bytes 06.12.2011 15:31:00
VBASE018.VDF : 7.11.18.240 2048 Bytes 06.12.2011 15:31:00
VBASE019.VDF : 7.11.18.241 2048 Bytes 06.12.2011 15:31:00
VBASE020.VDF : 7.11.18.242 2048 Bytes 06.12.2011 15:31:00
VBASE021.VDF : 7.11.18.243 2048 Bytes 06.12.2011 15:31:00
VBASE022.VDF : 7.11.18.244 2048 Bytes 06.12.2011 15:31:01
VBASE023.VDF : 7.11.18.245 2048 Bytes 06.12.2011 15:31:01
VBASE024.VDF : 7.11.18.246 2048 Bytes 06.12.2011 15:31:01
VBASE025.VDF : 7.11.18.247 2048 Bytes 06.12.2011 15:31:01
VBASE026.VDF : 7.11.18.248 2048 Bytes 06.12.2011 15:31:01
VBASE027.VDF : 7.11.18.249 2048 Bytes 06.12.2011 15:31:01
VBASE028.VDF : 7.11.18.250 2048 Bytes 06.12.2011 15:31:02
VBASE029.VDF : 7.11.18.251 2048 Bytes 06.12.2011 15:31:02
VBASE030.VDF : 7.11.18.252 2048 Bytes 06.12.2011 15:31:02
VBASE031.VDF : 7.11.19.28 130048 Bytes 08.12.2011 15:36:26
Engineversion : 8.2.6.128
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 18:07:34
AESCRIPT.DLL : 8.1.3.88 479611 Bytes 02.12.2011 14:55:13
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 14:55:13
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.14.4 741752 Bytes 02.12.2011 14:55:13
AEOFFICE.DLL : 8.1.2.21 201084 Bytes 02.12.2011 14:55:13
AEHEUR.DLL : 8.1.3.3 3871095 Bytes 02.12.2011 14:55:13
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 18:07:21
AEGEN.DLL : 8.1.5.15 405878 Bytes 02.12.2011 14:55:11
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.24.0 196983 Bytes 25.10.2011 18:07:19
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.17 223184 Bytes 11.10.2011 12:59:36
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 3. April 2013 19:07

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\a1841308-3541-4fab-bc81-f71556f20b4a
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.
Versteckter Thread
[HINWEIS] Ein Systemthread ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBChargerPlus.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SonicFocusTray.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'AutoStartupService.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '32' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2023' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Windows\SoftwareDistribution\Download\904bd98e3b4a99fc29acddeeb38a945232078d6f
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
C:\Windows\SoftwareDistribution\Download\Install\WU-IE10-Windows7-x64.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_10.2.9200.16521_none_1ff492f626787225\dxtmsft.dll
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
C:\Windows\winsxs\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_10.2.9200.16521_none_4dfef90b034da92c\iesetup.dll
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
C:\Windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_10.2.9200.16521_none_eb9c55fb0808e55a\licmgr10.dll
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[WARNUNG] 'Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3'. Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
Beginne mit der Suche in 'D:\' <DATA>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert

Ende des Suchlaufs: Mittwoch, 3. April 2013 19:51
Benötigte Zeit: 44:30 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

35000 Verzeichnisse wurden überprüft
719709 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
719709 Dateien ohne Befall
5506 Archive wurden durchsucht
5 Warnungen
68 Hinweise
415032 Objekte wurden beim Rootkitscan durchsucht
68 Versteckte Objekte wurden gefunden

cakken · 04.04.2013, 22:28

OTL.txt

Code:

ATTFilter

OTL logfile created on: 04.04.2013 22:23:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Helen Keppler\Desktop\scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 73,32% Memory free
15,82 Gb Paging File | 13,24 Gb Available in Paging File | 83,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,55 Gb Total Space | 338,44 Gb Free Space | 84,49% Space Free | Partition Type: NTFS
Drive D: | 505,96 Gb Total Space | 453,26 Gb Free Space | 89,58% Space Free | Partition Type: NTFS
 
Computer Name: HELENKEPPLER-PC | User Name: Helen Keppler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Helen Keppler\Desktop\scan\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\..\SearchScopes\{94FE4815-4823-4C05-BBB8-19A8A70B86B4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=A0ED3F20-C06E-4F28-9D63-40A3B5830200&apn_sauid=11135561-4363-446E-9781-79AA4F76E83A
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=A0ED3F20-C06E-4F28-9D63-40A3B5830200&apn_ptnrs=U3&apn_sauid=11135561-4363-446E-9781-79AA4F76E83A&apn_dtid=OSJ000YYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 21:34:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 21:34:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.22 11:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen Keppler\AppData\Roaming\mozilla\Extensions
[2012.11.26 21:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen Keppler\AppData\Roaming\mozilla\Firefox\Profiles\uqw7y1c1.default\extensions
[2012.11.26 21:58:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Helen Keppler\AppData\Roaming\mozilla\Firefox\Profiles\uqw7y1c1.default\extensions\toolbar@ask.com
[2012.11.26 21:58:38 | 000,002,308 | ---- | M] () -- C:\Users\Helen Keppler\AppData\Roaming\mozilla\firefox\profiles\uqw7y1c1.default\searchplugins\askcom.xml
[2013.03.08 21:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 21:34:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 21:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.08 21:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.03.08 21:34:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.28 13:01:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 14:10:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.28 13:01:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.28 13:01:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.28 13:01:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.28 13:01:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Helen Keppler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{052556B3-0193-4DCB-9197-57D274D0B86B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFB6AEAB-1EE1-4629-B045-12A5FDB03021}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.04 22:21:41 | 000,000,000 | ---D | C] -- C:\Users\Helen Keppler\Desktop\scan
[2013.04.03 19:05:59 | 000,000,000 | ---D | C] -- C:\CONFIG
[2013.04.03 18:49:50 | 000,000,000 | ---D | C] -- C:\REPORTS
[2013.04.03 18:49:50 | 000,000,000 | ---D | C] -- C:\INFECTED
[2013.04.03 18:49:27 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.03 18:49:27 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.03 18:49:27 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.03 18:49:27 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.03 18:49:27 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.03 18:49:27 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.03 18:49:27 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.03 18:49:27 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.03 18:49:27 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.03 18:49:27 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.03 18:49:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.03 18:49:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.03 18:49:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.03 18:49:27 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.03 18:49:27 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.03 18:49:27 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.03 18:49:27 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.03 18:49:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.03 18:49:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.03 18:49:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.03 18:49:27 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.03 18:49:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.03 18:49:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.03 18:49:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.03 18:49:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.03 18:49:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.03 18:49:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.03 18:49:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.03 18:49:26 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.03 18:49:26 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.03 18:49:26 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.03 18:49:26 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.03 18:49:26 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.03 18:49:26 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.03 18:49:26 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.03 18:49:26 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.03 18:49:26 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.03 18:49:26 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.03 18:49:26 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.03 18:49:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.03 18:49:26 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.03 18:49:26 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.03 18:49:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.03 18:49:26 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.03 18:49:26 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.03 18:49:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.03 18:49:26 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.03 18:49:26 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.03 18:49:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.03 18:49:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.03 18:49:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.03 18:49:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.03 18:49:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.03 18:49:26 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.03 18:49:26 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.03 18:49:25 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.03 18:49:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.03 18:49:25 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.03 18:49:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.03 18:49:25 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.03 18:49:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.03 18:49:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.03 18:49:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.03 18:49:25 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.03 18:49:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.03 18:49:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.03 18:49:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.03 18:49:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.20 23:02:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.15 22:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.15 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.15 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.08 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.04 22:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.04 22:16:11 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.04 22:16:11 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.04 22:16:11 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.04 22:16:11 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.04 22:16:11 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 22:14:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.04 22:13:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.04 20:43:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 20:43:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 20:36:11 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.04.04 20:36:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.04 20:35:43 | 2075,893,759 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.03 18:49:27 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.03 18:49:27 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.03 18:49:27 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.03 18:49:27 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.03 18:49:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.03 18:49:27 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.03 18:49:27 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.03 18:49:27 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.03 18:49:27 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.03 18:49:27 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.03 18:49:27 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.03 18:49:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.03 18:49:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.03 18:49:27 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.03 18:49:27 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.03 18:49:27 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.03 18:49:27 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.03 18:49:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.03 18:49:27 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.03 18:49:27 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.03 18:49:27 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.03 18:49:27 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.03 18:49:27 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.03 18:49:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.03 18:49:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.03 18:49:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.03 18:49:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.03 18:49:27 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.03 18:49:26 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.03 18:49:26 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.03 18:49:26 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.03 18:49:26 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.03 18:49:26 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.03 18:49:26 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.03 18:49:26 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.03 18:49:26 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.03 18:49:26 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.03 18:49:26 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.03 18:49:26 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.03 18:49:26 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.03 18:49:26 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.03 18:49:26 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.03 18:49:26 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.03 18:49:26 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.03 18:49:26 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.03 18:49:26 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.03 18:49:26 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.03 18:49:26 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.03 18:49:26 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.03 18:49:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.03 18:49:26 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.03 18:49:26 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.03 18:49:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.03 18:49:26 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.03 18:49:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.03 18:49:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.03 18:49:26 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.03 18:49:25 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.03 18:49:25 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.03 18:49:25 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.03 18:49:25 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.03 18:49:25 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.03 18:49:25 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.03 18:49:25 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.03 18:49:25 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.03 18:49:25 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.03 18:49:25 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.03 18:49:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.03 18:49:25 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.03 18:49:25 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.15 21:27:17 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.15 21:27:17 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.04.03 18:49:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.03 18:49:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.04.05 18:02:37 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.04.05 18:02:37 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.04.05 18:02:37 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.04.05 18:02:37 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.04.05 18:02:37 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.04.05 18:02:37 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.04.05 18:02:37 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.04.05 18:02:37 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.04.05 18:02:37 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.04.05 18:02:37 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.04.05 18:02:37 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.04.05 18:02:37 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.04.05 18:02:37 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.04.05 18:02:37 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.04.05 18:02:37 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.04.05 18:02:37 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.04.05 18:02:37 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.04.05 18:02:37 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.04.05 18:02:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.13 21:25:36 | 000,205,093 | ---- | C] () -- C:\Users\Helen Keppler\Scanner.jpeg
[2011.10.22 12:52:31 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.06.20 16:02:04 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.20 16:01:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Helen Keppler\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Helen Keppler\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Helen Keppler\openofficeorg1.cab
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.17 16:49:47 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\AliceHilfe
[2011.10.22 13:02:54 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\ASUS WebStorage
[2011.11.26 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\InterTrust
[2011.12.13 20:54:16 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\Nuance
[2011.12.13 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\OpenOffice.org
[2012.01.26 22:50:29 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\SoftGrid Client
[2011.10.22 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\TP
[2012.08.25 15:31:17 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\TS3Client
[2011.11.06 14:23:35 | 000,000,000 | ---D | M] -- C:\Users\Helen Keppler\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Users\Helen Keppler\Scanner.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 04.04.2013 22:23:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Helen Keppler\Desktop\scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 73,32% Memory free
15,82 Gb Paging File | 13,24 Gb Available in Paging File | 83,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,55 Gb Total Space | 338,44 Gb Free Space | 84,49% Space Free | Partition Type: NTFS
Drive D: | 505,96 Gb Total Space | 453,26 Gb Free Space | 89,58% Space Free | Partition Type: NTFS
 
Computer Name: HELENKEPPLER-PC | User Name: Helen Keppler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A5FF4B-EA07-4F6B-93AB-DFCDC3FBD2BF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{19366897-2417-45D5-992C-E4DD4CADB5D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B530839-1868-4D38-800E-DF21A3CF2060}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26EB8C00-FF09-4CF6-B642-F1FD9E4B4EAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{349CA7A1-642C-4033-9374-20A5422876D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{393F9943-5C46-4574-BBD2-FFE98A814279}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39EC1691-F695-4636-9180-8F8032314CF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41DD09A5-9D68-458E-AB27-0BF3CC382798}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{420574B2-408E-48A6-B9AB-A8CC8D94065D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4B478846-F63B-428D-A5B8-FF6EED523E42}" = rport=138 | protocol=17 | dir=out | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5E4DE1DF-6573-4470-9CCB-9F5BF0F8B8C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6CEB501B-F19C-44C9-8BB9-6835B003689A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7B1AF1FF-8A39-44D0-B79F-A41944591FDF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7DB375DD-F11B-42E4-9D3F-F7B9DD012D31}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A890532-D9FF-46A4-AA1C-25F124B9A945}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B83A82D-6C5D-4D59-B795-23AEF2482903}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{AFC15CED-4A7C-427B-A2A3-CF2BA3524B80}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7B0092B-6C1C-4E58-A981-A97C28B7E99B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C0184700-EB71-442C-9987-4C6947484BAC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CA0F3C20-4BCC-42C6-901C-D8A1D9667BF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E95F1495-0549-42EF-B3DC-DC9B1A578CDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBFE6EB1-47BD-4E10-81E2-6C9D89E72D7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED46C03C-0BC1-4ECE-B211-6E93FC2E0AF2}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B3E822-D682-4494-89FD-718D4324DE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0366D171-6519-424A-BA17-2C8054783039}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0D406D52-5DA0-4F74-AB58-8852A81DF7A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B69AE22-A5F8-4D34-9329-90D45DC36ECC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1F808D3E-A985-4BEA-B0FD-2E8D11CFEC49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{40A26FDF-F901-4D50-B74D-3339CA85B563}" = protocol=17 | dir=in | app=e:\alicesetup.exe | 
"{42BB645E-36C9-4C26-B5B9-CFD7D9D7CF2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{473C3AE2-06F0-4D3D-BFA2-8A6EE5685304}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{530CBDE2-5EE5-4668-BE53-621266D0786D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CEEF4D1-021A-49F4-9BB1-FB57DE283636}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{66EAE5A3-7465-40C7-B30C-F62156D9011F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{792DEFA4-6F4A-42B9-9D53-174FB3171D0D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{84642625-FC25-4CB4-9DB4-5F6444CF28BF}" = protocol=6 | dir=in | app=e:\alicesetup.exe | 
"{85E877F3-4992-4B54-A794-10AC36BA8702}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8AD00115-FD33-429C-8591-B5E026888513}" = protocol=6 | dir=out | app=system | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9ABFC03B-BCEA-4781-AECA-F6D13528DFA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C00904F-43E2-4AE9-8F52-06960124BC84}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"{AB5C163C-8141-4E4A-9B80-BA2C79E2814D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AFD15E4A-28A0-421C-A4F3-6F3FBA3F565F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6C7B4F9-E0E6-429A-A549-72147832B96D}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{BD0440FE-0BBD-4DE7-8CE6-2EAB2ABE801F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D38F7EC6-686C-4075-B433-4FBFFB407CCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D5333749-6480-45D6-BF08-154E8C34A6AF}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{F261498D-7C2D-4B56-95AA-B58B5F356875}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F731EA12-353E-43E0-89F5-5EC8D36F381F}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"{F8ED190E-D12A-4423-BF79-1476AAB48699}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{605F216A-42EC-42FB-9FCE-DBFD43624D3F}D:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{C145BC34-BD0A-4E3C-A807-06694DAFE528}D:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"TCP Query User{C55685E8-7D5C-4D23-A417-5B5FFEB73C61}C:\users\helen keppler\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\helen keppler\appdata\local\temp\gw2.exe | 
"TCP Query User{EF138BAC-E5AD-416D-9E7F-DE54AF699ED8}D:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{FF6E2160-0552-4B0B-9CD0-66F6AAB74D08}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{352B1E1D-922E-4C10-B5DC-972556F6FFCA}D:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"UDP Query User{4451FF9E-EEFB-4195-96DE-0FC94B74939D}C:\users\helen keppler\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\helen keppler\appdata\local\temp\gw2.exe | 
"UDP Query User{8364BD5E-15D4-4211-A70E-2B0EEDB482F8}D:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{A8337ADF-DF10-4D70-BF98-EA704ECE0600}D:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{BBE1C991-FBC7-488F-A45D-17369503125E}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75F1F185-CB03-451C-A6EF-F13A7AEBB355}" = PHOTOfunSTUDIO 8.0 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AliceHilfe 1.0.0.1" = AliceHilfe
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Guild Wars 2" = Guild Wars 2
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Plants vs Zombies" = Plants vs Zombies
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.10.2012 08:07:31 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xeb0  Startzeit der fehlerhaften Anwendung: 0x01cdb04dd0397a8b  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 0dfb71ce-1c41-11e2-9850-14dae9a560b6
 
Error - 22.10.2012 13:23:26 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0x6c4  Startzeit der fehlerhaften Anwendung: 0x01cdb079e9b44115  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 2fa51a4c-1c6d-11e2-8260-74de2b35ce91
 
Error - 22.10.2012 13:23:33 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xdd0  Startzeit der fehlerhaften Anwendung: 0x01cdb079f63602e8  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 33f0d60a-1c6d-11e2-8260-74de2b35ce91
 
Error - 22.10.2012 13:23:33 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xe3c  Startzeit der fehlerhaften Anwendung: 0x01cdb079f65c18ed  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 34148aaf-1c6d-11e2-8260-74de2b35ce91
 
Error - 23.10.2012 12:26:37 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0x69c  Startzeit der fehlerhaften Anwendung: 0x01cdb13b2428ca72  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 6a6429cf-1d2e-11e2-947b-14dae9a560b6
 
Error - 23.10.2012 12:26:43 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xe40  Startzeit der fehlerhaften Anwendung: 0x01cdb13b30285c14  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 6dea5357-1d2e-11e2-947b-14dae9a560b6
 
Error - 23.10.2012 12:26:43 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xea0  Startzeit der fehlerhaften Anwendung: 0x01cdb13b30663fdb  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 6e28371e-1d2e-11e2-947b-14dae9a560b6
 
Error - 24.10.2012 06:03:24 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0x6a8  Startzeit der fehlerhaften Anwendung: 0x01cdb1cec4b05d46  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 0badd43d-1dc2-11e2-94cf-14dae9a560b6
 
Error - 24.10.2012 06:03:28 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xe30  Startzeit der fehlerhaften Anwendung: 0x01cdb1ced0c6a36e  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 0e889ab1-1dc2-11e2-94cf-14dae9a560b6
 
Error - 24.10.2012 06:03:29 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xe90  Startzeit der fehlerhaften Anwendung: 0x01cdb1ced1048735  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 0ec67e78-1dc2-11e2-94cf-14dae9a560b6
 
[ System Events ]
Error - 03.04.2013 12:44:13 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 03.04.2013 12:44:14 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 03.04.2013 12:44:15 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3
 Mal passiert.
 
Error - 03.04.2013 15:32:45 | Computer Name = HelenKeppler-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.04.2013 15:34:13 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 03.04.2013 15:34:13 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 03.04.2013 15:34:14 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3
 Mal passiert.
 
Error - 04.04.2013 14:36:28 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 04.04.2013 14:36:58 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 04.04.2013 14:36:58 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3
 Mal passiert.
 
 
< End of report >

cakken · 04.04.2013, 22:42

gmer.txt
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-04 23:06:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC45 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HELENK~1\AppData\Local\Temp\fxtiiuoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\Dwm.exe[1768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                         000007fefda63460 7 bytes JMP 000007fffda500d8
.text   C:\Windows\system32\Dwm.exe[1768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                           000007fefda69940 6 bytes JMP 000007fffda50148
.text   C:\Windows\system32\Dwm.exe[1768] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                              000007fefda69fb0 5 bytes JMP 000007fffda50180
.text   C:\Windows\system32\Dwm.exe[1768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                       000007fefda6a150 5 bytes JMP 000007fffda50110
.text   C:\Windows\system32\Dwm.exe[1768] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000007feffda89e0 8 bytes JMP 000007fffda501f0
.text   C:\Windows\system32\Dwm.exe[1768] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000007feffdabe40 8 bytes JMP 000007fffda501b8
.text   C:\Windows\SysWOW64\ACEngSvr.exe[3192] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                   000007feffda89e0 8 bytes JMP 000007fffda501f0
.text   C:\Windows\SysWOW64\ACEngSvr.exe[3192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                 000007feffdabe40 8 bytes JMP 000007fffda501b8
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                         0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3604] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                  0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Windows\System32\igfxpers.exe[4008] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                 0000000077abefe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\System32\igfxpers.exe[4008] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                               0000000077ae99b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\System32\igfxpers.exe[4008] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                               0000000077af94d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\System32\igfxpers.exe[4008] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                               0000000077af9640 5 bytes JMP 000000016fff0110
.text   C:\Windows\System32\igfxpers.exe[4008] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                        0000000077b1a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2984] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2984] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2984] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2984] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2984] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA           0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW  0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx  00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation  0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW    0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       0000000077941d1b 5 bytes JMP 0000000173e32450
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     0000000077941dc9 5 bytes JMP 0000000173e324b0
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         0000000077942aa4 5 bytes JMP 0000000173e32520
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            0000000077942d0a 5 bytes JMP 0000000173e32670
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           0000000076e65ea5 5 bytes JMP 0000000173e31ce0
.text   C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[4264] C:\Windows\syswow64\ole32.dll!CoCreateInstance            0000000076e99d0b 5 bytes JMP 0000000173e31c70
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2852] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                             0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2852] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                    0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2852] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                    00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2852] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                    0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2852] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                      0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                           0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                  0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                  00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                  0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                    0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                       0000000077941d1b 5 bytes JMP 0000000173e32450
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                     0000000077941dc9 5 bytes JMP 0000000173e324b0
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                         0000000077942aa4 5 bytes JMP 0000000173e32520
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                            0000000077942d0a 5 bytes JMP 0000000173e32670
.text   C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4548] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                              0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4548] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                     0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4548] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                     00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4548] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                     0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[4548] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                       0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4280] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                             0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4280] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                    0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4280] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                    00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4280] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                    0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4280] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                      0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[492] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                         0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[492] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                  0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[492] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                  00000000773ae9a2 5 bytes JMP 0000000173e31a00
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[492] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                    00000000773aebdc 5 bytes JMP 0000000173e31a90
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                      0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4932] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                             0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                             00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                             0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                               0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000075e81465 2 bytes [E8, 75]
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             0000000075e814bb 2 bytes [E8, 75]
.text   ...                                                                                                                                                           * 2
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[5768] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                         0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[5768] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[5768] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[5768] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[5768] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                  0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[5768] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                  00000000773ae9a2 5 bytes JMP 0000000173e31a00
.text   C:\Program Files (x86)\McAfee Security Scan\3.0.318\McUicnt.exe[5768] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                    00000000773aebdc 5 bytes JMP 0000000173e31a90
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                  0000000077abefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                0000000077ae99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                0000000077af94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                0000000077af9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                         0000000077b1a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                     000007fefda63460 7 bytes JMP 000007fffda200d8
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                       000007fefda69940 6 bytes JMP 000007fffda20148
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                          000007fefda69fb0 5 bytes JMP 000007fffda20180
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                   000007fefda6a150 5 bytes JMP 000007fffda20110
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000007feffda89e0 8 bytes JMP 000007fffda201f0
.text   C:\Program Files\Internet Explorer\iexplore.exe[3280] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                  000007feffdabe40 8 bytes JMP 000007fffda201b8
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000077941d1b 5 bytes JMP 0000000173e32450
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             0000000077941dc9 5 bytes JMP 0000000173e324b0
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000077942aa4 5 bytes JMP 0000000173e32520
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000077942d0a 5 bytes JMP 0000000173e32670
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            00000000773ae9a2 5 bytes JMP 0000000173e31a00
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              00000000773aebdc 5 bytes JMP 0000000173e31a90
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075e81465 2 bytes [E8, 75]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          0000000075e814bb 2 bytes [E8, 75]
.text   ...                                                                                                                                                           * 2
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                   0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                          0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                          00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                          0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                            0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                               0000000077941d1b 5 bytes JMP 0000000173e32450
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                             0000000077941dc9 5 bytes JMP 0000000173e324b0
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                 0000000077942aa4 5 bytes JMP 0000000173e32520
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                    0000000077942d0a 5 bytes JMP 0000000173e32670
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                   0000000076e65ea5 5 bytes JMP 0000000173e31ce0
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                    0000000076e99d0b 5 bytes JMP 0000000173e31c70
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                            00000000773ae9a2 5 bytes JMP 0000000173e31a00
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                              00000000773aebdc 5 bytes JMP 0000000173e31a90
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075e81465 2 bytes [E8, 75]
.text   C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[5488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000075e814bb 2 bytes [E8, 75]
.text   ...                                                                                                                                                           * 2
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                          0000000077abefe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                        0000000077ae99b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                        0000000077af94d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                        0000000077af9640 5 bytes JMP 000000016fff0110
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\kernel32.dll!RegSetValueExA                                 0000000077b1a500 7 bytes JMP 000000016fff01b8
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                             000007fefda63460 7 bytes JMP 000007fffda500d8
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                               000007fefda69940 6 bytes JMP 000007fffda50148
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                  000007fefda69fb0 5 bytes JMP 000007fffda50180
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                           000007fefda6a150 5 bytes JMP 000007fffda50110
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                            000007feffda89e0 8 bytes JMP 000007fffda501f0
.text   C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe[2964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                          000007feffdabe40 8 bytes JMP 000007fffda501b8
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000077941d1b 5 bytes JMP 0000000173e32450
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             0000000077941dc9 5 bytes JMP 0000000173e324b0
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000077942aa4 5 bytes JMP 0000000173e32520
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000077942d0a 5 bytes JMP 0000000173e32670
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            00000000773ae9a2 5 bytes JMP 0000000173e31a00
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              00000000773aebdc 5 bytes JMP 0000000173e31a90
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075e81465 2 bytes [E8, 75]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          0000000075e814bb 2 bytes [E8, 75]
.text   ...                                                                                                                                                           * 2
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                  0000000075fb1429 7 bytes JMP 0000000173e31e90
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                         0000000075fcb223 5 bytes JMP 0000000173e31da0
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                         00000000760488f4 7 bytes JMP 0000000173e31d90
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                         0000000076048979 5 bytes JMP 0000000173e31e80
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                           0000000076048ccf 5 bytes JMP 0000000173e31e10
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                              0000000077941d1b 5 bytes JMP 0000000173e32450
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                            0000000077941dc9 5 bytes JMP 0000000173e324b0
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                0000000077942aa4 5 bytes JMP 0000000173e32520
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                   0000000077942d0a 5 bytes JMP 0000000173e32670
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                           00000000773ae9a2 5 bytes JMP 0000000173e31a00
.text   C:\Users\Helen Keppler\Desktop\scan\gmer_2.1.19163.exe[5164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                             00000000773aebdc 5 bytes JMP 0000000173e31a90

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2648:2752]                                                                    0000000072d5102d
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2648:2760]                                                                    0000000072a5f1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2648:2772]                                                                    0000000072a5f1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2648:2776]                                                                    0000000072a555d3
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2648:2784]                                                                    0000000072cfc159

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                                   
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                               

---- EOF - GMER 2.1 ----

mbam.log

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Helen Keppler :: HELENKEPPLER-PC [Administrator]

04.04.2013 23:07:44
mbam-log-2013-04-04 (23-07-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383858
Laufzeit: 33 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

so mehr hab ich erstmal net ... hoffe ihr könnt Entwarnung geben

mfg

cosinus · 06.04.2013, 16:08

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

cakken · 06.04.2013, 17:24

so hier sind die gewünschten logs

mbar

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Helen Keppler :: HELENKEPPLER-PC [administrator]

06.04.2013 18:10:02
mbar-log-2013-04-06 (18-10-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29476
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswmbr

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-06 18:10:41
-----------------------------
18:10:41.939    OS Version: Windows x64 6.1.7601 Service Pack 1
18:10:41.939    Number of processors: 8 586 0x2A07
18:10:41.939    ComputerName: HELENKEPPLER-PC  UserName: Helen Keppler
18:10:45.542    Initialize success
18:12:07.620    AVAST engine defs: 13040600
18:12:27.510    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:12:27.510    Disk 0 Vendor: ST310005 JC45 Size: 953869MB BusType: 3
18:12:27.619    Disk 0 MBR read successfully
18:12:27.635    Disk 0 MBR scan
18:12:27.635    Disk 0 Windows 7 default MBR code
18:12:27.650    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
18:12:27.666    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       410163 MB offset 52430848
18:12:27.682    Disk 0 Partition - 00     0F Extended LBA            518105 MB offset 892444672
18:12:27.713    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       518104 MB offset 892446720
18:12:27.760    Disk 0 scanning C:\Windows\system32\drivers
18:12:35.638    Service scanning
18:12:50.239    Modules scanning
18:12:50.255    Disk 0 trace - called modules:
18:12:50.271    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:12:50.598    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009696790]
18:12:50.614    3 CLASSPNP.SYS[fffff88001a1f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80079f6050]
18:12:54.295    AVAST engine scan C:\Windows
18:12:56.401    AVAST engine scan C:\Windows\system32
18:15:02.216    AVAST engine scan C:\Windows\system32\drivers
18:15:11.154    AVAST engine scan C:\Users\Helen Keppler
18:17:09.886    AVAST engine scan C:\ProgramData
18:18:20.461    Scan finished successfully
18:18:36.154    Disk 0 MBR has been saved successfully to "C:\Users\Helen Keppler\Desktop\scan\MBR.dat"
18:18:36.170    The log file has been saved successfully to "C:\Users\Helen Keppler\Desktop\scan\aswMBR.txt"

tdss-killer

Code:

ATTFilter

18:19:11.0308 6096  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:19:11.0526 6096  ============================================================
18:19:11.0526 6096  Current date / time: 2013/04/06 18:19:11.0526
18:19:11.0526 6096  SystemInfo:
18:19:11.0526 6096  
18:19:11.0526 6096  OS Version: 6.1.7601 ServicePack: 1.0
18:19:11.0526 6096  Product type: Workstation
18:19:11.0526 6096  ComputerName: HELENKEPPLER-PC
18:19:11.0526 6096  UserName: Helen Keppler
18:19:11.0526 6096  Windows directory: C:\Windows
18:19:11.0526 6096  System windows directory: C:\Windows
18:19:11.0526 6096  Running under WOW64
18:19:11.0526 6096  Processor architecture: Intel x64
18:19:11.0526 6096  Number of processors: 8
18:19:11.0526 6096  Page size: 0x1000
18:19:11.0526 6096  Boot type: Normal boot
18:19:11.0526 6096  ============================================================
18:19:11.0870 6096  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:19:11.0885 6096  ============================================================
18:19:11.0885 6096  \Device\Harddisk0\DR0:
18:19:11.0885 6096  MBR partitions:
18:19:11.0885 6096  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x32119800
18:19:11.0901 6096  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3531A800, BlocksNum 0x3F3EC000
18:19:11.0901 6096  ============================================================
18:19:11.0932 6096  C: <-> \Device\Harddisk0\DR0\Partition1
18:19:11.0963 6096  D: <-> \Device\Harddisk0\DR0\Partition2
18:19:11.0963 6096  ============================================================
18:19:11.0963 6096  Initialize success
18:19:11.0963 6096  ============================================================
18:19:54.0192 3192  ============================================================
18:19:54.0192 3192  Scan started
18:19:54.0192 3192  Mode: Manual; SigCheck; TDLFS; 
18:19:54.0192 3192  ============================================================
18:19:54.0458 3192  ================ Scan system memory ========================
18:19:54.0458 3192  Scan interrupted by user!
18:19:54.0458 3192  ================ Scan services =============================
18:19:54.0473 3192  Scan interrupted by user!
18:19:54.0473 3192  ================ Scan global ===============================
18:19:54.0473 3192  Scan interrupted by user!
18:19:54.0473 3192  ================ Scan MBR ==================================
18:19:54.0473 3192  Scan interrupted by user!
18:19:54.0473 3192  ================ Scan VBR ==================================
18:19:54.0473 3192  Scan interrupted by user!
18:19:54.0473 3192  ============================================================
18:19:54.0473 3192  Scan finished
18:19:54.0473 3192  ============================================================
18:19:54.0489 6020  Detected object count: 0
18:19:54.0489 6020  Actual detected object count: 0
18:19:56.0408 5696  ============================================================
18:19:56.0408 5696  Scan started
18:19:56.0408 5696  Mode: Manual; SigCheck; TDLFS; 
18:19:56.0408 5696  ============================================================
18:19:56.0610 5696  ================ Scan system memory ========================
18:19:56.0610 5696  System memory - ok
18:19:56.0626 5696  ================ Scan services =============================
18:19:56.0704 5696  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:19:56.0829 5696  1394ohci - ok
18:19:56.0844 5696  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:19:56.0860 5696  ACPI - ok
18:19:56.0860 5696  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:19:56.0907 5696  AcpiPmi - ok
18:19:56.0985 5696  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:19:57.0016 5696  AdobeARMservice - ok
18:19:57.0094 5696  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:57.0125 5696  AdobeFlashPlayerUpdateSvc - ok
18:19:57.0141 5696  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:19:57.0172 5696  adp94xx - ok
18:19:57.0172 5696  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:19:57.0188 5696  adpahci - ok
18:19:57.0219 5696  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:19:57.0219 5696  adpu320 - ok
18:19:57.0234 5696  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:19:57.0390 5696  AeLookupSvc - ok
18:19:57.0422 5696  [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent        C:\Windows\system32\FBAgent.exe
18:19:57.0437 5696  AFBAgent - ok
18:19:57.0468 5696  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:19:57.0531 5696  AFD - ok
18:19:57.0546 5696  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:19:57.0562 5696  agp440 - ok
18:19:57.0578 5696  [ 14370049D8C9912EAC7603809A77C378 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
18:19:57.0593 5696  AiCharger - ok
18:19:57.0609 5696  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:19:57.0656 5696  ALG - ok
18:19:57.0671 5696  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:19:57.0671 5696  aliide - ok
18:19:57.0687 5696  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:19:57.0687 5696  amdide - ok
18:19:57.0702 5696  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:19:57.0734 5696  AmdK8 - ok
18:19:57.0734 5696  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:19:57.0749 5696  AmdPPM - ok
18:19:57.0780 5696  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:19:57.0780 5696  amdsata - ok
18:19:57.0796 5696  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:19:57.0796 5696  amdsbs - ok
18:19:57.0812 5696  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:19:57.0812 5696  amdxata - ok
18:19:57.0905 5696  [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:19:57.0936 5696  Amsp - ok
18:19:57.0983 5696  [ A122D68EA2541453F787F341877CB40B ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:19:58.0014 5696  AntiVirSchedulerService - ok
18:19:58.0014 5696  [ 2FE359EDEB34EFCF42574752F8AEBD3F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:19:58.0030 5696  AntiVirService - ok
18:19:58.0046 5696  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:19:58.0186 5696  AppID - ok
18:19:58.0202 5696  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:19:58.0264 5696  AppIDSvc - ok
18:19:58.0280 5696  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:19:58.0358 5696  Appinfo - ok
18:19:58.0358 5696  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:19:58.0373 5696  arc - ok
18:19:58.0373 5696  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:19:58.0389 5696  arcsas - ok
18:19:58.0451 5696  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:19:58.0467 5696  ASLDRService - ok
18:19:58.0482 5696  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:19:58.0498 5696  ASMMAP64 - ok
18:19:58.0498 5696  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:58.0560 5696  AsyncMac - ok
18:19:58.0592 5696  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:19:58.0592 5696  atapi - ok
18:19:58.0654 5696  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:19:58.0701 5696  athr - ok
18:19:58.0716 5696  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:19:58.0716 5696  ATKGFNEXSrv - ok
18:19:58.0732 5696  [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:19:58.0748 5696  ATKWMIACPIIO - ok
18:19:58.0763 5696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:19:58.0810 5696  AudioEndpointBuilder - ok
18:19:58.0810 5696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:19:58.0841 5696  AudioSrv - ok
18:19:58.0857 5696  [ AA8F79A1BDFC03B3BC70C44AB00589B4 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:19:58.0872 5696  avgntflt - ok
18:19:58.0904 5696  [ D959309ECECCA73FC79F8EF8521346B2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:19:58.0904 5696  avipbb - ok
18:19:58.0919 5696  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:19:58.0919 5696  avkmgr - ok
18:19:58.0919 5696  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:19:58.0950 5696  AxInstSV - ok
18:19:58.0966 5696  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:19:58.0997 5696  b06bdrv - ok
18:19:59.0028 5696  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:19:59.0060 5696  b57nd60a - ok
18:19:59.0060 5696  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:19:59.0106 5696  BDESVC - ok
18:19:59.0122 5696  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:19:59.0184 5696  Beep - ok
18:19:59.0216 5696  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:19:59.0278 5696  BFE - ok
18:19:59.0294 5696  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:19:59.0340 5696  BITS - ok
18:19:59.0372 5696  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:19:59.0403 5696  blbdrive - ok
18:19:59.0434 5696  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:19:59.0481 5696  bowser - ok
18:19:59.0481 5696  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:19:59.0512 5696  BrFiltLo - ok
18:19:59.0512 5696  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:19:59.0528 5696  BrFiltUp - ok
18:19:59.0559 5696  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:19:59.0606 5696  Browser - ok
18:19:59.0621 5696  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:19:59.0652 5696  Brserid - ok
18:19:59.0668 5696  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:19:59.0684 5696  BrSerWdm - ok
18:19:59.0684 5696  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:19:59.0715 5696  BrUsbMdm - ok
18:19:59.0715 5696  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:19:59.0730 5696  BrUsbSer - ok
18:19:59.0762 5696  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:19:59.0840 5696  BthEnum - ok
18:19:59.0840 5696  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:19:59.0871 5696  BTHMODEM - ok
18:19:59.0886 5696  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:19:59.0918 5696  BthPan - ok
18:19:59.0964 5696  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:20:00.0011 5696  BTHPORT - ok
18:20:00.0027 5696  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:20:00.0120 5696  bthserv - ok
18:20:00.0136 5696  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:20:00.0183 5696  BTHUSB - ok
18:20:00.0198 5696  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:20:00.0230 5696  cdfs - ok
18:20:00.0245 5696  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:20:00.0261 5696  cdrom - ok
18:20:00.0276 5696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:20:00.0323 5696  CertPropSvc - ok
18:20:00.0323 5696  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:20:00.0339 5696  circlass - ok
18:20:00.0354 5696  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:20:00.0370 5696  CLFS - ok
18:20:00.0432 5696  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:00.0464 5696  clr_optimization_v2.0.50727_32 - ok
18:20:00.0495 5696  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:20:00.0510 5696  clr_optimization_v2.0.50727_64 - ok
18:20:00.0588 5696  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:00.0620 5696  clr_optimization_v4.0.30319_32 - ok
18:20:00.0635 5696  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:20:00.0635 5696  clr_optimization_v4.0.30319_64 - ok
18:20:00.0651 5696  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:00.0682 5696  CmBatt - ok
18:20:00.0682 5696  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:20:00.0682 5696  cmdide - ok
18:20:00.0729 5696  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:20:00.0744 5696  CNG - ok
18:20:00.0760 5696  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:20:00.0760 5696  Compbatt - ok
18:20:00.0791 5696  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:20:00.0822 5696  CompositeBus - ok
18:20:00.0838 5696  COMSysApp - ok
18:20:00.0838 5696  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:20:00.0854 5696  crcdisk - ok
18:20:00.0900 5696  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:20:00.0916 5696  CryptSvc - ok
18:20:00.0994 5696  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:20:01.0010 5696  cvhsvc - ok
18:20:01.0041 5696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:20:01.0088 5696  DcomLaunch - ok
18:20:01.0103 5696  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:20:01.0150 5696  defragsvc - ok
18:20:01.0150 5696  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:20:01.0181 5696  DfsC - ok
18:20:01.0212 5696  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:20:01.0228 5696  Dhcp - ok
18:20:01.0244 5696  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:20:01.0306 5696  discache - ok
18:20:01.0322 5696  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:20:01.0337 5696  Disk - ok
18:20:01.0368 5696  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:20:01.0415 5696  Dnscache - ok
18:20:01.0446 5696  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:20:01.0524 5696  dot3svc - ok
18:20:01.0524 5696  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:20:01.0556 5696  DPS - ok
18:20:01.0587 5696  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:20:01.0634 5696  drmkaud - ok
18:20:01.0649 5696  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:20:01.0680 5696  DXGKrnl - ok
18:20:01.0696 5696  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:20:01.0774 5696  EapHost - ok
18:20:01.0821 5696  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:20:01.0852 5696  ebdrv - ok
18:20:01.0868 5696  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:20:01.0883 5696  EFS - ok
18:20:01.0946 5696  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:20:01.0992 5696  ehRecvr - ok
18:20:02.0008 5696  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:20:02.0055 5696  ehSched - ok
18:20:02.0102 5696  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:20:02.0117 5696  elxstor - ok
18:20:02.0117 5696  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:20:02.0148 5696  ErrDev - ok
18:20:02.0195 5696  [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
18:20:02.0211 5696  ETD - ok
18:20:02.0242 5696  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:20:02.0304 5696  EventSystem - ok
18:20:02.0304 5696  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:20:02.0336 5696  exfat - ok
18:20:02.0367 5696  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:20:02.0414 5696  fastfat - ok
18:20:02.0445 5696  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:20:02.0476 5696  Fax - ok
18:20:02.0492 5696  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:20:02.0507 5696  fdc - ok
18:20:02.0523 5696  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:20:02.0554 5696  fdPHost - ok
18:20:02.0554 5696  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:20:02.0601 5696  FDResPub - ok
18:20:02.0616 5696  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:20:02.0632 5696  FileInfo - ok
18:20:02.0632 5696  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:20:02.0679 5696  Filetrace - ok
18:20:02.0679 5696  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:20:02.0694 5696  flpydisk - ok
18:20:02.0694 5696  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:20:02.0710 5696  FltMgr - ok
18:20:02.0757 5696  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:20:02.0819 5696  FontCache - ok
18:20:02.0866 5696  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:20:02.0882 5696  FontCache3.0.0.0 - ok
18:20:02.0897 5696  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:20:02.0913 5696  FsDepends - ok
18:20:02.0944 5696  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
18:20:02.0960 5696  fssfltr - ok
18:20:03.0022 5696  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:20:03.0084 5696  fsssvc - ok
18:20:03.0116 5696  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:20:03.0116 5696  Fs_Rec - ok
18:20:03.0116 5696  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:20:03.0131 5696  fvevol - ok
18:20:03.0147 5696  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:20:03.0162 5696  gagp30kx - ok
18:20:03.0178 5696  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:20:03.0225 5696  gpsvc - ok
18:20:03.0256 5696  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:03.0272 5696  gupdate - ok
18:20:03.0287 5696  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:20:03.0303 5696  gupdatem - ok
18:20:03.0318 5696  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:20:03.0318 5696  gusvc - ok
18:20:03.0334 5696  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:20:03.0334 5696  hcw85cir - ok
18:20:03.0365 5696  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:20:03.0381 5696  HdAudAddService - ok
18:20:03.0396 5696  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:03.0428 5696  HDAudBus - ok
18:20:03.0428 5696  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:20:03.0443 5696  HidBatt - ok
18:20:03.0459 5696  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:20:03.0474 5696  HidBth - ok
18:20:03.0506 5696  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:20:03.0521 5696  HidIr - ok
18:20:03.0537 5696  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:20:03.0568 5696  hidserv - ok
18:20:03.0584 5696  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:20:03.0599 5696  HidUsb - ok
18:20:03.0615 5696  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:20:03.0662 5696  hkmsvc - ok
18:20:03.0677 5696  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:20:03.0708 5696  HomeGroupListener - ok
18:20:03.0724 5696  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:20:03.0740 5696  HomeGroupProvider - ok
18:20:03.0755 5696  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:20:03.0755 5696  HpSAMD - ok
18:20:03.0771 5696  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:20:03.0818 5696  HTTP - ok
18:20:03.0833 5696  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:20:03.0833 5696  hwpolicy - ok
18:20:03.0849 5696  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:20:03.0864 5696  i8042prt - ok
18:20:03.0927 5696  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:20:03.0958 5696  iaStor - ok
18:20:04.0005 5696  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:20:04.0020 5696  IAStorDataMgrSvc - ok
18:20:04.0052 5696  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:20:04.0083 5696  iaStorV - ok
18:20:04.0145 5696  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:20:04.0176 5696  idsvc - ok
18:20:04.0379 5696  [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:20:04.0535 5696  igfx - ok
18:20:04.0551 5696  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:20:04.0551 5696  iirsp - ok
18:20:04.0582 5696  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:20:04.0629 5696  IKEEXT - ok
18:20:04.0722 5696  [ E53B926B51CF92F50A3AD0C5016805DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:20:04.0754 5696  IntcAzAudAddService - ok
18:20:04.0769 5696  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:20:04.0769 5696  intelide - ok
18:20:04.0785 5696  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:20:04.0816 5696  intelppm - ok
18:20:04.0832 5696  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:20:04.0878 5696  IPBusEnum - ok
18:20:04.0878 5696  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:04.0925 5696  IpFilterDriver - ok
18:20:04.0956 5696  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:20:04.0988 5696  iphlpsvc - ok
18:20:04.0988 5696  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:20:05.0003 5696  IPMIDRV - ok
18:20:05.0003 5696  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:20:05.0050 5696  IPNAT - ok
18:20:05.0050 5696  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:20:05.0112 5696  IRENUM - ok
18:20:05.0112 5696  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:20:05.0144 5696  isapnp - ok
18:20:05.0144 5696  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:20:05.0159 5696  iScsiPrt - ok
18:20:05.0175 5696  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:05.0190 5696  kbdclass - ok
18:20:05.0190 5696  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:20:05.0206 5696  kbdhid - ok
18:20:05.0253 5696  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
18:20:05.0268 5696  kbfiltr - ok
18:20:05.0300 5696  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:20:05.0315 5696  KeyIso - ok
18:20:05.0331 5696  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:20:05.0346 5696  KSecDD - ok
18:20:05.0362 5696  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:20:05.0378 5696  KSecPkg - ok
18:20:05.0393 5696  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:20:05.0424 5696  ksthunk - ok
18:20:05.0456 5696  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:20:05.0502 5696  KtmRm - ok
18:20:05.0518 5696  [ 033B4AED2C5519072C0D81E00804D003 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:20:05.0534 5696  L1C - ok
18:20:05.0565 5696  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:20:05.0596 5696  LanmanServer - ok
18:20:05.0612 5696  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:05.0658 5696  LanmanWorkstation - ok
18:20:05.0674 5696  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:20:05.0705 5696  lltdio - ok
18:20:05.0736 5696  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:20:05.0783 5696  lltdsvc - ok
18:20:05.0799 5696  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:20:05.0830 5696  lmhosts - ok
18:20:05.0877 5696  [ 98B16E756243BEA9410E32025B19C06F ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:20:05.0908 5696  LMS - ok
18:20:05.0939 5696  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:20:05.0970 5696  LSI_FC - ok
18:20:05.0970 5696  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:20:05.0986 5696  LSI_SAS - ok
18:20:05.0986 5696  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:20:06.0002 5696  LSI_SAS2 - ok
18:20:06.0017 5696  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:20:06.0017 5696  LSI_SCSI - ok
18:20:06.0033 5696  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:20:06.0080 5696  luafv - ok
18:20:06.0189 5696  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
18:20:06.0220 5696  McComponentHostService - ok
18:20:06.0236 5696  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:20:06.0251 5696  Mcx2Svc - ok
18:20:06.0251 5696  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:20:06.0267 5696  megasas - ok
18:20:06.0267 5696  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:20:06.0282 5696  MegaSR - ok
18:20:06.0298 5696  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:20:06.0298 5696  MEIx64 - ok
18:20:06.0298 5696  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:20:06.0345 5696  MMCSS - ok
18:20:06.0345 5696  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:20:06.0376 5696  Modem - ok
18:20:06.0392 5696  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:20:06.0407 5696  monitor - ok
18:20:06.0423 5696  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:20:06.0438 5696  mouclass - ok
18:20:06.0454 5696  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:20:06.0485 5696  mouhid - ok
18:20:06.0485 5696  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:20:06.0501 5696  mountmgr - ok
18:20:06.0532 5696  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:20:06.0532 5696  MozillaMaintenance - ok
18:20:06.0548 5696  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:20:06.0548 5696  mpio - ok
18:20:06.0563 5696  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:20:06.0610 5696  mpsdrv - ok
18:20:06.0626 5696  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:20:06.0672 5696  MpsSvc - ok
18:20:06.0672 5696  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:20:06.0704 5696  MRxDAV - ok
18:20:06.0735 5696  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:06.0797 5696  mrxsmb - ok
18:20:06.0813 5696  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:06.0844 5696  mrxsmb10 - ok
18:20:06.0875 5696  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:06.0906 5696  mrxsmb20 - ok
18:20:06.0922 5696  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:20:06.0938 5696  msahci - ok
18:20:06.0953 5696  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:20:06.0953 5696  msdsm - ok
18:20:06.0969 5696  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:20:06.0984 5696  MSDTC - ok
18:20:07.0031 5696  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:20:07.0094 5696  Msfs - ok
18:20:07.0125 5696  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:20:07.0156 5696  mshidkmdf - ok
18:20:07.0172 5696  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:20:07.0172 5696  msisadrv - ok
18:20:07.0203 5696  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:20:07.0250 5696  MSiSCSI - ok
18:20:07.0265 5696  msiserver - ok
18:20:07.0281 5696  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:20:07.0312 5696  MSKSSRV - ok
18:20:07.0328 5696  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:07.0359 5696  MSPCLOCK - ok
18:20:07.0374 5696  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:20:07.0421 5696  MSPQM - ok
18:20:07.0421 5696  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:20:07.0437 5696  MsRPC - ok
18:20:07.0452 5696  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:20:07.0452 5696  mssmbios - ok
18:20:07.0452 5696  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:20:07.0484 5696  MSTEE - ok
18:20:07.0499 5696  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:20:07.0515 5696  MTConfig - ok
18:20:07.0530 5696  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:20:07.0530 5696  Mup - ok
18:20:07.0562 5696  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:20:07.0593 5696  napagent - ok
18:20:07.0608 5696  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:20:07.0640 5696  NativeWifiP - ok
18:20:07.0671 5696  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:20:07.0686 5696  NDIS - ok
18:20:07.0702 5696  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:20:07.0749 5696  NdisCap - ok
18:20:07.0764 5696  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:07.0827 5696  NdisTapi - ok
18:20:07.0842 5696  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:07.0874 5696  Ndisuio - ok
18:20:07.0889 5696  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:07.0920 5696  NdisWan - ok
18:20:07.0936 5696  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:20:07.0967 5696  NDProxy - ok
18:20:07.0983 5696  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:20:08.0014 5696  NetBIOS - ok
18:20:08.0030 5696  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:20:08.0061 5696  NetBT - ok
18:20:08.0076 5696  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:20:08.0092 5696  Netlogon - ok
18:20:08.0108 5696  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:20:08.0139 5696  Netman - ok
18:20:08.0154 5696  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:20:08.0201 5696  netprofm - ok
18:20:08.0232 5696  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:20:08.0232 5696  NetTcpPortSharing - ok
18:20:08.0248 5696  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:20:08.0264 5696  nfrd960 - ok
18:20:08.0295 5696  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:20:08.0326 5696  NlaSvc - ok
18:20:08.0326 5696  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:20:08.0357 5696  Npfs - ok
18:20:08.0357 5696  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:20:08.0404 5696  nsi - ok
18:20:08.0420 5696  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:20:08.0451 5696  nsiproxy - ok
18:20:08.0513 5696  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:20:08.0529 5696  Ntfs - ok
18:20:08.0544 5696  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:20:08.0591 5696  Null - ok
18:20:08.0638 5696  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:20:08.0669 5696  nusb3hub - ok
18:20:08.0700 5696  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:20:08.0732 5696  nusb3xhc - ok
18:20:08.0966 5696  [ 7AF12D21E89C7A09579398B9F3666530 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:20:09.0122 5696  nvlddmkm - ok
18:20:09.0137 5696  [ 724B17D3C9DE2F2DC47C46744D77FC9E ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
18:20:09.0137 5696  nvpciflt - ok
18:20:09.0168 5696  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:20:09.0168 5696  nvraid - ok
18:20:09.0200 5696  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:20:09.0200 5696  nvstor - ok
18:20:09.0231 5696  [ 73F0C1D4671DF00FA0CC86107A2CD4FF ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:20:09.0246 5696  NVSvc - ok
18:20:09.0278 5696  [ E9B95BB82E5E12EE31AFE275CE4A35F9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:20:09.0324 5696  nvUpdatusService - ok
18:20:09.0340 5696  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:20:09.0356 5696  nv_agp - ok
18:20:09.0356 5696  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:20:09.0371 5696  ohci1394 - ok
18:20:09.0387 5696  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:09.0402 5696  ose - ok
18:20:09.0527 5696  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:20:09.0652 5696  osppsvc - ok
18:20:09.0668 5696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:20:09.0683 5696  p2pimsvc - ok
18:20:09.0714 5696  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:20:09.0730 5696  p2psvc - ok
18:20:09.0730 5696  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
18:20:09.0746 5696  Parport - ok
18:20:09.0777 5696  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:20:09.0777 5696  partmgr - ok
18:20:09.0792 5696  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:20:09.0808 5696  PcaSvc - ok
18:20:09.0824 5696  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:20:09.0839 5696  pci - ok
18:20:09.0839 5696  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:20:09.0855 5696  pciide - ok
18:20:09.0870 5696  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:20:09.0886 5696  pcmcia - ok
18:20:09.0902 5696  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:20:09.0902 5696  pcw - ok
18:20:09.0917 5696  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:20:09.0964 5696  PEAUTH - ok
18:20:10.0011 5696  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:20:10.0058 5696  PerfHost - ok
18:20:10.0104 5696  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:20:10.0167 5696  pla - ok
18:20:10.0198 5696  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:20:10.0229 5696  PlugPlay - ok
18:20:10.0245 5696  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:20:10.0260 5696  PNRPAutoReg - ok
18:20:10.0292 5696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:20:10.0307 5696  PNRPsvc - ok
18:20:10.0323 5696  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:20:10.0370 5696  PolicyAgent - ok
18:20:10.0385 5696  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:20:10.0432 5696  Power - ok
18:20:10.0463 5696  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:20:10.0510 5696  PptpMiniport - ok
18:20:10.0510 5696  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:20:10.0526 5696  Processor - ok
18:20:10.0557 5696  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:20:10.0588 5696  ProfSvc - ok
18:20:10.0604 5696  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:20:10.0619 5696  ProtectedStorage - ok
18:20:10.0635 5696  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:20:10.0666 5696  Psched - ok
18:20:10.0713 5696  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:20:10.0744 5696  ql2300 - ok
18:20:10.0744 5696  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:20:10.0744 5696  ql40xx - ok
18:20:10.0775 5696  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:20:10.0791 5696  QWAVE - ok
18:20:10.0791 5696  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:20:10.0822 5696  QWAVEdrv - ok
18:20:10.0822 5696  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:20:10.0838 5696  RasAcd - ok
18:20:10.0853 5696  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:20:10.0900 5696  RasAgileVpn - ok
18:20:10.0900 5696  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:20:10.0931 5696  RasAuto - ok
18:20:10.0962 5696  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:11.0009 5696  Rasl2tp - ok
18:20:11.0025 5696  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:20:11.0056 5696  RasMan - ok
18:20:11.0056 5696  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:11.0087 5696  RasPppoe - ok
18:20:11.0103 5696  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:20:11.0118 5696  RasSstp - ok
18:20:11.0134 5696  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:20:11.0165 5696  rdbss - ok
18:20:11.0181 5696  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:20:11.0196 5696  rdpbus - ok
18:20:11.0196 5696  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:11.0228 5696  RDPCDD - ok
18:20:11.0243 5696  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:20:11.0290 5696  RDPENCDD - ok
18:20:11.0306 5696  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:20:11.0353 5696  RDPREFMP - ok
18:20:11.0384 5696  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:20:11.0415 5696  RDPWD - ok
18:20:11.0415 5696  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:20:11.0431 5696  rdyboost - ok
18:20:11.0446 5696  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:20:11.0477 5696  RemoteAccess - ok
18:20:11.0493 5696  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:20:11.0540 5696  RemoteRegistry - ok
18:20:11.0555 5696  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:20:11.0587 5696  RFCOMM - ok
18:20:11.0587 5696  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:20:11.0633 5696  RpcEptMapper - ok
18:20:11.0633 5696  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:20:11.0665 5696  RpcLocator - ok
18:20:11.0680 5696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:20:11.0727 5696  RpcSs - ok
18:20:11.0743 5696  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:20:11.0774 5696  rspndr - ok
18:20:11.0805 5696  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
18:20:11.0821 5696  RSUSBVSTOR - ok
18:20:11.0836 5696  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:20:11.0852 5696  RTL8167 - ok
18:20:11.0867 5696  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:20:11.0867 5696  SamSs - ok
18:20:11.0883 5696  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:20:11.0899 5696  sbp2port - ok
18:20:11.0914 5696  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:20:11.0945 5696  SCardSvr - ok
18:20:11.0961 5696  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:20:11.0992 5696  scfilter - ok
18:20:12.0023 5696  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:20:12.0070 5696  Schedule - ok
18:20:12.0086 5696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:20:12.0117 5696  SCPolicySvc - ok
18:20:12.0133 5696  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:20:12.0148 5696  SDRSVC - ok
18:20:12.0164 5696  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:20:12.0195 5696  secdrv - ok
18:20:12.0211 5696  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:20:12.0257 5696  seclogon - ok
18:20:12.0289 5696  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:20:12.0320 5696  SENS - ok
18:20:12.0320 5696  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:20:12.0335 5696  SensrSvc - ok
18:20:12.0367 5696  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:20:12.0382 5696  Serenum - ok
18:20:12.0382 5696  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
18:20:12.0398 5696  Serial - ok
18:20:12.0398 5696  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:20:12.0413 5696  sermouse - ok
18:20:12.0429 5696  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:20:12.0476 5696  SessionEnv - ok
18:20:12.0476 5696  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:20:12.0507 5696  sffdisk - ok
18:20:12.0507 5696  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:20:12.0523 5696  sffp_mmc - ok
18:20:12.0523 5696  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:20:12.0554 5696  sffp_sd - ok
18:20:12.0554 5696  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:20:12.0585 5696  sfloppy - ok
18:20:12.0632 5696  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:20:12.0663 5696  Sftfs - ok
18:20:12.0694 5696  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:20:12.0741 5696  sftlist - ok
18:20:12.0741 5696  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:20:12.0757 5696  Sftplay - ok
18:20:12.0757 5696  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:20:12.0772 5696  Sftredir - ok
18:20:12.0788 5696  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:20:12.0788 5696  Sftvol - ok
18:20:12.0803 5696  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:20:12.0803 5696  sftvsa - ok
18:20:12.0835 5696  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:20:12.0866 5696  SharedAccess - ok
18:20:12.0897 5696  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:20:12.0944 5696  ShellHWDetection - ok
18:20:12.0944 5696  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
18:20:12.0944 5696  SiSGbeLH - ok
18:20:12.0975 5696  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:20:12.0991 5696  SiSRaid2 - ok
18:20:12.0991 5696  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:20:12.0991 5696  SiSRaid4 - ok
18:20:13.0053 5696  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:20:13.0069 5696  SkypeUpdate - ok
18:20:13.0084 5696  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:20:13.0147 5696  Smb - ok
18:20:13.0178 5696  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:20:13.0193 5696  SNMPTRAP - ok
18:20:13.0209 5696  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:20:13.0225 5696  spldr - ok
18:20:13.0271 5696  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:20:13.0318 5696  Spooler - ok
18:20:13.0396 5696  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:20:13.0474 5696  sppsvc - ok
18:20:13.0490 5696  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:20:13.0521 5696  sppuinotify - ok
18:20:13.0552 5696  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:20:13.0615 5696  srv - ok
18:20:13.0646 5696  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:20:13.0661 5696  srv2 - ok
18:20:13.0677 5696  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:20:13.0708 5696  srvnet - ok
18:20:13.0739 5696  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:20:13.0786 5696  SSDPSRV - ok
18:20:13.0786 5696  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:20:13.0817 5696  SstpSvc - ok
18:20:13.0864 5696  [ A08F74F7AC9DA6A184B34DC3EAE9DFF9 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:20:13.0864 5696  Stereo Service - ok
18:20:13.0880 5696  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:20:13.0895 5696  stexstor - ok
18:20:13.0927 5696  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:20:13.0942 5696  stisvc - ok
18:20:13.0973 5696  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:20:13.0973 5696  swenum - ok
18:20:13.0989 5696  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:20:14.0036 5696  swprv - ok
18:20:14.0067 5696  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:20:14.0114 5696  SysMain - ok
18:20:14.0114 5696  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:20:14.0129 5696  TabletInputService - ok
18:20:14.0145 5696  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:20:14.0176 5696  TapiSrv - ok
18:20:14.0207 5696  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:20:14.0239 5696  TBS - ok
18:20:14.0285 5696  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:20:14.0317 5696  Tcpip - ok
18:20:14.0379 5696  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:20:14.0410 5696  TCPIP6 - ok
18:20:14.0441 5696  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:20:14.0457 5696  tcpipreg - ok
18:20:14.0473 5696  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:20:14.0473 5696  TDPIPE - ok
18:20:14.0488 5696  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:20:14.0504 5696  TDTCP - ok
18:20:14.0535 5696  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:20:14.0566 5696  tdx - ok
18:20:14.0582 5696  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:20:14.0597 5696  TermDD - ok
18:20:14.0613 5696  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:20:14.0644 5696  TermService - ok
18:20:14.0660 5696  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:20:14.0675 5696  Themes - ok
18:20:14.0691 5696  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:20:14.0722 5696  THREADORDER - ok
18:20:14.0769 5696  [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService   C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
18:20:14.0769 5696  TiMiniService - ok
18:20:14.0785 5696  [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
18:20:14.0800 5696  tmactmon - ok
18:20:14.0816 5696  [ 360E61217D4E1E333583D0C721057F70 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
18:20:14.0816 5696  tmcomm - ok
18:20:14.0831 5696  [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:20:14.0831 5696  tmevtmgr - ok
18:20:14.0847 5696  [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
18:20:14.0847 5696  tmtdi - ok
18:20:14.0863 5696  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:20:14.0894 5696  TrkWks - ok
18:20:14.0941 5696  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:20:15.0003 5696  TrustedInstaller - ok
18:20:15.0019 5696  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:15.0050 5696  tssecsrv - ok
18:20:15.0065 5696  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:20:15.0081 5696  TsUsbFlt - ok
18:20:15.0097 5696  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:20:15.0112 5696  TsUsbGD - ok
18:20:15.0128 5696  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:20:15.0159 5696  tunnel - ok
18:20:15.0206 5696  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
18:20:15.0221 5696  TurboB - ok
18:20:15.0237 5696  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:20:15.0253 5696  TurboBoost - ok
18:20:15.0253 5696  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:20:15.0268 5696  uagp35 - ok
18:20:15.0284 5696  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:20:15.0315 5696  udfs - ok
18:20:15.0331 5696  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:20:15.0346 5696  UI0Detect - ok
18:20:15.0377 5696  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:20:15.0393 5696  uliagpkx - ok
18:20:15.0393 5696  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:20:15.0424 5696  umbus - ok
18:20:15.0440 5696  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:20:15.0455 5696  UmPass - ok
18:20:15.0549 5696  [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:20:15.0658 5696  UNS - ok
18:20:15.0658 5696  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:20:15.0705 5696  upnphost - ok
18:20:15.0721 5696  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:15.0736 5696  usbccgp - ok
18:20:15.0752 5696  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:20:15.0767 5696  usbcir - ok
18:20:15.0783 5696  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:20:15.0799 5696  usbehci - ok
18:20:15.0814 5696  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:20:15.0845 5696  usbhub - ok
18:20:15.0861 5696  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:20:15.0861 5696  usbohci - ok
18:20:15.0892 5696  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:20:15.0908 5696  usbprint - ok
18:20:15.0923 5696  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:20:15.0955 5696  usbscan - ok
18:20:15.0970 5696  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:20:16.0001 5696  USBSTOR - ok
18:20:16.0001 5696  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:20:16.0033 5696  usbuhci - ok
18:20:16.0064 5696  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:20:16.0111 5696  usbvideo - ok
18:20:16.0126 5696  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:20:16.0173 5696  UxSms - ok
18:20:16.0173 5696  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:20:16.0189 5696  VaultSvc - ok
18:20:16.0189 5696  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:20:16.0204 5696  vdrvroot - ok
18:20:16.0220 5696  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:20:16.0267 5696  vds - ok
18:20:16.0267 5696  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:16.0282 5696  vga - ok
18:20:16.0298 5696  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:20:16.0329 5696  VgaSave - ok
18:20:16.0329 5696  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:20:16.0345 5696  vhdmp - ok
18:20:16.0345 5696  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:20:16.0345 5696  viaide - ok
18:20:16.0360 5696  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:20:16.0376 5696  volmgr - ok
18:20:16.0376 5696  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:20:16.0391 5696  volmgrx - ok
18:20:16.0391 5696  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:20:16.0407 5696  volsnap - ok
18:20:16.0438 5696  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:20:16.0438 5696  vsmraid - ok
18:20:16.0469 5696  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:20:16.0532 5696  VSS - ok
18:20:16.0532 5696  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:20:16.0563 5696  vwifibus - ok
18:20:16.0563 5696  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:20:16.0594 5696  vwififlt - ok
18:20:16.0610 5696  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:20:16.0641 5696  W32Time - ok
18:20:16.0641 5696  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:20:16.0657 5696  WacomPen - ok
18:20:16.0672 5696  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:20:16.0703 5696  WANARP - ok
18:20:16.0703 5696  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:20:16.0735 5696  Wanarpv6 - ok
18:20:16.0781 5696  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:20:16.0844 5696  WatAdminSvc - ok
18:20:16.0875 5696  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:20:16.0906 5696  wbengine - ok
18:20:16.0906 5696  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:20:16.0937 5696  WbioSrvc - ok
18:20:16.0953 5696  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:20:16.0984 5696  wcncsvc - ok
18:20:17.0000 5696  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:20:17.0015 5696  WcsPlugInService - ok
18:20:17.0031 5696  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:20:17.0031 5696  Wd - ok
18:20:17.0062 5696  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:20:17.0078 5696  Wdf01000 - ok
18:20:17.0093 5696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:20:17.0109 5696  WdiServiceHost - ok
18:20:17.0125 5696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:20:17.0140 5696  WdiSystemHost - ok
18:20:17.0156 5696  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:20:17.0171 5696  WebClient - ok
18:20:17.0171 5696  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:20:17.0203 5696  Wecsvc - ok
18:20:17.0218 5696  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:20:17.0249 5696  wercplsupport - ok
18:20:17.0281 5696  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:20:17.0312 5696  WerSvc - ok
18:20:17.0327 5696  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:20:17.0359 5696  WfpLwf - ok
18:20:17.0405 5696  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
18:20:17.0421 5696  WimFltr - ok
18:20:17.0437 5696  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:20:17.0452 5696  WIMMount - ok
18:20:17.0483 5696  WinDefend - ok
18:20:17.0483 5696  WinHttpAutoProxySvc - ok
18:20:17.0530 5696  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:20:17.0608 5696  Winmgmt - ok
18:20:17.0639 5696  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:20:17.0686 5696  WinRM - ok
18:20:17.0717 5696  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:20:17.0733 5696  WinUsb - ok
18:20:17.0764 5696  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:20:17.0780 5696  Wlansvc - ok
18:20:17.0811 5696  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:20:17.0827 5696  wlcrasvc - ok
18:20:17.0920 5696  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:20:17.0983 5696  wlidsvc - ok
18:20:17.0998 5696  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:20:18.0014 5696  WmiAcpi - ok
18:20:18.0029 5696  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:20:18.0045 5696  wmiApSrv - ok
18:20:18.0061 5696  WMPNetworkSvc - ok
18:20:18.0092 5696  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:20:18.0092 5696  WPCSvc - ok
18:20:18.0107 5696  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:20:18.0123 5696  WPDBusEnum - ok
18:20:18.0123 5696  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:20:18.0154 5696  ws2ifsl - ok
18:20:18.0170 5696  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:20:18.0185 5696  wscsvc - ok
18:20:18.0185 5696  WSearch - ok
18:20:18.0248 5696  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:20:18.0295 5696  wuauserv - ok
18:20:18.0326 5696  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:20:18.0357 5696  WudfPf - ok
18:20:18.0388 5696  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:18.0419 5696  WUDFRd - ok
18:20:18.0435 5696  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:20:18.0451 5696  wudfsvc - ok
18:20:18.0466 5696  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:20:18.0497 5696  WwanSvc - ok
18:20:18.0529 5696  ================ Scan global ===============================
18:20:18.0529 5696  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:20:18.0560 5696  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:20:18.0560 5696  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:20:18.0591 5696  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:20:18.0607 5696  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:20:18.0607 5696  [Global] - ok
18:20:18.0607 5696  ================ Scan MBR ==================================
18:20:18.0622 5696  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:20:18.0919 5696  \Device\Harddisk0\DR0 - ok
18:20:18.0919 5696  ================ Scan VBR ==================================
18:20:18.0919 5696  [ 2609D208C64B65A68FC81773C29445FC ] \Device\Harddisk0\DR0\Partition1
18:20:18.0919 5696  \Device\Harddisk0\DR0\Partition1 - ok
18:20:18.0950 5696  [ D71720566715E9A5EB17CFB7618F762C ] \Device\Harddisk0\DR0\Partition2
18:20:18.0950 5696  \Device\Harddisk0\DR0\Partition2 - ok
18:20:18.0950 5696  ============================================================
18:20:18.0950 5696  Scan finished
18:20:18.0950 5696  ============================================================
18:20:18.0965 4936  Detected object count: 0
18:20:18.0965 4936  Actual detected object count: 0

cosinus · 06.04.2013, 17:28

unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

cakken · 06.04.2013, 18:04

jrt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Helen Keppler on 06.04.2013 at 18:30:45,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{14121E6E-4D48-4354-8214-1A4905B34866}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{4086E816-7382-435F-AAB5-136F53BF8355}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{44CC66E2-3962-4EFF-882D-D09933BDB25C}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{6D23ECEE-4029-4991-9255-53EDEE9ACC9F}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{71D82935-5AE2-42BA-86C5-571CAE58C211}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{84B35322-CA93-4E72-81DA-C4C4360BDF1A}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{9A327159-B46D-4715-B0AB-066D09D6F85F}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{A098D16E-C906-4ECD-A258-A1B897C20AE5}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{C1E30768-5CDA-4DF0-AF2D-90B8834BD05C}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{DB0AC0BE-9449-40DE-9066-05A3E8CE827D}
Successfully deleted: [Empty Folder] C:\Users\Helen Keppler\appdata\local\{E83E5978-07CC-41DF-B4C9-557DC5AA573D}



~~~ FireFox

Successfully deleted: [File] C:\Users\Helen Keppler\AppData\Roaming\mozilla\firefox\profiles\uqw7y1c1.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\Helen Keppler\AppData\Roaming\mozilla\firefox\profiles\uqw7y1c1.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Users\Helen Keppler\AppData\Roaming\mozilla\firefox\profiles\uqw7y1c1.default\minidumps [63 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2013 at 18:40:09,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwcleaner

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 06/04/2013 um 18:42:58 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Helen Keppler - HELENKEPPLER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Helen Keppler\Desktop\scan\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask

***** [Registrierungsdatenbank] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Helen Keppler\AppData\Roaming\Mozilla\Firefox\Profiles\uqw7y1c1.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [919 octets] - [06/04/2013 18:42:58]

########## EOF - C:\AdwCleaner[S1].txt - [978 octets] ##########

otl.txt

Code:

ATTFilter

OTL logfile created on: 06.04.2013 18:46:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Helen Keppler\Desktop\scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,80% Memory free
15,82 Gb Paging File | 13,73 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,55 Gb Total Space | 338,31 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Drive D: | 505,96 Gb Total Space | 453,16 Gb Free Space | 89,57% Space Free | Partition Type: NTFS
 
Computer Name: HELENKEPPLER-PC | User Name: Helen Keppler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Helen Keppler\Desktop\scan\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\..\SearchScopes\{94FE4815-4823-4C05-BBB8-19A8A70B86B4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=A0ED3F20-C06E-4F28-9D63-40A3B5830200&apn_sauid=11135561-4363-446E-9781-79AA4F76E83A
IE - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 21:34:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 21:34:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.22 11:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen Keppler\AppData\Roaming\mozilla\Extensions
[2013.04.05 23:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen Keppler\AppData\Roaming\mozilla\Firefox\Profiles\uqw7y1c1.default\extensions
[2013.04.05 20:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 21:34:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 21:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.08 21:34:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.28 13:01:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 14:10:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.28 13:01:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.28 13:01:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.28 13:01:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.28 13:01:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Helen Keppler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{052556B3-0193-4DCB-9197-57D274D0B86B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFB6AEAB-1EE1-4629-B045-12A5FDB03021}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.06 18:30:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.06 18:30:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.05 20:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.05 20:47:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.05 20:47:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.05 20:47:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.05 20:47:36 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.05 20:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.05 20:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.04 23:07:01 | 000,000,000 | ---D | C] -- C:\Users\Helen Keppler\AppData\Roaming\Malwarebytes
[2013.04.04 23:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.04 23:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.04 23:05:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 23:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.04 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\Helen Keppler\AppData\Local\Programs
[2013.04.04 22:21:41 | 000,000,000 | ---D | C] -- C:\Users\Helen Keppler\Desktop\scan
[2013.04.03 19:05:59 | 000,000,000 | ---D | C] -- C:\CONFIG
[2013.04.03 18:49:50 | 000,000,000 | ---D | C] -- C:\REPORTS
[2013.04.03 18:49:50 | 000,000,000 | ---D | C] -- C:\INFECTED
[2013.04.03 18:49:27 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.03 18:49:27 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.03 18:49:27 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.03 18:49:27 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.03 18:49:27 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.03 18:49:27 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.03 18:49:27 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.03 18:49:27 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.03 18:49:27 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.03 18:49:27 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.03 18:49:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.03 18:49:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.03 18:49:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.03 18:49:27 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.03 18:49:27 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.03 18:49:27 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.03 18:49:27 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.03 18:49:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.03 18:49:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.03 18:49:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.03 18:49:27 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.03 18:49:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.03 18:49:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.03 18:49:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.03 18:49:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.03 18:49:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.03 18:49:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.03 18:49:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.03 18:49:26 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.03 18:49:26 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.03 18:49:26 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.03 18:49:26 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.03 18:49:26 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.03 18:49:26 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.03 18:49:26 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.03 18:49:26 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.03 18:49:26 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.03 18:49:26 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.03 18:49:26 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.03 18:49:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.03 18:49:26 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.03 18:49:26 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.03 18:49:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.03 18:49:26 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.03 18:49:26 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.03 18:49:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.03 18:49:26 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.03 18:49:26 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.03 18:49:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.03 18:49:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.03 18:49:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.03 18:49:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.03 18:49:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.03 18:49:26 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.03 18:49:26 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.03 18:49:25 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.03 18:49:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.03 18:49:25 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.03 18:49:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.03 18:49:25 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.03 18:49:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.03 18:49:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.03 18:49:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.03 18:49:25 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.03 18:49:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.03 18:49:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.03 18:49:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.03 18:49:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.20 23:02:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.15 22:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.15 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.15 22:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.08 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.06 18:44:33 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.04.06 18:44:26 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.06 18:44:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.06 18:44:03 | 2075,893,759 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.06 18:36:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 18:36:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 18:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.06 17:51:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.06 17:48:45 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.06 17:48:45 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.06 17:48:45 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.06 17:48:45 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.06 17:48:45 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 20:47:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.05 20:47:32 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.04.05 20:47:32 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.05 20:47:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.05 20:47:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.05 20:47:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.04 23:05:19 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 18:49:27 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.03 18:49:27 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.03 18:49:27 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.03 18:49:27 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.03 18:49:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.03 18:49:27 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.03 18:49:27 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.03 18:49:27 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.03 18:49:27 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.03 18:49:27 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.03 18:49:27 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.03 18:49:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.03 18:49:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.03 18:49:27 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.03 18:49:27 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.03 18:49:27 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.03 18:49:27 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.03 18:49:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.03 18:49:27 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.03 18:49:27 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.03 18:49:27 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.03 18:49:27 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.03 18:49:27 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.03 18:49:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.03 18:49:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.03 18:49:27 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.03 18:49:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.03 18:49:27 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.03 18:49:26 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.03 18:49:26 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.03 18:49:26 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.03 18:49:26 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.03 18:49:26 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.03 18:49:26 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.03 18:49:26 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.03 18:49:26 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.03 18:49:26 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.03 18:49:26 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.03 18:49:26 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.03 18:49:26 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.03 18:49:26 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.03 18:49:26 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.03 18:49:26 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.03 18:49:26 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.03 18:49:26 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.03 18:49:26 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.03 18:49:26 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.03 18:49:26 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.03 18:49:26 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.03 18:49:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.03 18:49:26 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.03 18:49:26 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.03 18:49:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.03 18:49:26 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.03 18:49:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.03 18:49:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.03 18:49:26 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.03 18:49:25 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.03 18:49:25 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.03 18:49:25 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.03 18:49:25 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.03 18:49:25 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.03 18:49:25 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.03 18:49:25 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.03 18:49:25 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.03 18:49:25 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.03 18:49:25 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.03 18:49:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.03 18:49:25 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.03 18:49:25 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.15 21:27:17 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.15 21:27:17 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.04.04 23:05:19 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 18:49:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.03 18:49:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.04.05 18:02:37 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.04.05 18:02:37 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.04.05 18:02:37 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.04.05 18:02:37 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.04.05 18:02:37 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.04.05 18:02:37 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.04.05 18:02:37 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.04.05 18:02:37 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.04.05 18:02:37 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.04.05 18:02:37 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.04.05 18:02:37 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.04.05 18:02:37 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.04.05 18:02:37 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.04.05 18:02:37 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.04.05 18:02:37 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.04.05 18:02:37 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.04.05 18:02:37 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.04.05 18:02:37 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.04.05 18:02:37 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.13 21:25:36 | 000,205,093 | ---- | C] () -- C:\Users\Helen Keppler\Scanner.jpeg
[2011.10.22 12:52:31 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.06.20 16:02:04 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.20 16:01:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Helen Keppler\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Helen Keppler\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Helen Keppler\openofficeorg1.cab
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Users\Helen Keppler\Scanner.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 06.04.2013 18:46:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Helen Keppler\Desktop\scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,80% Memory free
15,82 Gb Paging File | 13,73 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,55 Gb Total Space | 338,31 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Drive D: | 505,96 Gb Total Space | 453,16 Gb Free Space | 89,57% Space Free | Partition Type: NTFS
 
Computer Name: HELENKEPPLER-PC | User Name: Helen Keppler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3773768050-1383292722-2127074449-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A5FF4B-EA07-4F6B-93AB-DFCDC3FBD2BF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{19366897-2417-45D5-992C-E4DD4CADB5D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B530839-1868-4D38-800E-DF21A3CF2060}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26EB8C00-FF09-4CF6-B642-F1FD9E4B4EAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{349CA7A1-642C-4033-9374-20A5422876D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{393F9943-5C46-4574-BBD2-FFE98A814279}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39EC1691-F695-4636-9180-8F8032314CF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41DD09A5-9D68-458E-AB27-0BF3CC382798}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{420574B2-408E-48A6-B9AB-A8CC8D94065D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4B478846-F63B-428D-A5B8-FF6EED523E42}" = rport=138 | protocol=17 | dir=out | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5E4DE1DF-6573-4470-9CCB-9F5BF0F8B8C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6CEB501B-F19C-44C9-8BB9-6835B003689A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7B1AF1FF-8A39-44D0-B79F-A41944591FDF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7DB375DD-F11B-42E4-9D3F-F7B9DD012D31}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A890532-D9FF-46A4-AA1C-25F124B9A945}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B83A82D-6C5D-4D59-B795-23AEF2482903}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{AFC15CED-4A7C-427B-A2A3-CF2BA3524B80}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7B0092B-6C1C-4E58-A981-A97C28B7E99B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C0184700-EB71-442C-9987-4C6947484BAC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CA0F3C20-4BCC-42C6-901C-D8A1D9667BF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E95F1495-0549-42EF-B3DC-DC9B1A578CDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBFE6EB1-47BD-4E10-81E2-6C9D89E72D7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED46C03C-0BC1-4ECE-B211-6E93FC2E0AF2}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B3E822-D682-4494-89FD-718D4324DE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0366D171-6519-424A-BA17-2C8054783039}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0D406D52-5DA0-4F74-AB58-8852A81DF7A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B69AE22-A5F8-4D34-9329-90D45DC36ECC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1F808D3E-A985-4BEA-B0FD-2E8D11CFEC49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{40A26FDF-F901-4D50-B74D-3339CA85B563}" = protocol=17 | dir=in | app=e:\alicesetup.exe | 
"{42BB645E-36C9-4C26-B5B9-CFD7D9D7CF2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{473C3AE2-06F0-4D3D-BFA2-8A6EE5685304}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{530CBDE2-5EE5-4668-BE53-621266D0786D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CEEF4D1-021A-49F4-9BB1-FB57DE283636}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{66EAE5A3-7465-40C7-B30C-F62156D9011F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{792DEFA4-6F4A-42B9-9D53-174FB3171D0D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{84642625-FC25-4CB4-9DB4-5F6444CF28BF}" = protocol=6 | dir=in | app=e:\alicesetup.exe | 
"{85E877F3-4992-4B54-A794-10AC36BA8702}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8AD00115-FD33-429C-8591-B5E026888513}" = protocol=6 | dir=out | app=system | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9ABFC03B-BCEA-4781-AECA-F6D13528DFA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C00904F-43E2-4AE9-8F52-06960124BC84}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"{AB5C163C-8141-4E4A-9B80-BA2C79E2814D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AFD15E4A-28A0-421C-A4F3-6F3FBA3F565F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6C7B4F9-E0E6-429A-A549-72147832B96D}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{BD0440FE-0BBD-4DE7-8CE6-2EAB2ABE801F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D38F7EC6-686C-4075-B433-4FBFFB407CCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D5333749-6480-45D6-BF08-154E8C34A6AF}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{F261498D-7C2D-4B56-95AA-B58B5F356875}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F731EA12-353E-43E0-89F5-5EC8D36F381F}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"{F8ED190E-D12A-4423-BF79-1476AAB48699}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{605F216A-42EC-42FB-9FCE-DBFD43624D3F}D:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{C145BC34-BD0A-4E3C-A807-06694DAFE528}D:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"TCP Query User{C55685E8-7D5C-4D23-A417-5B5FFEB73C61}C:\users\helen keppler\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\helen keppler\appdata\local\temp\gw2.exe | 
"TCP Query User{ECA18EE5-1979-45D5-A7A1-63AA2FEE0B8F}D:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"TCP Query User{EF138BAC-E5AD-416D-9E7F-DE54AF699ED8}D:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{FF6E2160-0552-4B0B-9CD0-66F6AAB74D08}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{352B1E1D-922E-4C10-B5DC-972556F6FFCA}D:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"UDP Query User{4451FF9E-EEFB-4195-96DE-0FC94B74939D}C:\users\helen keppler\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\helen keppler\appdata\local\temp\gw2.exe | 
"UDP Query User{8364BD5E-15D4-4211-A70E-2B0EEDB482F8}D:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{A8337ADF-DF10-4D70-BF98-EA704ECE0600}D:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{BBE1C991-FBC7-488F-A45D-17369503125E}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{F2416AD2-78DA-40DA-843B-A12CEC264099}D:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75F1F185-CB03-451C-A6EF-F13A7AEBB355}" = PHOTOfunSTUDIO 8.0 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AliceHilfe 1.0.0.1" = AliceHilfe
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Guild Wars 2" = Guild Wars 2
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Plants vs Zombies" = Plants vs Zombies
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2013 12:44:31 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0x700  Startzeit der fehlerhaften Anwendung: 0x01ce32e5f8fd8a82  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 40a2ab73-9ed9-11e2-b32f-14dae9a560b6
 
Error - 06.04.2013 12:44:34 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0xf4c  Startzeit der fehlerhaften Anwendung: 0x01ce32e6042b9376  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 42433c43-9ed9-11e2-b32f-14dae9a560b6
 
Error - 06.04.2013 12:44:43 | Computer Name = HelenKeppler-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 12.1.0.18, Zeitstempel:
 0x4e7ca198  Name des fehlerhaften Moduls: gpschd.dll, Version: 12.1.0.18, Zeitstempel:
 0x4e8c872e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000527a  ID des fehlerhaften Prozesses:
 0x128c  Startzeit der fehlerhaften Anwendung: 0x01ce32e6071bc64d  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe  Pfad des fehlerhaften
 Moduls: c:\program files (x86)\avira\antivir desktop\gpschd.dll  Berichtskennung:
 4807116d-9ed9-11e2-b32f-14dae9a560b6
 
[ System Events ]
Error - 06.04.2013 12:43:03 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Intel(R) Management and Security Application Local Management
 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende
 Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 06.04.2013 12:43:03 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 06.04.2013 12:43:03 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 06.04.2013 12:43:03 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.04.2013 12:43:03 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Management and Security Application User Notification
 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 06.04.2013 12:43:07 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Application Virtualization Client" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 06.04.2013 12:43:34 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 06.04.2013 12:44:33 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.04.2013 12:44:38 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 06.04.2013 12:44:43 | Computer Name = HelenKeppler-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3
 Mal passiert.
 
 
< End of report >

cosinus · 06.04.2013, 18:07

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

cakken · 06.04.2013, 19:45

mbam

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Helen Keppler :: HELENKEPPLER-PC [Administrator]

06.04.2013 19:09:12
mbam-log-2013-04-06 (19-09-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232767
Laufzeit: 1 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2b6c9aececa4c4408d0c4aa02559ac83
# engine=13565
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-06 06:37:58
# local_time=2013-04-06 08:37:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 41918490 230696768 41907678 0
# compatibility_mode=5893 16776573 100 94 6858 116903328 0 0
# scanned=159726
# found=0
# cleaned=0
# scan_time=5081

cosinus · 07.04.2013, 00:58

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

cakken · 07.04.2013, 09:30

Ist alles soweit wider in Ordnung.

Den Avira hab ich über Umwege deinstalliert

und Mse raufgespielt jetzt.

Is halt n bissl durcheinander der Rechner ... naja Frauen eben

War also ein Fehlalarm von Avira denn wenn ich es richtig verstanden habe?

Und vielen Dank nochmal für die super Hilfe.

cosinus · 07.04.2013, 21:40

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Trojanisches Pferd TR/Crypt.XPACK.Gen3 gefunden ... Fehlalarm?

Plagegeister aller Art und deren Bekämpfung: Trojanisches Pferd TR/Crypt.XPACK.Gen3 gefunden ... Fehlalarm?