|
Plagegeister aller Art und deren Bekämpfung: Windows 7 - Befall von System care antivirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.05.2013, 19:13 | #1 |
| Windows 7 - Befall von System care antivirus Hallo, ich habe jetzt schon viel in eurem Forum über mein Problem gelesen und auch, dass ich mich trotzdem bei Euch melden kann zwecks Fehlerbehebung. Gestern Abend erschien bei mir die Meldung von System Care Antivirus mit der Info, dass ich Fehler auf meinem Rechner hätte. Ich kappte sofort die w-LAN Verbindung und ließ avira durchlaufen (kostenpflichtige Version). Avira erkannte das Problem nicht, so dass ich avira direkt mit meinem Problem betraute in der Hoffnung, dass mir geholfen wird. Heute erhielt ich eine Antwort von denen in der sie mir beschrieben, wie ich im abgesicherten Modus einen System-Scan durchführen soll. Dies Tat ich, aber avira hat nichts gefunden. Nun schlagen die mir den Download ihrer rescue CD vor, aber ich weiß nicht, ob das was bringt, deshalb wende ich mich nun an euch. - Aktuell befindet sich der befallene Rechner im abgesicherten Modus - ich bekomme keine Verbindung zum Internet - Windows meldet mir, dass ich das Windows-Sicherheitscenter aktivieren soll, funktioniert aber nicht - auf meinem Desktop befindet sich ein Icon von System care.. Was kann ich tun, damit mein System wieder läuft? Ich wäre Euch dankbar für verständliche Anleitungen, da ich kein PC-Spezialist bin. Aktuell schreibe ich euch von meinem ipad, da ich anders,, also im aktuellen abgesicherten Modus nicht ins www komme. Bitte um Hilfe. Danke |
08.05.2013, 19:15 | #2 |
/// Malware-holic | Windows 7 - Befall von System care antivirus Hi
__________________versuche mal, ob du in den abgesicherten Modus mit Netzwerk kommst, falls ja, lade von da das jetzt genannte Programm, bzw kopiere es, falls nein, via usb stick auf den PC Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
08.05.2013, 19:55 | #3 |
| Windows 7 - Befall von System care antivirus Danke für die schnelle Antwort. Ich versuche vergeblich ins www zu kommen, was nicht funktioniert. Ich habe im abgesicherten Modus ein Netzwerkkabel mit dem Router verbunden, aber ich erhalte keine Verbindung .ebenso kann ich über das ipad, sprich Safari den OTL nicht downloaden.
__________________ |
08.05.2013, 20:10 | #4 |
/// Malware-holic | Windows 7 - Befall von System care antivirus hi bist du im abgesicherten modus mit netzwerk, es gibt verschiedene Modi. otl sind 2 Links, evtl. den anderen versuchen, oder über einen anderen PC
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.05.2013, 20:13 | #5 |
| Windows 7 - Befall von System care antivirus Ich habe den PC jetzt via Systemwiederherstellung auf den 5.5.2013 zurückgesetzt. Da funktionierte ja noch alles. So bin ich normal (kein abgesicherter modus) ins www gekommen und habe mir OTL runtergelaufen. Folge nun im normalen Modus deinen Anweisungen. Okay? |
08.05.2013, 20:16 | #6 |
/// Malware-holic | Windows 7 - Befall von System care antivirus bitte nutze nie wieder die swh bei malware befall, damit kannst du es dann evtl. nur schlimmer machen, aber nu machs halt im normalen modus
__________________ --> Windows 7 - Befall von System care antivirus |
08.05.2013, 20:22 | #7 |
| Windows 7 - Befall von System care antivirus Okay, hoffentlich ist es nun nicht schlimmer geworden.. OTL scannt nun durch, im normalen Modus. Und ich kopiere dann gleich die Otl und extra in den thread. Das dauert ganz schön, aber ist sicher normal. Nebenbei Updates avira und Java fragt mich, ob ich Update zulasse. |
08.05.2013, 20:23 | #8 |
/// Malware-holic | Windows 7 - Befall von System care antivirus erst mal nicht, und mache nichts nebenbei.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.05.2013, 20:46 | #9 |
| Windows 7 - Befall von System care antivirus hier nun die otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.05.2013 21:18:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MEDION\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,70% Memory free 6,50 Gb Paging File | 5,22 Gb Available in Paging File | 80,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 830,99 Gb Free Space | 91,28% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,76 Gb Free Space | 53,81% Space Free | Partition Type: NTFS Drive E: | 14,92 Gb Total Space | 5,62 Gb Free Space | 37,71% Space Free | Partition Type: FAT32 Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe PRC - [2013.03.27 15:28:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.27 15:27:53 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE PRC - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2013.04.12 09:53:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.27 15:28:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.27 15:28:00 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.03.27 15:27:56 | 000,374,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.03.27 15:27:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.27 15:27:52 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2013.03.13 19:10:06 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv) DRV - [2013.03.27 15:28:34 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.27 15:28:34 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.27 15:28:34 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.12 21:30:59 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2013.02.12 21:30:59 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012.12.24 06:53:24 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2012.10.03 10:26:12 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.12.02 13:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.12.02 13:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.12.02 13:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.12.02 13:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAMD&ocid=bb7hp IE - HKCU\..\SearchScopes,DefaultScope = {25D7FF24-1841-4B37-A67D-10DB139504C9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{25D7FF24-1841-4B37-A67D-10DB139504C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:53:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:53:44 | 000,000,000 | ---D | M] [2010.10.13 18:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions [2013.03.22 19:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ur11sf9k.default\extensions [2013.03.22 19:12:04 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\toolbar@web.de.xpi [2013.02.15 11:39:50 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.22 19:12:08 | 000,001,050 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\11-suche.xml [2013.03.22 19:12:08 | 000,002,418 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\englische-ergebnisse.xml [2013.03.22 19:12:07 | 000,010,701 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\gmx-suche.xml [2013.03.22 19:12:08 | 000,002,432 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\lastminute.xml [2013.03.22 19:12:07 | 000,005,682 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\webde-suche.xml [2013.04.12 09:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 09:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.04.12 09:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.04.12 09:53:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.17 16:58:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 09:04:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 16:58:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 16:58:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 16:58:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 16:58:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - Startup: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C05F6D5-4A03-4FC6-B207-445F9F509472}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f3d757ff-a6af-11e2-8537-406186bfb951}\Shell - "" = AutoRun O33 - MountPoints2\{f3d757ff-a6af-11e2-8537-406186bfb951}\Shell\AutoRun\command - "" = E:\SISetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.05.08 21:21:34 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.08 21:16:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe [2013.05.07 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\146B3392068476C50000146B1F2B7B59 [2013.04.20 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\2013-04-20 godi plan 2013 [2013.04.16 18:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.04.16 18:31:59 | 001,035,408 | ---- | C] (The OpenSSL Project) -- C:\Windows\System32\ltcry15u.dll [2013.04.12 09:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011.03.12 20:33:42 | 009,105,656 | ---- | C] (VSO-Software ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.08 21:21:52 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 21:21:52 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 21:21:28 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.08 21:21:28 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.08 21:21:28 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.08 21:21:28 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.08 21:21:14 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.08 21:14:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.08 21:14:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.08 21:14:29 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys [2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe [2013.04.30 08:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.30 08:33:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.17 11:17:17 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.04.16 18:55:17 | 003,357,194 | ---- | M] () -- C:\Users\MEDION\Desktop\rügen 001.jpg [2013.04.16 18:23:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf [2013.04.14 09:50:14 | 000,456,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.16 18:54:44 | 003,357,194 | ---- | C] () -- C:\Users\MEDION\Desktop\rügen 001.jpg [2013.04.16 18:27:26 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe [2013.04.16 18:27:26 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL [2013.04.16 18:27:26 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL [2013.04.16 18:23:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf [2012.12.24 06:53:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2012.11.07 05:23:30 | 000,029,184 | ---- | C] () -- C:\Windows\System32\HPImgFlt.dll [2012.11.07 05:23:04 | 000,053,760 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll [2012.05.08 13:44:00 | 000,185,901 | ---- | C] () -- C:\Windows\hpoins43.dat.temp [2012.05.08 13:44:00 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp [2012.02.13 21:30:02 | 000,000,614 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.08 22:27:42 | 000,003,584 | ---- | C] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.12 21:02:00 | 000,002,112 | ---- | C] () -- C:\Users\MEDION\AppData\Local\Images.fl [2011.01.23 12:31:17 | 000,077,891 | ---- | C] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo [2010.11.09 13:35:40 | 001,008,736 | ---- | C] () -- C:\Users\MEDION\AmazonMP3Installer-de_DE.exe [2010.10.20 16:25:01 | 070,621,664 | ---- | C] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe [2010.10.16 11:58:45 | 000,022,777 | ---- | C] () -- C:\Users\MEDION\19666-knecht1.jpg ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.11.09 13:37:43 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Amazon [2013.05.08 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Dropbox [2012.01.14 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\elsterformular [2012.05.14 10:05:31 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Pixlromatic [2012.02.13 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Template [2013.03.24 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\VSO ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.26 12:04:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.05.08 21:04:02 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.01.22 15:05:22 | 000,000,000 | ---D | M] -- C:\NVIDIA [2013.04.14 10:07:12 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.08 21:04:06 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.08 11:23:59 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.05.08 21:23:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.01.08 11:24:08 | 000,000,000 | R--D | M] -- C:\Users [2013.05.08 21:10:08 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2011.08.07 11:47:46 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.08.07 11:47:49 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.05.02 11:21:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\drivers\nvstor32.sys [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_68640c3c72cad0af\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < %USERPROFILE%\*.* > [2010.10.16 11:58:46 | 000,022,777 | ---- | M] () -- C:\Users\MEDION\19666-knecht1.jpg [2010.11.09 13:35:41 | 001,008,736 | ---- | M] () -- C:\Users\MEDION\AmazonMP3Installer-de_DE.exe [2011.03.02 19:41:10 | 000,077,891 | ---- | M] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo [2013.05.08 21:28:14 | 002,883,584 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat [2013.05.08 21:28:13 | 000,262,144 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG1 [2010.01.08 11:24:10 | 000,000,000 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG2 [2010.01.08 13:11:23 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.05.08 21:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TM.blf [2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000001.regtrans-ms [2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000002.regtrans-ms [2010.01.08 11:24:11 | 000,000,020 | -HS- | M] () -- C:\Users\MEDION\ntuser.ini [2010.10.20 16:28:55 | 070,621,664 | ---- | M] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe [2011.09.24 10:30:56 | 000,011,264 | -HS- | M] () -- C:\Users\MEDION\Thumbs.db [2011.03.12 20:34:06 | 009,105,656 | ---- | M] (VSO-Software ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > und die extra.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.05.2013 21:18:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MEDION\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,70% Memory free 6,50 Gb Paging File | 5,22 Gb Available in Paging File | 80,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 830,99 Gb Free Space | 91,28% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,76 Gb Free Space | 53,81% Space Free | Partition Type: NTFS Drive E: | 14,92 Gb Total Space | 5,62 Gb Free Space | 37,71% Space Free | Partition Type: FAT32 Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01620887-569E-47D1-AF92-B2794C31A0A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0A38DC91-1013-4F62-8D6F-08A3BEBC5498}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0A5B0242-7F89-4396-AF9E-4AC4774A6B30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B521632-C158-41BC-A940-E71ABFD4C416}" = lport=138 | protocol=17 | dir=in | app=system | "{11AD5A2D-D30A-4946-93A2-AD5036DCD26D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{187E324C-24D0-4F1F-9BAE-BADB373A2806}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2649CE07-BD4F-45ED-BC45-9B7AF6242D32}" = rport=139 | protocol=6 | dir=out | app=system | "{33340A3E-3AE7-4331-BF39-92C15827D32D}" = rport=445 | protocol=6 | dir=out | app=system | "{35FA3A0A-A9A7-4B30-AF94-04C625509501}" = lport=2869 | protocol=6 | dir=in | app=system | "{361E6F13-9C6E-441E-BD5F-674E727CE31C}" = lport=2869 | protocol=6 | dir=in | app=system | "{38F8EE44-3FE2-4823-B12D-F5D99D6C1542}" = lport=137 | protocol=17 | dir=in | app=system | "{4A75B34B-036F-4A29-B73F-90B6550D84F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{58FFE0B6-58FA-4979-B3B7-BCDCE92B694A}" = lport=10243 | protocol=6 | dir=in | app=system | "{5E8DCCED-86CF-49B8-B812-2AE6D521B95C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{64E589C3-541D-4AE4-B449-8F5E9E272F6A}" = rport=10243 | protocol=6 | dir=out | app=system | "{667AC8BB-1A77-4F04-AA14-39D6606B3E56}" = lport=139 | protocol=6 | dir=in | app=system | "{7C485BB5-D8BA-4714-AEE1-AD7C022B077B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8E6D01F5-A482-455F-9F9A-5520D9D185E3}" = lport=5357 | protocol=6 | dir=in | app=system | "{92AB3CE8-D6E7-45E4-8932-F7341542ADE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{973FBC71-3715-4EEB-9BDF-8463AA87398A}" = lport=2869 | protocol=6 | dir=in | app=system | "{A39878E6-2378-41B7-B454-10E08FD77460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A4337DBB-2234-4D2A-8BDD-EFC29CD29A84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AFA1F53F-A959-4762-B00E-13CAB983F9A7}" = lport=445 | protocol=6 | dir=in | app=system | "{B0C1968A-26A5-4856-8A30-A00DD0602D95}" = rport=5358 | protocol=6 | dir=out | app=system | "{B73078CA-F773-4E6E-94FC-F773E927B920}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BF09127E-2A2D-4347-8F4E-58D02DE6D7F8}" = lport=445 | protocol=6 | dir=in | app=system | "{D8663BA6-F505-41D9-A128-3DC95C3EA4C5}" = rport=138 | protocol=17 | dir=out | app=system | "{DB593E6D-8CBD-4E8D-80C9-D5750968DCD2}" = rport=137 | protocol=17 | dir=out | app=system | "{DFBF274D-35F4-44A6-B81B-D3AC88F592BD}" = lport=5358 | protocol=6 | dir=in | app=system | "{DFF3A74A-FD9D-49A0-96D9-683C0DA53C6A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{E6C74909-5F04-44F0-A011-8C81EE236D14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EC976CE7-E7AB-44E8-BFF1-CB2A90166CE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FD247FA8-B67D-4639-9B72-12F47C1AA5A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD76B103-5057-47F7-8A0F-1B4CAE63A08E}" = rport=5357 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0340C827-81ED-4198-8690-B7568B83CBD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{07B78EA8-79B2-4D13-B47A-2D52F4E75774}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe | "{0C7DD1B5-43F2-435B-8182-A2D93E54E7A0}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe | "{103103C4-023A-4182-92B6-29ADC5D8D075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{18638D94-DFCD-4F34-880A-34DEE891BB32}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{1DB3C7AB-27BB-49B9-8E04-6ADF175A4ECB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{220F1C17-A4C5-4165-A8E8-393202B43E77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2BA3DB76-BA9D-48DD-9B9B-90886F179B60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{2CB3D0A3-478D-4446-82C5-DB8C172DF6B6}" = protocol=6 | dir=out | app=system | "{3266F8C0-F91D-4C64-883B-D7F10359472D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{42424C17-F93A-4834-8D0E-67618F453B62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{491D04CF-C801-44B9-8813-0CF820B32AD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4AE19C23-C6E0-41C5-8823-C13344B7E241}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5E251CF7-251D-4713-B069-97514B4C2FA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{602CD244-7453-4F78-B9C5-EE3327030177}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{69ECD1C4-1628-479A-982E-D71DA9215084}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{6E3EB584-3FA9-4E98-8ACA-EA277D77A183}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6F7C5D68-32A8-4393-A8F3-9FF34E1BE398}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7201C861-D326-47F1-8558-66806D7F1DA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7F140670-6FFF-4439-ADB5-568887E412F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{7FCEB9C8-3D0E-4C4B-BF2F-C0B458180C0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8909F3AF-0911-4117-BC8E-2C74DD5ED52E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8A19A574-EF9C-42B6-97F1-B575CCA90F2E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8A585F77-0C24-46D3-A349-9621DE545746}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{931A750B-A614-4898-A52A-A406C8AFC9F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{94EE57A7-B6DC-48CE-BAAA-3373D98DAD1B}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | "{9E464F21-77EE-4B85-BD5C-952FE70CF4C9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{9F0EAA22-17DE-4086-BA92-3A18DD764CC7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{A76E5D9A-2D14-48E0-81D1-1B4B59F55806}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A7D0404C-4074-4546-AA2B-7C8775960210}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CAEB1F4A-0C32-46DD-9C99-D3FB288C1A66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D0A14B2B-702E-4600-98B5-0B241811CE76}" = dir=in | app=c:\program files\itunes\itunes.exe | "{D77F7D21-1AC5-4E20-932D-AF608886292C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{DE669EDE-0F5E-45A5-8B6E-EAB0A8894B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DF971AE9-CD92-4B74-A85F-15CD0542F10E}" = dir=in | app=c:\users\medion\appdata\local\temp\7zs5c35\setup\hpznui01.exe | "{E06BFF73-9BEA-49F2-AE03-8089CE92A80C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EA946BFE-E9CD-4A2C-993B-2ACF78A0474B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EC84D397-832D-4942-9D61-0EF23A8BFA1D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{F8D57D21-BD3C-478D-960F-910A2228B637}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 39 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Avira AntiVir Desktop" = Avira Internet Security "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "ElsterFormular" = ElsterFormular "HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Student 2010 "OnlineFotoservice" = OnlineFotoservice "Pixlromatic" = Pixlr-o-matic "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.03.2013 15:53:23 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Resize.exe, Version: 4.0.3.2, Zeitstempel: 0x4d10dfee Name des fehlerhaften Moduls: Resize.exe, Version: 4.0.3.2, Zeitstempel: 0x4d10dfee Ausnahmecode: 0xc0000005 Fehleroffset: 0x0063c417 ID des fehlerhaften Prozesses: 0x1160 Startzeit der fehlerhaften Anwendung: 0x01ce28c9385214e0 Pfad der fehlerhaften Anwendung: C:\Program Files\VSO\Image Resizer 4\Resize.exe Pfad des fehlerhaften Moduls: C:\Program Files\VSO\Image Resizer 4\Resize.exe Berichtskennung: 7b78a9a0-94bc-11e2-8a59-406186bfb951 Error - 06.05.2013 05:38:30 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4122 Description = Die Datei AVGDLL_InitScan konnte nicht geladen werden. Fehlercode: 0x2 Error - 07.05.2013 16:26:45 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 14.0.8089.726, Zeitstempel: 0x4a6ce53d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00047732 ID des fehlerhaften Prozesses: 0x1440 Startzeit der fehlerhaften Anwendung: 0x01ce4b60efb06ec0 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Live\Mail\wlmail.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6f760e80-b754-11e2-a44b-406186bfb951 Error - 08.05.2013 14:28:34 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227 Description = Error - 08.05.2013 14:29:51 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227 Description = Error - 08.05.2013 14:30:18 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227 Description = Error - 08.05.2013 15:05:19 | Computer Name = MEDION-PC | Source = Avira FireWall | ID = 0 Description = Ungültige Lizenz Error - 08.05.2013 15:05:20 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 08.05.2013 15:14:40 | Computer Name = MEDION-PC | Source = Avira FireWall | ID = 0 Description = Ungültige Lizenz Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 [ System Events ] Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = DCOM | ID = 10005 Description = Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = DCOM | ID = 10005 Description = Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Avira Email Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066 Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066 Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > |
08.05.2013, 21:08 | #10 |
/// Malware-holic | Windows 7 - Befall von System care antivirus Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL [2013.05.07 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\146B3392068476C50000146B1F2B7B59 :files :Commands [emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.05.2013, 21:09 | #11 |
| Windows 7 - Befall von System care antivirus was soll ich jetzt tun? malwarebytes? okay, ich führe fix durch. danke Der pc rödelt ... Die Icons sind vom Desktop verschwunden und ich sehe das blanko-hintergrundbild. Wie lange soll ich ausharren? Denn der Rechner scheint nicht zu reagieren außer lautstark arbeiten... das ergebnis von fix All processes killed ========== OTL ========== Folder C:\ProgramData\146B3392068476C50000146B1F2B7B59\ not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MEDION ->Temp folder emptied: 462603580 bytes ->Temporary Internet Files folder emptied: 994574851 bytes ->Java cache emptied: 21061243 bytes ->FireFox cache emptied: 1119285317 bytes ->Flash cache emptied: 30797077 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 164338313 bytes RecycleBin emptied: 191265998 bytes Total Files Cleaned = 2.846,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05082013_221226 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
08.05.2013, 21:39 | #12 |
/// Malware-holic | Windows 7 - Befall von System care antivirus ok, weiter hiermit: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.05.2013, 21:49 | #13 |
| Windows 7 - Befall von System care antivirus okay, gesagt - getan. tdsskiller hat zwei logdateien auf meinem rechner gespeichert. nummer 1 22:43:27.0471 3492 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:43:27.0752 3492 ============================================================ 22:43:27.0752 3492 Current date / time: 2013/05/08 22:43:27.0752 22:43:27.0752 3492 SystemInfo: 22:43:27.0752 3492 22:43:27.0752 3492 OS Version: 6.1.7601 ServicePack: 1.0 22:43:27.0752 3492 Product type: Workstation 22:43:27.0752 3492 ComputerName: MEDION-PC 22:43:27.0752 3492 UserName: MEDION 22:43:27.0752 3492 Windows directory: C:\Windows 22:43:27.0752 3492 System windows directory: C:\Windows 22:43:27.0752 3492 Processor architecture: Intel x86 22:43:27.0752 3492 Number of processors: 2 22:43:27.0752 3492 Page size: 0x1000 22:43:27.0752 3492 Boot type: Normal boot 22:43:27.0752 3492 ============================================================ 22:43:30.0170 3492 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:43:30.0170 3492 Drive \Device\Harddisk1\DR1 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:43:30.0170 3492 ============================================================ 22:43:30.0170 3492 \Device\Harddisk0\DR0: 22:43:30.0170 3492 MBR partitions: 22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000 22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000 22:43:30.0170 3492 \Device\Harddisk1\DR1: 22:43:30.0170 3492 MBR partitions: 22:43:30.0170 3492 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92 22:43:30.0170 3492 ============================================================ 22:43:30.0186 3492 C: <-> \Device\Harddisk0\DR0\Partition2 22:43:30.0217 3492 D: <-> \Device\Harddisk0\DR0\Partition3 22:43:30.0217 3492 ============================================================ 22:43:30.0217 3492 Initialize success 22:43:30.0217 3492 ============================================================ 22:43:45.0911 4068 Deinitialize success und nummer 2 22:43:49.0018 3084 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:43:49.0267 3084 ============================================================ 22:43:49.0267 3084 Current date / time: 2013/05/08 22:43:49.0267 22:43:49.0267 3084 SystemInfo: 22:43:49.0267 3084 22:43:49.0267 3084 OS Version: 6.1.7601 ServicePack: 1.0 22:43:49.0267 3084 Product type: Workstation 22:43:49.0267 3084 ComputerName: MEDION-PC 22:43:49.0267 3084 UserName: MEDION 22:43:49.0267 3084 Windows directory: C:\Windows 22:43:49.0267 3084 System windows directory: C:\Windows 22:43:49.0267 3084 Processor architecture: Intel x86 22:43:49.0267 3084 Number of processors: 2 22:43:49.0267 3084 Page size: 0x1000 22:43:49.0267 3084 Boot type: Normal boot 22:43:49.0267 3084 ============================================================ 22:43:50.0578 3084 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:43:50.0578 3084 Drive \Device\Harddisk1\DR1 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:43:50.0578 3084 ============================================================ 22:43:50.0578 3084 \Device\Harddisk0\DR0: 22:43:50.0578 3084 MBR partitions: 22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000 22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000 22:43:50.0578 3084 \Device\Harddisk1\DR1: 22:43:50.0593 3084 MBR partitions: 22:43:50.0593 3084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92 22:43:50.0593 3084 ============================================================ 22:43:50.0609 3084 C: <-> \Device\Harddisk0\DR0\Partition2 22:43:50.0609 3084 D: <-> \Device\Harddisk0\DR0\Partition3 22:43:50.0609 3084 ============================================================ 22:43:50.0609 3084 Initialize success 22:43:50.0609 3084 ============================================================ 22:44:10.0798 3192 ============================================================ 22:44:10.0798 3192 Scan started 22:44:10.0798 3192 Mode: Manual; SigCheck; TDLFS; 22:44:10.0798 3192 ============================================================ 22:44:11.0235 3192 ================ Scan system memory ======================== 22:44:11.0235 3192 System memory - ok 22:44:11.0235 3192 ================ Scan services ============================= 22:44:11.0391 3192 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:44:11.0500 3192 1394ohci - ok 22:44:11.0563 3192 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:44:11.0594 3192 ACPI - ok 22:44:11.0610 3192 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:44:11.0656 3192 AcpiPmi - ok 22:44:11.0734 3192 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:44:11.0766 3192 AdobeFlashPlayerUpdateSvc - ok 22:44:11.0812 3192 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:44:11.0844 3192 adp94xx - ok 22:44:11.0890 3192 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:44:11.0922 3192 adpahci - ok 22:44:11.0937 3192 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:44:11.0953 3192 adpu320 - ok 22:44:12.0000 3192 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:44:12.0062 3192 AeLookupSvc - ok 22:44:12.0124 3192 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 22:44:12.0202 3192 AFD - ok 22:44:12.0249 3192 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 22:44:12.0280 3192 agp440 - ok 22:44:12.0312 3192 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 22:44:12.0343 3192 aic78xx - ok 22:44:12.0374 3192 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 22:44:12.0421 3192 ALG - ok 22:44:12.0436 3192 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 22:44:12.0452 3192 aliide - ok 22:44:12.0468 3192 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 22:44:12.0499 3192 amdagp - ok 22:44:12.0514 3192 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 22:44:12.0530 3192 amdide - ok 22:44:12.0561 3192 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:44:12.0608 3192 AmdK8 - ok 22:44:12.0608 3192 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:44:12.0655 3192 AmdPPM - ok 22:44:12.0686 3192 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:44:12.0717 3192 amdsata - ok 22:44:12.0733 3192 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:44:12.0764 3192 amdsbs - ok 22:44:12.0780 3192 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:44:12.0795 3192 amdxata - ok 22:44:12.0904 3192 [ 07B0B7175C61F65483D60577AC864B41 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe 22:44:12.0936 3192 AntiVirFirewallService - ok 22:44:12.0998 3192 [ 50DDEB8CA3620655B9FF68FFFC41248E ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 22:44:13.0029 3192 AntiVirMailService - ok 22:44:13.0076 3192 [ BD33282EC067551060DC3A9628160E5B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 22:44:13.0092 3192 AntiVirSchedulerService - ok 22:44:13.0138 3192 [ 2B73EF0F975642509AB66827C4E9D6C8 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 22:44:13.0138 3192 AntiVirService - ok 22:44:13.0201 3192 [ F46BD152C8A9C4EBAE2EC51B063DE0ED ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 22:44:13.0216 3192 AntiVirWebService - ok 22:44:13.0263 3192 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 22:44:13.0294 3192 AppID - ok 22:44:13.0310 3192 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:44:13.0388 3192 AppIDSvc - ok 22:44:13.0419 3192 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 22:44:13.0466 3192 Appinfo - ok 22:44:13.0575 3192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:44:13.0591 3192 Apple Mobile Device - ok 22:44:13.0622 3192 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 22:44:13.0638 3192 arc - ok 22:44:13.0653 3192 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:44:13.0684 3192 arcsas - ok 22:44:13.0700 3192 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:44:13.0747 3192 AsyncMac - ok 22:44:13.0762 3192 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 22:44:13.0778 3192 atapi - ok 22:44:13.0809 3192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:44:13.0872 3192 AudioEndpointBuilder - ok 22:44:13.0903 3192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 22:44:13.0934 3192 Audiosrv - ok 22:44:13.0996 3192 [ 662ECAEC0FAE2C2069B75EF8A762BE87 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys 22:44:14.0308 3192 avfwim - ok 22:44:14.0371 3192 [ E4DC0228AB7492086B96FCC8298CF3B6 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys 22:44:14.0386 3192 avfwot - ok 22:44:14.0449 3192 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:44:14.0464 3192 avgntflt - ok 22:44:14.0496 3192 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:44:14.0511 3192 avipbb - ok 22:44:14.0527 3192 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 22:44:14.0542 3192 avkmgr - ok 22:44:14.0605 3192 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:44:14.0714 3192 AxInstSV - ok 22:44:14.0761 3192 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 22:44:14.0823 3192 b06bdrv - ok 22:44:14.0854 3192 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 22:44:14.0886 3192 b57nd60x - ok 22:44:14.0979 3192 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe 22:44:14.0995 3192 BBSvc - ok 22:44:15.0042 3192 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe 22:44:15.0057 3192 BBUpdate - ok 22:44:15.0073 3192 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 22:44:15.0135 3192 BDESVC - ok 22:44:15.0151 3192 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 22:44:15.0198 3192 Beep - ok 22:44:15.0244 3192 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 22:44:15.0322 3192 BFE - ok 22:44:15.0354 3192 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 22:44:15.0416 3192 BITS - ok 22:44:15.0416 3192 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:44:15.0447 3192 blbdrive - ok 22:44:15.0510 3192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:44:15.0541 3192 Bonjour Service - ok 22:44:15.0588 3192 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:44:15.0619 3192 bowser - ok 22:44:15.0650 3192 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:44:15.0697 3192 BrFiltLo - ok 22:44:15.0697 3192 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:44:15.0744 3192 BrFiltUp - ok 22:44:15.0790 3192 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 22:44:15.0837 3192 Browser - ok 22:44:15.0853 3192 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:44:15.0900 3192 Brserid - ok 22:44:15.0915 3192 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:44:15.0946 3192 BrSerWdm - ok 22:44:15.0978 3192 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:44:16.0009 3192 BrUsbMdm - ok 22:44:16.0009 3192 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:44:16.0040 3192 BrUsbSer - ok 22:44:16.0040 3192 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:44:16.0071 3192 BTHMODEM - ok 22:44:16.0102 3192 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 22:44:16.0134 3192 bthserv - ok 22:44:16.0180 3192 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:44:16.0227 3192 cdfs - ok 22:44:16.0305 3192 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:44:16.0368 3192 cdrom - ok 22:44:16.0414 3192 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 22:44:16.0492 3192 CertPropSvc - ok 22:44:16.0524 3192 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:44:16.0570 3192 circlass - ok 22:44:16.0586 3192 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 22:44:16.0602 3192 CLFS - ok 22:44:16.0695 3192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:44:16.0726 3192 clr_optimization_v2.0.50727_32 - ok 22:44:16.0789 3192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:44:16.0820 3192 clr_optimization_v4.0.30319_32 - ok 22:44:16.0836 3192 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:44:16.0867 3192 CmBatt - ok 22:44:16.0867 3192 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:44:16.0898 3192 cmdide - ok 22:44:16.0929 3192 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 22:44:16.0960 3192 CNG - ok 22:44:16.0976 3192 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:44:16.0992 3192 Compbatt - ok 22:44:17.0054 3192 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:44:17.0101 3192 CompositeBus - ok 22:44:17.0116 3192 COMSysApp - ok 22:44:17.0148 3192 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:44:17.0179 3192 crcdisk - ok 22:44:17.0241 3192 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:44:17.0304 3192 CryptSvc - ok 22:44:17.0350 3192 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 22:44:17.0397 3192 DcomLaunch - ok 22:44:17.0428 3192 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 22:44:17.0475 3192 defragsvc - ok 22:44:17.0491 3192 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:44:17.0553 3192 DfsC - ok 22:44:17.0584 3192 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 22:44:17.0662 3192 Dhcp - ok 22:44:17.0694 3192 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 22:44:17.0725 3192 discache - ok 22:44:17.0756 3192 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:44:17.0787 3192 Disk - ok 22:44:17.0803 3192 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:44:17.0850 3192 Dnscache - ok 22:44:17.0881 3192 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 22:44:17.0959 3192 dot3svc - ok 22:44:18.0021 3192 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 22:44:18.0037 3192 Dot4 - ok 22:44:18.0052 3192 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 22:44:18.0084 3192 Dot4Print - ok 22:44:18.0115 3192 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 22:44:18.0146 3192 dot4usb - ok 22:44:18.0177 3192 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 22:44:18.0224 3192 DPS - ok 22:44:18.0271 3192 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:44:18.0302 3192 drmkaud - ok 22:44:18.0349 3192 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:44:18.0380 3192 DXGKrnl - ok 22:44:18.0396 3192 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 22:44:18.0442 3192 EapHost - ok 22:44:18.0536 3192 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 22:44:18.0692 3192 ebdrv - ok 22:44:18.0723 3192 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 22:44:18.0754 3192 EFS - ok 22:44:18.0786 3192 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:44:18.0832 3192 ehRecvr - ok 22:44:18.0848 3192 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 22:44:18.0895 3192 ehSched - ok 22:44:18.0926 3192 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:44:18.0957 3192 elxstor - ok 22:44:18.0973 3192 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:44:19.0004 3192 ErrDev - ok 22:44:19.0035 3192 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 22:44:19.0098 3192 EventSystem - ok 22:44:19.0129 3192 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 22:44:19.0176 3192 exfat - ok 22:44:19.0222 3192 Fabs - ok 22:44:19.0238 3192 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:44:19.0269 3192 fastfat - ok 22:44:19.0394 3192 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 22:44:19.0519 3192 Fax - ok 22:44:19.0550 3192 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:44:19.0659 3192 fdc - ok 22:44:19.0675 3192 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 22:44:19.0722 3192 fdPHost - ok 22:44:19.0753 3192 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 22:44:19.0815 3192 FDResPub - ok 22:44:19.0831 3192 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:44:19.0846 3192 FileInfo - ok 22:44:19.0862 3192 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:44:19.0893 3192 Filetrace - ok 22:44:19.0971 3192 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 22:44:20.0080 3192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 22:44:20.0080 3192 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 22:44:20.0112 3192 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:44:20.0143 3192 flpydisk - ok 22:44:20.0158 3192 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:44:20.0190 3192 FltMgr - ok 22:44:20.0252 3192 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 22:44:20.0314 3192 FontCache - ok 22:44:20.0361 3192 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:44:20.0392 3192 FontCache3.0.0.0 - ok 22:44:20.0408 3192 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:44:20.0439 3192 FsDepends - ok 22:44:20.0470 3192 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:44:20.0486 3192 Fs_Rec - ok 22:44:20.0533 3192 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:44:20.0564 3192 fvevol - ok 22:44:20.0611 3192 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:44:20.0626 3192 gagp30kx - ok 22:44:20.0689 3192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:44:20.0704 3192 GEARAspiWDM - ok 22:44:20.0751 3192 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 22:44:20.0798 3192 gpsvc - ok 22:44:20.0860 3192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 22:44:20.0876 3192 gupdate - ok 22:44:20.0892 3192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 22:44:20.0907 3192 gupdatem - ok 22:44:20.0923 3192 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:44:20.0970 3192 hcw85cir - ok 22:44:21.0016 3192 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:44:21.0079 3192 HdAudAddService - ok 22:44:21.0094 3192 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:44:21.0110 3192 HDAudBus - ok 22:44:21.0141 3192 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:44:21.0188 3192 HidBatt - ok 22:44:21.0204 3192 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:44:21.0250 3192 HidBth - ok 22:44:21.0282 3192 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:44:21.0297 3192 HidIr - ok 22:44:21.0328 3192 [ 1FAB2540C1BD6DA847CCD292F4EEE48A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys 22:44:21.0344 3192 hidkmdf - ok 22:44:21.0360 3192 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 22:44:21.0406 3192 hidserv - ok 22:44:21.0438 3192 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 22:44:21.0453 3192 HidUsb - ok 22:44:21.0484 3192 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:44:21.0547 3192 hkmsvc - ok 22:44:21.0594 3192 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:44:21.0641 3192 HomeGroupListener - ok 22:44:21.0673 3192 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:44:21.0704 3192 HomeGroupProvider - ok 22:44:21.0719 3192 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:44:21.0751 3192 HpSAMD - ok 22:44:21.0813 3192 [ 1D387C1F30296D3A24205CC2D09C6926 ] HPSIService C:\Windows\system32\HPSIsvc.exe 22:44:21.0829 3192 HPSIService - ok 22:44:21.0907 3192 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 22:44:22.0515 3192 HPSLPSVC - ok 22:44:22.0562 3192 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:44:22.0641 3192 HTTP - ok 22:44:22.0672 3192 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:44:22.0703 3192 hwpolicy - ok 22:44:22.0734 3192 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:44:22.0781 3192 i8042prt - ok 22:44:22.0812 3192 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:44:22.0844 3192 iaStorV - ok 22:44:22.0906 3192 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:44:22.0968 3192 idsvc - ok 22:44:22.0968 3192 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:44:23.0000 3192 iirsp - ok 22:44:23.0031 3192 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 22:44:23.0078 3192 IKEEXT - ok 22:44:23.0187 3192 [ 4E3F36F7704CBBCD1B32657491A1944F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 22:44:23.0265 3192 IntcAzAudAddService - ok 22:44:23.0280 3192 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 22:44:23.0296 3192 intelide - ok 22:44:23.0327 3192 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:44:23.0343 3192 intelppm - ok 22:44:23.0374 3192 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:44:23.0436 3192 IPBusEnum - ok 22:44:23.0452 3192 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:44:23.0499 3192 IpFilterDriver - ok 22:44:23.0530 3192 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:44:23.0561 3192 iphlpsvc - ok 22:44:23.0592 3192 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:44:23.0624 3192 IPMIDRV - ok 22:44:23.0639 3192 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:44:23.0703 3192 IPNAT - ok 22:44:23.0749 3192 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:44:23.0765 3192 iPod Service - ok 22:44:23.0796 3192 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:44:23.0827 3192 IRENUM - ok 22:44:23.0859 3192 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:44:23.0874 3192 isapnp - ok 22:44:23.0890 3192 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:44:23.0921 3192 iScsiPrt - ok 22:44:23.0937 3192 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:44:23.0968 3192 kbdclass - ok 22:44:24.0015 3192 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:44:24.0046 3192 kbdhid - ok 22:44:24.0061 3192 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 22:44:24.0077 3192 KeyIso - ok 22:44:24.0093 3192 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:44:24.0124 3192 KSecDD - ok 22:44:24.0139 3192 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:44:24.0171 3192 KSecPkg - ok 22:44:24.0202 3192 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 22:44:24.0264 3192 KtmRm - ok 22:44:24.0280 3192 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 22:44:24.0342 3192 LanmanServer - ok 22:44:24.0358 3192 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:44:24.0389 3192 LanmanWorkstation - ok 22:44:24.0436 3192 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:44:24.0467 3192 lltdio - ok 22:44:24.0498 3192 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:44:24.0529 3192 lltdsvc - ok 22:44:24.0545 3192 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 22:44:24.0607 3192 lmhosts - ok 22:44:24.0623 3192 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:44:24.0654 3192 LSI_FC - ok 22:44:24.0670 3192 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:44:24.0701 3192 LSI_SAS - ok 22:44:24.0779 3192 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:44:24.0873 3192 LSI_SAS2 - ok 22:44:24.0966 3192 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:44:25.0044 3192 LSI_SCSI - ok 22:44:25.0044 3192 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 22:44:25.0091 3192 luafv - ok 22:44:25.0122 3192 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:44:25.0153 3192 Mcx2Svc - ok 22:44:25.0169 3192 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:44:25.0185 3192 megasas - ok 22:44:25.0216 3192 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:44:25.0231 3192 MegaSR - ok 22:44:25.0247 3192 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 22:44:25.0278 3192 MMCSS - ok 22:44:25.0294 3192 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 22:44:25.0356 3192 Modem - ok 22:44:25.0372 3192 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:44:25.0419 3192 monitor - ok 22:44:25.0450 3192 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 22:44:25.0465 3192 mouclass - ok 22:44:25.0481 3192 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:44:25.0512 3192 mouhid - ok 22:44:25.0559 3192 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:44:25.0575 3192 mountmgr - ok 22:44:25.0668 3192 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 22:44:25.0699 3192 MozillaMaintenance - ok 22:44:25.0715 3192 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 22:44:25.0731 3192 mpio - ok 22:44:25.0762 3192 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:44:25.0809 3192 mpsdrv - ok 22:44:25.0855 3192 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:44:25.0918 3192 MpsSvc - ok 22:44:25.0949 3192 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:44:25.0996 3192 MRxDAV - ok 22:44:26.0043 3192 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:44:26.0074 3192 mrxsmb - ok 22:44:26.0121 3192 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:44:26.0152 3192 mrxsmb10 - ok 22:44:26.0167 3192 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:44:26.0199 3192 mrxsmb20 - ok 22:44:26.0214 3192 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 22:44:26.0230 3192 msahci - ok 22:44:26.0261 3192 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:44:26.0292 3192 msdsm - ok 22:44:26.0308 3192 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 22:44:26.0339 3192 MSDTC - ok 22:44:26.0355 3192 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:44:26.0401 3192 Msfs - ok 22:44:26.0417 3192 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:44:26.0464 3192 mshidkmdf - ok 22:44:26.0495 3192 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:44:26.0511 3192 msisadrv - ok 22:44:26.0526 3192 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:44:26.0573 3192 MSiSCSI - ok 22:44:26.0573 3192 msiserver - ok 22:44:26.0604 3192 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:44:26.0635 3192 MSKSSRV - ok 22:44:26.0682 3192 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:44:26.0729 3192 MSPCLOCK - ok 22:44:26.0760 3192 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:44:26.0807 3192 MSPQM - ok 22:44:26.0838 3192 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:44:26.0854 3192 MsRPC - ok 22:44:26.0885 3192 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:44:26.0885 3192 mssmbios - ok 22:44:26.0901 3192 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:44:26.0947 3192 MSTEE - ok 22:44:26.0994 3192 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:44:27.0010 3192 MTConfig - ok 22:44:27.0025 3192 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 22:44:27.0041 3192 Mup - ok 22:44:27.0088 3192 [ 12AAA46852CFD850129881971976F047 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys 22:44:27.0150 3192 mvusbews - ok 22:44:27.0197 3192 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 22:44:27.0228 3192 napagent - ok 22:44:27.0291 3192 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:44:27.0322 3192 NativeWifiP - ok 22:44:27.0369 3192 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:44:27.0384 3192 NDIS - ok 22:44:27.0431 3192 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:44:27.0478 3192 NdisCap - ok 22:44:27.0540 3192 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:44:27.0571 3192 NdisTapi - ok 22:44:27.0603 3192 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:44:27.0634 3192 Ndisuio - ok 22:44:27.0665 3192 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:44:27.0727 3192 NdisWan - ok 22:44:27.0759 3192 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:44:27.0805 3192 NDProxy - ok 22:44:27.0852 3192 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 22:44:27.0852 3192 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:44:27.0852 3192 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:44:27.0899 3192 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:44:27.0930 3192 NetBIOS - ok 22:44:27.0961 3192 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:44:28.0024 3192 NetBT - ok 22:44:28.0055 3192 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 22:44:28.0071 3192 Netlogon - ok 22:44:28.0117 3192 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 22:44:28.0180 3192 Netman - ok 22:44:28.0195 3192 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 22:44:28.0242 3192 netprofm - ok 22:44:28.0273 3192 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:44:28.0305 3192 NetTcpPortSharing - ok 22:44:28.0336 3192 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:44:28.0351 3192 nfrd960 - ok 22:44:28.0383 3192 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 22:44:28.0414 3192 NlaSvc - ok 22:44:28.0461 3192 [ 712BC0C22BA00B2BA324C6B8DF668EE7 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 22:44:28.0539 3192 nmwcd - ok 22:44:28.0570 3192 [ 7312987B6CCDE6F6CEE32C14BED1CA2E ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys 22:44:28.0601 3192 nmwcdc - ok 22:44:28.0617 3192 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:44:28.0663 3192 Npfs - ok 22:44:28.0663 3192 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 22:44:28.0710 3192 nsi - ok 22:44:28.0726 3192 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:44:28.0757 3192 nsiproxy - ok 22:44:28.0804 3192 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:44:28.0897 3192 Ntfs - ok 22:44:28.0913 3192 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 22:44:28.0944 3192 Null - ok 22:44:29.0007 3192 [ DD1D4DBA6223A8F512AC4301D4270A7A ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys 22:44:29.0038 3192 nvamacpi - ok 22:44:29.0287 3192 [ 19F5C4949B2E4CBD2E95B8ECDFC84D25 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:44:29.0506 3192 nvlddmkm - ok 22:44:29.0553 3192 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:44:29.0584 3192 nvraid - ok 22:44:29.0646 3192 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys 22:44:29.0677 3192 nvsmu - ok 22:44:29.0709 3192 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:44:29.0740 3192 nvstor - ok 22:44:29.0771 3192 [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys 22:44:29.0802 3192 nvstor32 - ok 22:44:29.0818 3192 [ 7A68320FA236ED0479EFF93540391568 ] nvsvc C:\Windows\system32\nvvsvc.exe 22:44:29.0833 3192 nvsvc - ok 22:44:29.0865 3192 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:44:29.0880 3192 nv_agp - ok 22:44:29.0896 3192 [ F1A718C6C6CD3EDF157FA3D459ADFEF7 ] NW1950 C:\Windows\system32\DRIVERS\NW1950.sys 22:44:29.0911 3192 NW1950 - ok 22:44:30.0005 3192 [ 953E08D5CA0B02697A8145AAA0CA28BE ] NxpCap C:\Windows\system32\DRIVERS\NxpCap.sys 22:44:30.0052 3192 NxpCap - ok 22:44:30.0083 3192 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:44:30.0114 3192 ohci1394 - ok 22:44:30.0161 3192 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:44:30.0208 3192 ose - ok 22:44:30.0348 3192 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:44:30.0442 3192 osppsvc - ok 22:44:30.0457 3192 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:44:30.0504 3192 p2pimsvc - ok 22:44:30.0535 3192 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 22:44:30.0551 3192 p2psvc - ok 22:44:30.0582 3192 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:44:30.0629 3192 Parport - ok 22:44:30.0660 3192 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:44:30.0691 3192 partmgr - ok 22:44:30.0723 3192 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 22:44:30.0769 3192 Parvdm - ok 22:44:30.0785 3192 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:44:30.0816 3192 PcaSvc - ok 22:44:30.0832 3192 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 22:44:30.0847 3192 pci - ok 22:44:30.0879 3192 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 22:44:30.0894 3192 pciide - ok 22:44:30.0925 3192 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:44:30.0941 3192 pcmcia - ok 22:44:30.0972 3192 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 22:44:30.0988 3192 pcw - ok 22:44:31.0035 3192 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:44:31.0097 3192 PEAUTH - ok 22:44:31.0159 3192 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 22:44:31.0284 3192 pla - ok 22:44:31.0315 3192 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:44:31.0378 3192 PlugPlay - ok 22:44:31.0425 3192 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 22:44:31.0440 3192 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:44:31.0440 3192 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:44:31.0440 3192 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:44:31.0471 3192 PNRPAutoReg - ok 22:44:31.0471 3192 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:44:31.0503 3192 PNRPsvc - ok 22:44:31.0518 3192 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:44:31.0565 3192 PolicyAgent - ok 22:44:31.0612 3192 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 22:44:31.0643 3192 Power - ok 22:44:31.0674 3192 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:44:31.0721 3192 PptpMiniport - ok 22:44:31.0721 3192 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:44:31.0768 3192 Processor - ok 22:44:31.0799 3192 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 22:44:31.0877 3192 ProfSvc - ok 22:44:31.0893 3192 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:44:31.0908 3192 ProtectedStorage - ok 22:44:31.0955 3192 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:44:32.0002 3192 Psched - ok 22:44:32.0049 3192 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:44:32.0127 3192 ql2300 - ok 22:44:32.0158 3192 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:44:32.0173 3192 ql40xx - ok 22:44:32.0205 3192 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 22:44:32.0236 3192 QWAVE - ok 22:44:32.0251 3192 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:44:32.0267 3192 QWAVEdrv - ok 22:44:32.0283 3192 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:44:32.0329 3192 RasAcd - ok 22:44:32.0361 3192 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:44:32.0392 3192 RasAgileVpn - ok 22:44:32.0407 3192 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 22:44:32.0454 3192 RasAuto - ok 22:44:32.0454 3192 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:44:32.0501 3192 Rasl2tp - ok 22:44:32.0563 3192 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 22:44:32.0626 3192 RasMan - ok 22:44:32.0657 3192 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:44:32.0704 3192 RasPppoe - ok 22:44:32.0735 3192 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:44:32.0782 3192 RasSstp - ok 22:44:32.0813 3192 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:44:32.0860 3192 rdbss - ok 22:44:32.0875 3192 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:44:32.0891 3192 rdpbus - ok 22:44:32.0922 3192 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:44:32.0969 3192 RDPCDD - ok 22:44:33.0000 3192 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:44:33.0031 3192 RDPENCDD - ok 22:44:33.0047 3192 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:44:33.0078 3192 RDPREFMP - ok 22:44:33.0109 3192 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:44:33.0156 3192 RDPWD - ok 22:44:33.0203 3192 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:44:33.0234 3192 rdyboost - ok 22:44:33.0250 3192 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 22:44:33.0281 3192 RemoteAccess - ok 22:44:33.0312 3192 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:44:33.0343 3192 RemoteRegistry - ok 22:44:33.0421 3192 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe 22:44:33.0453 3192 RichVideo ( UnsignedFile.Multi.Generic ) - warning 22:44:33.0453 3192 RichVideo - detected UnsignedFile.Multi.Generic (1) 22:44:33.0468 3192 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:44:33.0531 3192 RpcEptMapper - ok 22:44:33.0546 3192 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 22:44:33.0593 3192 RpcLocator - ok 22:44:33.0624 3192 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 22:44:33.0655 3192 RpcSs - ok 22:44:33.0655 3192 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:44:33.0718 3192 rspndr - ok 22:44:33.0749 3192 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 22:44:33.0797 3192 RTL8167 - ok 22:44:33.0859 3192 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys 22:44:33.0890 3192 rtl8192se - ok 22:44:33.0922 3192 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 22:44:33.0937 3192 SamSs - ok 22:44:33.0984 3192 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:44:34.0000 3192 sbp2port - ok 22:44:34.0015 3192 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:44:34.0046 3192 SCardSvr - ok 22:44:34.0062 3192 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:44:34.0124 3192 scfilter - ok 22:44:34.0156 3192 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 22:44:34.0218 3192 Schedule - ok 22:44:34.0234 3192 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:44:34.0265 3192 SCPolicySvc - ok 22:44:34.0312 3192 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:44:34.0374 3192 SDRSVC - ok 22:44:34.0390 3192 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:44:34.0436 3192 secdrv - ok 22:44:34.0483 3192 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 22:44:34.0608 3192 seclogon - ok 22:44:34.0639 3192 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 22:44:34.0686 3192 SENS - ok 22:44:34.0702 3192 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:44:34.0733 3192 SensrSvc - ok 22:44:34.0748 3192 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:44:34.0795 3192 Serenum - ok 22:44:34.0826 3192 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:44:34.0858 3192 Serial - ok 22:44:34.0873 3192 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:44:34.0889 3192 sermouse - ok 22:44:34.0920 3192 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 22:44:34.0967 3192 SessionEnv - ok 22:44:34.0998 3192 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:44:35.0045 3192 sffdisk - ok 22:44:35.0060 3192 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:44:35.0092 3192 sffp_mmc - ok 22:44:35.0107 3192 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:44:35.0138 3192 sffp_sd - ok 22:44:35.0154 3192 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:44:35.0185 3192 sfloppy - ok 22:44:35.0216 3192 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:44:35.0279 3192 SharedAccess - ok 22:44:35.0310 3192 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:44:35.0341 3192 ShellHWDetection - ok 22:44:35.0357 3192 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 22:44:35.0388 3192 sisagp - ok 22:44:35.0435 3192 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:44:35.0466 3192 SiSRaid2 - ok 22:44:35.0482 3192 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:44:35.0497 3192 SiSRaid4 - ok 22:44:35.0544 3192 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:44:35.0575 3192 Smb - ok 22:44:35.0591 3192 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:44:35.0638 3192 SNMPTRAP - ok 22:44:35.0669 3192 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 22:44:35.0684 3192 spldr - ok 22:44:35.0731 3192 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 22:44:35.0762 3192 Spooler - ok 22:44:35.0825 3192 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 22:44:35.0887 3192 sppsvc - ok 22:44:35.0950 3192 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:44:35.0981 3192 sppuinotify - ok 22:44:36.0028 3192 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:44:36.0059 3192 srv - ok 22:44:36.0074 3192 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:44:36.0106 3192 srv2 - ok 22:44:36.0137 3192 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:44:36.0168 3192 srvnet - ok 22:44:36.0184 3192 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:44:36.0246 3192 SSDPSRV - ok 22:44:36.0324 3192 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 22:44:36.0355 3192 ssmdrv - ok 22:44:36.0371 3192 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:44:36.0402 3192 SstpSvc - ok 22:44:36.0418 3192 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:44:36.0433 3192 stexstor - ok 22:44:36.0464 3192 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 22:44:36.0496 3192 StillCam - ok 22:44:36.0542 3192 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 22:44:36.0589 3192 StiSvc - ok 22:44:36.0636 3192 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 22:44:36.0652 3192 swenum - ok 22:44:36.0667 3192 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 22:44:36.0698 3192 swprv - ok 22:44:36.0761 3192 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 22:44:36.0808 3192 SysMain - ok 22:44:36.0823 3192 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:44:36.0839 3192 TabletInputService - ok 22:44:36.0870 3192 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 22:44:36.0901 3192 TapiSrv - ok 22:44:36.0917 3192 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 22:44:36.0964 3192 TBS - ok 22:44:37.0010 3192 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:44:37.0073 3192 Tcpip - ok 22:44:37.0120 3192 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:44:37.0151 3192 TCPIP6 - ok 22:44:37.0182 3192 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:44:37.0213 3192 tcpipreg - ok 22:44:37.0260 3192 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:44:37.0322 3192 TDPIPE - ok 22:44:37.0354 3192 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:44:37.0385 3192 TDTCP - ok 22:44:37.0416 3192 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:44:37.0478 3192 tdx - ok 22:44:37.0478 3192 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:44:37.0510 3192 TermDD - ok 22:44:37.0556 3192 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 22:44:37.0619 3192 TermService - ok 22:44:37.0634 3192 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 22:44:37.0666 3192 Themes - ok 22:44:37.0681 3192 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 22:44:37.0712 3192 THREADORDER - ok 22:44:37.0759 3192 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 22:44:37.0837 3192 TrkWks - ok 22:44:37.0900 3192 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:44:37.0962 3192 TrustedInstaller - ok 22:44:37.0993 3192 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:44:38.0024 3192 tssecsrv - ok 22:44:38.0056 3192 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:44:38.0087 3192 TsUsbFlt - ok 22:44:38.0102 3192 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:44:38.0149 3192 tunnel - ok 22:44:38.0180 3192 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:44:38.0196 3192 uagp35 - ok 22:44:38.0227 3192 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:44:38.0290 3192 udfs - ok 22:44:38.0321 3192 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:44:38.0352 3192 UI0Detect - ok 22:44:38.0399 3192 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:44:38.0414 3192 uliagpkx - ok 22:44:38.0461 3192 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 22:44:38.0508 3192 umbus - ok 22:44:38.0524 3192 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:44:38.0539 3192 UmPass - ok 22:44:38.0555 3192 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 22:44:38.0617 3192 upnphost - ok 22:44:38.0664 3192 [ 7062ED67A10F1C83B2AB951736E24F11 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 22:44:38.0711 3192 upperdev - ok 22:44:38.0742 3192 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 22:44:38.0773 3192 USBAAPL - ok 22:44:38.0804 3192 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:44:38.0820 3192 usbccgp - ok 22:44:38.0851 3192 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:44:38.0898 3192 usbcir - ok 22:44:38.0929 3192 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:44:38.0960 3192 usbehci - ok 22:44:38.0992 3192 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:44:39.0023 3192 usbhub - ok 22:44:39.0038 3192 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:44:39.0054 3192 usbohci - ok 22:44:39.0085 3192 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:44:39.0116 3192 usbprint - ok 22:44:39.0148 3192 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:44:39.0179 3192 usbscan - ok 22:44:39.0210 3192 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys 22:44:39.0257 3192 usbser - ok 22:44:39.0272 3192 [ B76D8039F5B595C4CA551B3D5DD15A98 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 22:44:39.0304 3192 UsbserFilt - ok 22:44:39.0335 3192 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:44:39.0350 3192 USBSTOR - ok 22:44:39.0366 3192 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:44:39.0382 3192 usbuhci - ok 22:44:39.0428 3192 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:44:39.0460 3192 usbvideo - ok 22:44:39.0491 3192 uxddrv - ok 22:44:39.0506 3192 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 22:44:39.0538 3192 UxSms - ok 22:44:39.0553 3192 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 22:44:39.0569 3192 VaultSvc - ok 22:44:39.0584 3192 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:44:39.0616 3192 vdrvroot - ok 22:44:39.0647 3192 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 22:44:39.0709 3192 vds - ok 22:44:39.0740 3192 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:44:39.0787 3192 vga - ok 22:44:39.0803 3192 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 22:44:39.0834 3192 VgaSave - ok 22:44:39.0850 3192 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:44:39.0881 3192 vhdmp - ok 22:44:39.0912 3192 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 22:44:39.0943 3192 viaagp - ok 22:44:39.0959 3192 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 22:44:39.0990 3192 ViaC7 - ok 22:44:40.0006 3192 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 22:44:40.0037 3192 viaide - ok 22:44:40.0052 3192 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:44:40.0068 3192 volmgr - ok 22:44:40.0084 3192 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:44:40.0115 3192 volmgrx - ok 22:44:40.0146 3192 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:44:40.0177 3192 volsnap - ok 22:44:40.0208 3192 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:44:40.0240 3192 vsmraid - ok 22:44:40.0286 3192 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 22:44:40.0333 3192 VSS - ok 22:44:40.0349 3192 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:44:40.0380 3192 vwifibus - ok 22:44:40.0396 3192 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:44:40.0427 3192 vwififlt - ok 22:44:40.0458 3192 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:44:40.0474 3192 vwifimp - ok 22:44:40.0505 3192 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 22:44:40.0552 3192 W32Time - ok 22:44:40.0567 3192 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:44:40.0614 3192 WacomPen - ok 22:44:40.0645 3192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:44:40.0692 3192 WANARP - ok 22:44:40.0708 3192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:44:40.0723 3192 Wanarpv6 - ok 22:44:40.0770 3192 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 22:44:40.0832 3192 wbengine - ok 22:44:40.0864 3192 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:44:40.0895 3192 WbioSrvc - ok 22:44:40.0926 3192 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:44:40.0957 3192 wcncsvc - ok 22:44:40.0973 3192 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:44:41.0035 3192 WcsPlugInService - ok 22:44:41.0051 3192 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:44:41.0082 3192 Wd - ok 22:44:41.0113 3192 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:44:41.0144 3192 Wdf01000 - ok 22:44:41.0160 3192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:44:41.0207 3192 WdiServiceHost - ok 22:44:41.0222 3192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:44:41.0238 3192 WdiSystemHost - ok 22:44:41.0269 3192 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 22:44:41.0300 3192 WebClient - ok 22:44:41.0332 3192 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:44:41.0363 3192 Wecsvc - ok 22:44:41.0378 3192 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:44:41.0425 3192 wercplsupport - ok 22:44:41.0425 3192 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 22:44:41.0472 3192 WerSvc - ok 22:44:41.0503 3192 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:44:41.0534 3192 WfpLwf - ok 22:44:41.0566 3192 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:44:41.0581 3192 WIMMount - ok 22:44:41.0628 3192 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 22:44:41.0675 3192 WinDefend - ok 22:44:41.0690 3192 WinHttpAutoProxySvc - ok 22:44:41.0737 3192 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:44:41.0800 3192 Winmgmt - ok 22:44:41.0831 3192 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 22:44:41.0893 3192 WinRM - ok 22:44:41.0956 3192 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:44:42.0002 3192 WinUsb - ok 22:44:42.0034 3192 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:44:42.0080 3192 Wlansvc - ok 22:44:42.0158 3192 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:44:42.0205 3192 wlidsvc - ok 22:44:42.0221 3192 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:44:42.0236 3192 WmiAcpi - ok 22:44:42.0268 3192 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:44:42.0299 3192 wmiApSrv - ok 22:44:42.0361 3192 [ 36ED6F108DFA7C7DD329CF103B02C74B ] WMI_Hook_Service C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe 22:44:42.0408 3192 WMI_Hook_Service - ok 22:44:42.0470 3192 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 22:44:42.0533 3192 WMPNetworkSvc - ok 22:44:42.0548 3192 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:44:42.0580 3192 WPCSvc - ok 22:44:42.0611 3192 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:44:42.0642 3192 WPDBusEnum - ok 22:44:42.0673 3192 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:44:42.0720 3192 ws2ifsl - ok 22:44:42.0751 3192 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 22:44:42.0782 3192 wscsvc - ok 22:44:42.0829 3192 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 22:44:42.0876 3192 WSDPrintDevice - ok 22:44:42.0876 3192 WSearch - ok 22:44:42.0954 3192 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 22:44:43.0001 3192 wuauserv - ok 22:44:43.0032 3192 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:44:43.0063 3192 WudfPf - ok 22:44:43.0110 3192 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:44:43.0141 3192 WUDFRd - ok 22:44:43.0172 3192 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:44:43.0219 3192 wudfsvc - ok 22:44:43.0250 3192 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 22:44:43.0282 3192 WwanSvc - ok 22:44:43.0313 3192 ================ Scan global =============================== 22:44:43.0360 3192 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 22:44:43.0391 3192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 22:44:43.0406 3192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 22:44:43.0438 3192 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 22:44:43.0469 3192 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 22:44:43.0484 3192 [Global] - ok 22:44:43.0484 3192 ================ Scan MBR ================================== 22:44:43.0500 3192 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0 22:44:46.0433 3192 \Device\Harddisk0\DR0 - ok 22:44:46.0433 3192 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 22:44:46.0589 3192 \Device\Harddisk1\DR1 - ok 22:44:46.0589 3192 ================ Scan VBR ================================== 22:44:46.0589 3192 [ 137FBB9DB68659101FFE5097EDB2D58B ] \Device\Harddisk0\DR0\Partition1 22:44:46.0589 3192 \Device\Harddisk0\DR0\Partition1 - ok 22:44:46.0620 3192 [ 3F1D14104B5F9652F541BD046C905C53 ] \Device\Harddisk0\DR0\Partition2 22:44:46.0620 3192 \Device\Harddisk0\DR0\Partition2 - ok 22:44:46.0651 3192 [ 6D95BE7D06AE83B714926815C52BAF92 ] \Device\Harddisk0\DR0\Partition3 22:44:46.0651 3192 \Device\Harddisk0\DR0\Partition3 - ok 22:44:46.0667 3192 [ B3C0FF75B36DC1575F89ACF96DD8D6B5 ] \Device\Harddisk1\DR1\Partition1 22:44:46.0667 3192 \Device\Harddisk1\DR1\Partition1 - ok 22:44:46.0667 3192 ============================================================ 22:44:46.0667 3192 Scan finished 22:44:46.0667 3192 ============================================================ 22:44:46.0682 3628 Detected object count: 4 22:44:46.0682 3628 Actual detected object count: 4 22:45:19.0255 3628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 22:45:19.0255 3628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:45:19.0271 3628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:45:19.0271 3628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:45:19.0271 3628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:45:19.0271 3628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:45:19.0271 3628 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 22:45:19.0271 3628 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip |
08.05.2013, 21:52 | #14 |
/// Malware-holic | Windows 7 - Befall von System care antivirus Ok, passt. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.05.2013, 22:11 | #15 |
| Windows 7 - Befall von System care antivirus combofix lief ohne zu meckern. hier die log: Combofix Logfile: Code:
ATTFilter ComboFix 13-05-08.02 - MEDION 08.05.2013 23:00:16.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.2283 [GMT 2:00] ausgeführt von:: c:\users\MEDION\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\MEDION\4.0 c:\users\MEDION\AmazonMP3Installer-de_DE.exe c:\users\Public\sdelevURL.tmp c:\windows\security\Database\tmp.edb c:\windows\system32\pt c:\windows\system32\pt\Lagoon.resources.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-08 bis 2013-05-08 )))))))))))))))))))))))))))))) . . 2013-05-08 21:07 . 2013-05-08 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-08 21:05 . 2013-05-08 21:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EDF226A-7731-49B0-B432-BBEC21C30E3D}\offreg.dll 2013-05-08 20:12 . 2013-05-08 20:12 -------- d-----w- C:\_OTL 2013-05-08 19:21 . 2013-05-08 19:21 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-05-08 19:18 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EDF226A-7731-49B0-B432-BBEC21C30E3D}\mpengine.dll 2013-05-07 19:53 . 2013-05-08 19:04 -------- d-----w- c:\programdata\146B3392068476C50000146B1F2B7B59 2013-04-24 14:37 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-16 16:32 . 2011-05-18 06:22 99896 ----a-w- c:\windows\system32\HPSIsvc.exe 2013-04-16 16:32 . 2008-12-22 03:02 117904 ----a-w- c:\windows\system32\Ltimgutl15u.dll 2013-04-16 16:28 . 2012-09-29 11:24 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPM1210PP.dll 2013-04-16 16:27 . 2012-09-29 11:25 1167360 ----a-w- c:\windows\system32\HPM1210SM.exe 2013-04-16 16:27 . 2012-09-29 11:24 167936 ----a-w- c:\windows\system32\HPM1210LM.DLL 2013-04-16 16:27 . 2012-09-29 11:04 284672 ----a-w- c:\windows\system32\mvhlewsi.DLL 2013-04-12 07:15 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-12 07:15 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-12 07:15 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-12 07:15 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-12 07:15 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-12 07:15 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-12 07:15 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-04-12 07:15 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-04-12 07:15 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 00:06 . 2010-01-22 13:33 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-27 18:42 . 2013-03-27 18:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-27 18:42 . 2012-09-11 05:37 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-27 18:42 . 2011-05-03 08:13 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-27 13:28 . 2012-10-03 08:31 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-27 13:28 . 2012-10-03 08:31 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-27 13:28 . 2012-10-03 08:31 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-13 17:10 . 2012-05-02 09:21 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-13 17:10 . 2011-12-03 19:14 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-12 19:30 . 2012-10-03 08:31 92448 ----a-w- c:\windows\system32\drivers\avfwim.sys 2013-02-12 19:30 . 2012-10-03 08:31 113024 ----a-w- c:\windows\system32\drivers\avfwot.sys 2013-02-12 04:48 . 2013-03-13 09:01 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 09:01 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 03:32 . 2013-03-26 07:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-04-12 07:53 . 2013-04-12 07:53 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872] "ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 345312] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTGER32\2PART\uxddrv86.sys [x] S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x] S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x] S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x] S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x] S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x] S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 80862689 *NewlyCreated* - 95995494 *Deregistered* - 80862689 *Deregistered* - 95995494 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Inhalt des "geplante Tasks" Ordners . 2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 17:10] . 2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 09:47] . 2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 09:47] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ur11sf9k.default\ FF - prefs.js: browser.startup.homepage - Google . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-NWEReboot - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-05-08 23:09:30 ComboFix-quarantined-files.txt 2013-05-08 21:09 . Vor Suchlauf: 6 Verzeichnis(se), 894.555.705.344 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 894.229.725.184 Bytes frei . - - End Of File - - BE59A2D5E7BBAF87D69D3DE02A4AD3BD combofix hat alles entfernt, oder? soll ich noch was zur sicherheit laufen lassen? |
Themen zu Windows 7 - Befall von System care antivirus |
abgesicherten, aktivieren, aktuelle, antivirus, avira, befall, desktop, direkt, download, forum, funktioniert, icon, keine verbindung, malware / spyware / system care, meldet, meldung, modus, nichts, problem, rechner, system, system care, verbindung, version, w-lan, windows, windows 7 |