Hallo liebes Forum,

ich habe Eure Seite schon das ein oder andere Mal besucht, und habe dabei immer
eine Lösung für meine kleinen PC Problemchen gefunden (Malware, komische Toolbars).

Dieses mal stehe ich allerdings vor einem für mich nicht lösbaren Problem (was vielleicht
nicht viel heißt, denn im Laufe meiner Anfrage werdet Ihr sicherlich noch feststellen,
daß ich nicht sonderlich viel Ahnung von dem Gerät habe, vor dem ich gerade sitze.).

Seit 4 oder 5 Tagen habe ich das Problem, dass mein Notebook (Samsung/win7) immer
langsamer wird. Nach Anklicken eines Programms dauerte es manchmal wirklich richtig
lange bis es dann doch nochmal reagiert hat. Ein Blick auf den Task Manager verriet,
dass es sich um die dllhost.exe handelte,die mir bis zu 7,5 von zur Verfügung gestellten 8 GB RAM wegzog.

Wie der Ahnungslose vorgeht, ließ ich erstmal den CCleaner drüberlaufen (ohne die Registry
Geschichte, weil ich irgendwo gelesen habe, dass man das besser unterlassen sollte. Ihr
werdet gewiß an der ein oder anderen Stelle mit dem Kopf schütteln, und ich weiß ja auch,
dass das Internet dahingehend manchmal mehr Fluch als Segen ist, vor allem wenn man
keinerlei Ahnung hat, aber ich habe eben im Rahmen meiner Möglichkeiten versucht zu
erforschen, was hier falschläuft.) Anschließend habe ich sowohl Avast als auch Spybot
mal drüberschauen lassen- ohne Ergebnis. Anschließend war der Defraggler an der Reihe.
(Ja, ich weiß Doofmannsvorgehen :-) )
Ich habe nachgesehen, ob ich irgendwelche "Video Codecks" besitze, im Geräte Manager
aber keinerlei Hinweise darauf gefunden.
Desweiteren habe ich mich gestern zum ersten mal getraut, den dllhost Prozess zu
beenden. Hatte keinerlei Auswirkungen auf irgendetwas. Und wie bei dem diversen
anderen Usern, die das Problem auch hatten, konnte auch ich der dllhost.exe beim Arbeits-
speicher "fressen" zusehen. Nach dem ca. dritten mal beenden kam sie
dann tatsächlich aucherstmal nicht wieder.
Ich habe dann den Security TM heruntergeladen, was mich aber nur noch mehr verwirrt hat.
Zum einen konnte ich trotzdem noch nicht zuordnen welche einzelnen Prozesse die dll
vereint, zum anderen hat mich irritiert, dass der Spybot "potentiell gefährlich" ist.

Zum guten Schluss habe ich dann den ESET Online Scanner zur Hilfe gezogen, der auch
mehrere Bedrohungen gefunden hat. (In der system32 Datei, mit der hat er scheinbar
nichts gemacht, und in der sysWOW64 , die er gelöscht und in Quarantäne kopiert hat. Oder
soll ich hier schon das Ergebnis reinkopieren?
ft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\update[1] Mehrere Bedrohungen
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\update[1] Mehrere Bedrohungen Gesäubert durch Löschen - in Quarantäne kopiert )

Aber auch das hat nichts am Gesamtzustand geändert, sie zieht weiterhin fröhlich Arbeits-
speicher. Oder ich bin zu blöd mit dieser Information von ESET das Richtige anzufangen?!

Ich wäre sehr dankbar, wenn irgendjemand von Euch vielleicht irgendeine Idee oder gar
Lösung hat, und dass Ihr meinen Beschreibungen folgen könnt.

Vielen lieben Dank im Voraus und danke für die Geduld beim Lesen.

!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.

Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:

Bitte lesen:
Regeln für die Bereinigung

• Illegal genutzte Software
  Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
• Keine Garantie
  Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
• Keine Alleingänge
  Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
• Aufmerksam lesen und nachfragen
  Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
• Richtig antworten
  • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
  • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss. Denke bitte aber auch daran, dass wir diesen Thread und deine Logfiles nachträglich nicht editieren werden! (siehe LINK)
  • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
    [CODE] (Logfile) [/CODE]
  • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten. (Hier gibt es eine Anleitung)
• Keine privaten Nachrichten
  Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
• Wie läuft die Bereinigung ab?
  Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen

• Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
• Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
• ggf. Neustart zulassen

Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen (z.B. jDownloader).

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
Registry-Cleaner Software, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall (ist unnötig), McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle Varianten, Java 7 kann bleiben), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater,Advanced System Protector, RegClean Pro, Advanced System Optimizer, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro, Webcake, OpenCandy, Zip Opener, WinZipper, Open It!

Ich persönlich empfehle auch alles zu deinstallieren, was mit Bing zu tun hat (Bing Desktop, -toolbar), aber das ist deine Entscheidung.

Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Achtung! Lade dir keinenfalls den ZipOpener herunter.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3:
Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Scan.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo, Guten Abend,
ich habe leider schon jetzt zwei Fragen/Unsicherheiten. Ich habe den McAfee und den Spybot bereits deinstalliert. Beim Spybot kam jedoch eine Fehlermeldung, dass nicht alle Komponenten entfernt werden konnten. Ich vermute, dass es dieser TeaTimer ist, weil der vielleicht unbemerkt im Hintergrund lief ? Dort stand, ich solle es manuell löschen, aber ich finde nichts mehr. (Die exe Datei im Download Ordner habe ich gelöscht, aber wo der TeaTimer sein soll ist mir leider ein Rätsel.)
Der CCleaner fällt unter Registry-Reiniger und muss auch deinstalliert werden, ja?
Was ich aber gar nicht recht durchschaue ist, wie ich ein Amazon Icon entfernen soll ?!
Ich habe den Amazon MP3 Downloader, muss ich den dann ganz löschen ?

Amazon MP3 Downloader steht nicht in meiner Liste oder? Deinstalliere was du kannst und mache dann weiter.

So, fertig.Hier die logs von adwcleaner
[AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.000 - Report created14/08/2013at22:11:18
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sandra - SANDRA-PC
# Running from : C:\Users\Sandra\Desktop\adwcleaner.exe

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKCU\Software\d57dadce63aed10
Key Deleted : HKLM\SOFTWARE\d57dadce63aed10
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Deleted : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - about:blank
Setting Reset : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v23.0 (de)

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
File Deleted : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\3jkwhkri.default\user.js

[ File : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\3jkwhkri.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "fa45b61a00000000000078929c742177");
Line Deleted : user_pref("extensions.delta.instlDay", "15866");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.520:41:14");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121562");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22592976);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10643");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "fa45b61a00000000000078929c742177");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15520");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8xt1oC1i&loc=IB[...]
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6R8xt1oC1i");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92824618786699224");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1414:14:21");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Can't open file !

-\\ Google Chrome v28.0.1500.95

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

[ File : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[OK] No bad entry found.

*************************

AdwCleaner[0].txt - [5960 octets] - [14/08/2013 22:11:18]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [6019 octets] ##########
         

--- --- ---
][AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.000 - Report created14/08/2013at22:20:11
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sandra - SANDRA-PC
# Running from : C:\Users\Sandra\Desktop\adwcleaner.exe

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] No bad entry found.

-\\ Mozilla Firefox v23.0 (de)


[ File : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\3jkwhkri.default\prefs.js ]

[OK] No bad entry found.
Can't open file !

-\\ Google Chrome v28.0.1500.95


[ File : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[OK] No bad entry found.

*************************

AdwCleaner[0].txt - [6114 octets] - [14/08/2013 22:11:18]
AdwCleaner[1].txt - [899 octets] - [14/08/2013 22:20:11]

########## EOF - C:\AdwCleaner\AdwCleaner[1].txt - [957 octets] ##########]
         

--- --- ---
und hier die von FRST
[
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Sandra (administrator) on 14-08-2013 22:38:12
Running from C:\Users\Sandra\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)
HKCU\...\Run: [Facebook Update] - "C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: c:\windows\syswow64\nvinit.dll c:\windows\syswow64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -  No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\3jkwhkri.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sandra\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\

Chrome: 
=======
CHR Extension: (Freemake Video Downloader) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Video Downloader) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-14] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-03-07] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-03-07] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-14 22:32 - 2013-08-14 22:32 - 01575570 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2013-08-14 22:24 - 2013-08-14 22:24 - 00001035 _____ C:\Users\Sandra\Desktop\AdwCleaner[1].txt
2013-08-14 22:17 - 2013-08-14 22:17 - 00001050 _____ C:\windows\PFRO.log
2013-08-14 22:16 - 2013-08-14 22:16 - 00006114 _____ C:\Users\Sandra\Desktop\AdwCleaner[0].txt
2013-08-14 22:10 - 2013-08-14 22:23 - 00000000 ____D C:\AdwCleaner
2013-08-14 21:58 - 2013-08-14 21:59 - 00800594 _____ C:\Users\Sandra\Desktop\adwcleaner.exe
2013-08-14 19:58 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-14 19:58 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-14 19:58 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-14 19:58 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-14 19:58 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-14 19:58 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-14 19:58 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-14 19:58 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-14 19:58 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-14 19:58 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-14 19:58 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-14 19:58 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-14 19:58 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-14 19:58 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-14 19:58 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-14 19:58 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-14 19:58 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-14 19:58 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-14 19:58 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-14 19:58 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 19:57 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-14 19:57 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-14 19:57 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-14 19:57 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-14 19:57 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-14 19:57 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-14 19:57 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-14 19:57 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-14 19:57 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-14 19:57 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-14 19:57 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-14 18:08 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-14 18:08 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-14 18:08 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-14 18:08 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-14 18:08 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-14 18:08 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-14 18:08 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-14 18:08 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-14 18:08 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-14 18:08 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-14 18:07 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-14 18:07 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:07 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-14 18:07 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-14 18:07 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-14 18:07 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-14 18:07 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:07 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:07 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-14 18:07 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-14 18:07 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-14 18:07 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-14 18:07 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-14 18:07 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-14 18:07 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-14 18:07 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-14 18:07 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-13 23:22 - 2013-08-13 23:22 - 00000349 _____ C:\Users\Sandra\Desktop\esetinfo.txt
2013-08-13 22:11 - 2013-08-13 22:11 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-13 20:10 - 2013-08-14 20:55 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-13 20:09 - 2013-08-13 20:09 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 20:07 - 2013-08-13 20:08 - 02094432 _____ C:\Users\Sandra\Downloads\SecurityTaskManager_Setup-1.8d.exe
2013-08-12 21:33 - 2013-08-12 21:33 - 00003288 ____N C:\bootsqm.dat
2013-08-12 20:47 - 2013-08-12 20:47 - 04100432 _____ (Piriform Ltd) C:\Users\Sandra\Downloads\dfsetup215.exe
2013-08-12 16:29 - 2013-08-14 22:17 - 00000616 _____ C:\windows\setupact.log
2013-08-12 16:29 - 2013-08-12 16:29 - 00000000 _____ C:\windows\setuperr.log
2013-08-11 19:54 - 2013-08-11 19:55 - 140473562 _____ C:\Users\Sandra\Desktop\Thirty Seconds To Mars - Hurricane (Explicit Version) (Explicito)!HD,HQ,3D (1).mp4
2013-08-11 19:49 - 2013-08-11 19:50 - 46954782 _____ C:\Users\Sandra\Desktop\Thirty Seconds To Mars - Hurricane (Explicit Version) (Explicito)!HD,HQ,3D.mp4
2013-08-11 19:47 - 2013-08-11 19:47 - 00000000 ____D C:\Users\Sandra\AppData\Local\{420D23BE-37C3-4915-820F-0363624A9BCB}
2013-08-04 23:30 - 2013-08-14 19:52 - 00000000 ____D C:\windows\system32\MRT
2013-07-28 02:57 - 2013-07-28 02:57 - 00000000 ____D C:\Users\Sandra\AppData\Local\{60D63827-970C-44A6-B0ED-65D2A9745465}
2013-07-28 02:54 - 2013-07-28 02:54 - 00003949 _____ C:\Users\Sandra\AppData\Local\recently-used.xbel
2013-07-24 17:50 - 2013-07-24 17:51 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2013-07-24 15:39 - 2013-07-28 03:03 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\SoftGrid Client
2013-07-24 15:39 - 2013-07-25 18:14 - 01527912 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-07-24 15:39 - 2013-07-25 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-24 15:39 - 2013-07-24 15:40 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\TP
2013-07-24 15:39 - 2013-07-24 15:39 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-24 15:39 - 2013-07-24 15:39 - 00000000 ____D C:\Users\Sandra\AppData\Local\SoftGrid Client
2013-07-24 15:39 - 2013-07-24 15:39 - 00000000 ____D C:\Program Files\Microsoft Office

==================== One Month Modified Files and Folders =======

2013-08-14 22:35 - 2013-08-14 22:35 - 00000000 ____D C:\FRST
2013-08-14 22:32 - 2013-08-14 22:32 - 01575570 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2013-08-14 22:26 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 22:26 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 22:24 - 2013-08-14 22:24 - 00001035 _____ C:\Users\Sandra\Desktop\AdwCleaner[1].txt
2013-08-14 22:23 - 2013-08-14 22:10 - 00000000 ____D C:\AdwCleaner
2013-08-14 22:21 - 2012-06-27 21:17 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 22:18 - 2012-06-29 13:42 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-08-14 22:18 - 2012-05-28 15:24 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 22:17 - 2013-08-14 22:17 - 00001050 _____ C:\windows\PFRO.log
2013-08-14 22:17 - 2013-08-12 16:29 - 00000616 _____ C:\windows\setupact.log
2013-08-14 22:17 - 2012-01-10 05:42 - 01924201 _____ C:\windows\WindowsUpdate.log
2013-08-14 22:17 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-14 22:16 - 2013-08-14 22:16 - 00006114 _____ C:\Users\Sandra\Desktop\AdwCleaner[0].txt
2013-08-14 22:10 - 2012-05-28 15:24 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 21:59 - 2013-08-14 21:58 - 00800594 _____ C:\Users\Sandra\Desktop\adwcleaner.exe
2013-08-14 21:41 - 2012-05-19 02:17 - 00000000 ___RD C:\Users\Sandra\Desktop\Tüddelkram
2013-08-14 21:39 - 2013-06-26 19:58 - 00000000 ____D C:\Users\Sandra\Wimmelparadies
2013-08-14 21:08 - 2012-06-22 22:15 - 00000000 ____D C:\Users\Sandra\AppData\Local\PokerStars.EU
2013-08-14 21:08 - 2012-06-22 22:15 - 00000000 ____D C:\Program Files (x86)\PokerStars
2013-08-14 20:55 - 2013-08-13 20:10 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-14 20:52 - 2012-08-07 11:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-14 20:50 - 2012-08-07 11:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-08-14 20:08 - 2012-07-02 20:34 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819639659-4150350305-585420797-1001UA.job
2013-08-14 20:05 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther
2013-08-14 19:56 - 2012-01-10 05:13 - 00654852 _____ C:\windows\system32\perfh007.dat
2013-08-14 19:56 - 2012-01-10 05:13 - 00130434 _____ C:\windows\system32\perfc007.dat
2013-08-14 19:56 - 2009-07-14 07:13 - 01522286 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-14 19:54 - 2013-08-04 23:30 - 00000000 ____D C:\windows\system32\MRT
2013-08-14 19:52 - 2012-06-02 10:14 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-13 23:22 - 2013-08-13 23:22 - 00000349 _____ C:\Users\Sandra\Desktop\esetinfo.txt
2013-08-13 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-08-13 22:11 - 2013-08-13 22:11 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-13 20:09 - 2013-08-13 20:09 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 20:08 - 2013-08-13 20:07 - 02094432 _____ C:\Users\Sandra\Downloads\SecurityTaskManager_Setup-1.8d.exe
2013-08-13 16:04 - 2009-07-14 07:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-08-13 15:58 - 2012-06-27 13:32 - 00007648 _____ C:\Users\Sandra\AppData\Local\Resmon.ResmonCfg
2013-08-13 00:18 - 2012-06-01 21:47 - 00000000 ____D C:\Users\Sandra\AppData\Local\CrashDumps
2013-08-12 23:53 - 2013-06-13 20:26 - 00000000 ____D C:\Program Files\Defraggler
2013-08-12 21:33 - 2013-08-12 21:33 - 00003288 ____N C:\bootsqm.dat
2013-08-12 20:47 - 2013-08-12 20:47 - 04100432 _____ (Piriform Ltd) C:\Users\Sandra\Downloads\dfsetup215.exe
2013-08-12 18:13 - 2013-06-10 20:41 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-08-12 17:08 - 2012-07-02 20:34 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819639659-4150350305-585420797-1001Core.job
2013-08-12 16:29 - 2013-08-12 16:29 - 00000000 _____ C:\windows\setuperr.log
2013-08-11 19:55 - 2013-08-11 19:54 - 140473562 _____ C:\Users\Sandra\Desktop\Thirty Seconds To Mars - Hurricane (Explicit Version) (Explicito)!HD,HQ,3D (1).mp4
2013-08-11 19:50 - 2013-08-11 19:49 - 46954782 _____ C:\Users\Sandra\Desktop\Thirty Seconds To Mars - Hurricane (Explicit Version) (Explicito)!HD,HQ,3D.mp4
2013-08-11 19:47 - 2013-08-11 19:47 - 00000000 ____D C:\Users\Sandra\AppData\Local\{420D23BE-37C3-4915-820F-0363624A9BCB}
2013-08-10 18:28 - 2012-06-27 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-09 17:38 - 2012-07-18 17:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-09 17:37 - 2013-05-24 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-09 17:36 - 2012-07-18 17:22 - 22595960 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe
2013-07-28 03:03 - 2013-07-24 15:39 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\SoftGrid Client
2013-07-28 02:57 - 2013-07-28 02:57 - 00000000 ____D C:\Users\Sandra\AppData\Local\{60D63827-970C-44A6-B0ED-65D2A9745465}
2013-07-28 02:55 - 2012-09-25 18:38 - 00000000 ____D C:\Users\Sandra\.gimp-2.8
2013-07-28 02:54 - 2013-07-28 02:54 - 00003949 _____ C:\Users\Sandra\AppData\Local\recently-used.xbel
2013-07-26 07:13 - 2013-08-14 19:58 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-26 07:13 - 2013-08-14 19:57 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 19:57 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 19:58 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-14 19:57 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 19:57 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 19:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-26 05:35 - 2013-08-14 19:58 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 19:57 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 19:57 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-14 19:58 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 19:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 19:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 19:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-14 19:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 19:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 19:57 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-14 19:57 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 19:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-14 19:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-26 05:11 - 2013-08-14 19:57 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-26 04:49 - 2013-08-14 19:58 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-14 19:58 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-14 19:58 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 18:14 - 2013-07-24 15:39 - 01527912 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-07-25 18:14 - 2013-07-24 15:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-07-25 11:25 - 2013-08-14 18:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 18:07 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-24 17:51 - 2013-07-24 17:50 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2013-07-24 17:21 - 2012-05-19 00:43 - 00063104 _____ C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-24 15:40 - 2013-07-24 15:39 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\TP
2013-07-24 15:39 - 2013-07-24 15:39 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-24 15:39 - 2013-07-24 15:39 - 00000000 ____D C:\Users\Sandra\AppData\Local\SoftGrid Client
2013-07-24 15:39 - 2013-07-24 15:39 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-24 15:39 - 2012-01-09 13:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-24 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-19 03:58 - 2013-08-14 18:08 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-14 18:08 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 23:35

==================== End Of Log ===========================
         

--- --- ---
[Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013 01
Ran by Sandra at 2013-08-14 22:38:42
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


„Windows Live Essentials“ (x32 Version: 15.4.3502.0922)
„Windows Live Mail“ (x32 Version: 15.4.3502.0922)
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513)
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Atheros Client Installation Program (x32 Version: 9.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Build-a-lot (x32 Version: 2.2.0.82)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Cinergy T Stick Black V86.001.1026.2009 (x32 Version: 86.001.1026.2009)
CyberLink Media Suite (x32 Version: 8.0.2227)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00)
CyberLink MediaShow (x32 Version: 5.0.1130a)
CyberLink Power2Go (x32 Version: 6.1.3802)
CyberLink PowerDirector (x32 Version: 8.0.3306)
CyberLink YouCam (x32 Version: 3.1.4417)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Easy File Share (x32 Version: 1.1.1699)
Easy Migration (x32 Version: 1.0)
Easy Settings (x32 Version: 1.1)
Easy Software Manager (x32 Version: 1.1.44.25)
Easy Support Center 1.0 (x32 Version: 1.1.36)
E-POP (x32 Version: 1.0.1)
ESET Online Scanner v3 (x32)
ETDWare PS/2-X64 10.0.7.2_WHQL (Version: 10.0.7.2)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.82)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Freemake Video Downloader (x32 Version: 3.5.1)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (x32 Version: 28.0.1500.95)
Google Drive (x32 Version: 1.11.4865.2530)
Google Update Helper (x32 Version: 1.3.21.153)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel PROSet Wireless (x32)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2266)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.2.1000)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
John Deere Drive Green (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 23.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Multimedia POP (x32 Version: 1.0)
NVIDIA Display Control Panel (Version: 6.14.12.6883)
NVIDIA Graphics Driver 268.83 (Version: 268.83)
NVIDIA Install Application (Version: 2.265.42.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Update Components (Version: 1.0.23)
Peggle (x32 Version: 2.2.0.82)
Penguins! (x32 Version: 2.2.0.82)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Golfer (x32 Version: 2.2.0.82)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
raggler (Version: 2.14)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413)
Samsung Recovery Solution 5 (x32 Version: 5.0.1.5)
Security Task Manager 1.8d (x32 Version: 1.8d)
Skype™ 5.10 (x32 Version: 5.10.116)
Software Launcher (x32 Version: 1.0.2)
TerraTec Home Cinema (x32 Version: 6.15.11)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
User Guide (x32 Version: 1.3)
WildTangent Games (x32 Version: 1.0.1.5)
WildTangent ORB Game Console (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Pošta (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 메일 (x32 Version: 15.4.3502.0922)
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922)
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3538.0513)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points =========================

13-08-2013 12:25:53 Windows Update
14-08-2013 17:51:36 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02F2241B-9E1A-419B-9EF9-FC61A92D19D7} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {136EE037-7746-450F-8891-63D7ACAE80D9} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {1DE11568-80A2-4EDB-AACF-76E68C4CB889} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-819639659-4150350305-585420797-1001UA => C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe No File
Task: {24972CC0-46D8-4B68-951E-42BD1C456935} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28] (Google Inc.)
Task: {26F87A52-F847-41DC-9AEC-DEE6A6B5FF9B} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {3BF27791-57D1-43EE-AED8-AD491DAFEABD} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-03-16] (SAMSUNG ELECTRONICS CO., Ltd.)
Task: {3EFE9D94-1E8D-4319-A9DE-0FE508439A24} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {4039073F-229D-413D-A0D8-CE149334B12E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28] (Google Inc.)
Task: {4F0C8CC6-E900-4E36-A076-2E6B8DF80B6C} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-30] (SAMSUNG Electronics)
Task: {5F42CD84-76D9-4D63-A826-1B1F05498E30} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-819639659-4150350305-585420797-1001Core => C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe No File
Task: {61B146B3-1BDE-4849-B997-CB91B3ABC39B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {8BE37F8A-690E-4BE1-B074-4371BC121A30} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {95371085-ED3B-4DCC-A4D5-A37AA9D60C59} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)
Task: {9928A1E6-EA01-4F45-A01A-B89784842095} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {CA09BC21-F069-421A-A85C-D900B4BE755F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {D3BF8BC0-B274-40CA-9EC2-1AAD4AA46DBD} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {D5C6A7B0-D201-4F5A-A21E-16AF37DD068D} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: {DE9F620B-63E1-4810-A6B3-9D2F03659CA5} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {EAADE241-A28D-4A2B-8988-433CC7E1D66A} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {F8CAAE65-B9BF-4E22-8B97-3918F56A15AF} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819639659-4150350305-585420797-1001Core.job => C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-819639659-4150350305-585420797-1001UA.job => C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2013 10:19:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 08:05:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 06:00:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 08:12:09 PM) (Source: Application Hang) (User: )
Description: Programm taskman.exe, Version 1.8.3.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1498

Startzeit: 01ce98505286a541

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\Security Task Manager\taskman.exe

Berichts-ID: ca6e580a-0443-11e3-8a02-e8039a92e62f

Error: (08/13/2013 07:29:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 05:38:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 04:04:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 04:04:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 02:22:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 00:17:58 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd026
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b8479b
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000000000009e5d
ID des fehlerhaften Prozesses: 0x6a0
Startzeit der fehlerhaften Anwendung: 0xwmpnscfg.exe0
Pfad der fehlerhaften Anwendung: wmpnscfg.exe1
Pfad des fehlerhaften Moduls: wmpnscfg.exe2
Berichtskennung: wmpnscfg.exe3


System errors:
=============
Error: (08/13/2013 05:38:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053

Error: (08/13/2013 05:38:15 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Winmgmt erreicht.

Error: (08/13/2013 04:29:37 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/13/2013 04:06:38 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/13/2013 04:06:38 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/13/2013 04:05:38 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/13/2013 04:04:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/13/2013 04:04:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/13/2013 04:04:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/13/2013 04:04:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (08/14/2013 10:19:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 08:05:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2013 06:00:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 08:12:09 PM) (Source: Application Hang)(User: )
Description: taskman.exe1.8.3.0149801ce98505286a54110C:\Program Files (x86)\Security Task Manager\taskman.execa6e580a-0443-11e3-8a02-e8039a92e62f

Error: (08/13/2013 07:29:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 05:38:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 04:04:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 04:04:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 02:22:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 00:17:58 AM) (Source: Application Error)(User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7601.1801550b8479bc06d007e0000000000009e5d6a001ce97a9bf722951C:\Program Files\Windows Media Player\wmpnscfg.exeC:\windows\system32\KERNELBASE.dll0a768ada-039d-11e3-be76-e8039a92e62f


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 8105.55 MB
Available physical RAM: 2844.76 MB
Total Pagefile: 16209.28 MB
Available Pagefile: 10883.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:364 GB) (Free:300.79 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:544.09 GB) (Free:510.69 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 915FBAC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=364 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=544 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)

==================== End Of Log ============================]]
--- --- ---
]
und Addition
[

das sieht ja eigentlich schon mal gut aus!

Bevor es weiter geht: Besteht das Problem noch?

Hallo,
ja, ich fürchte schon. Wenige Augenblicke nachdem der Rechner hochgefahren ist, ist sie bereits bei 3 GB.
Gestern Abend hatte ich auch plötzlich 2.
Eine dllhost.exe *32 (da weiß ich nicht mehr wieviel KB sie gezogen hat)
und die dllhost.exe, die aber immer so um die 1300 KB blieb. (Ich weiß nicht,
ob das wichtig für Dich ist.)
Meine firefox.exe läuft seit gestern auch mit "*32" (meine jedenfalls, dass das vorher nicht der Fall war ?!)
Jetzt ist sie bei 5,4 angekommen.
Einen ersten lieben Dank.
Sandra

Dann ...

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,
hier der log von Combofix
[Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-08-15.02 - Sandra 15.08.2013  19:52:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8106.453 [GMT 2:00]
ausgeführt von:: c:\users\Sandra\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-15 bis 2013-08-15  ))))))))))))))))))))))))))))))
.
.
2013-08-15 18:09 . 2013-08-15 18:09	0	----a-w-	c:\windows\SysWow64\shoAE0B.tmp
2013-08-15 18:06 . 2013-08-15 18:06	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-08-14 20:35 . 2013-08-14 20:35	--------	d-----w-	C:\FRST
2013-08-14 20:10 . 2013-08-14 20:23	--------	d-----w-	C:\AdwCleaner
2013-08-14 17:57 . 2013-07-26 03:12	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-08-14 16:08 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-08-14 16:08 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-14 16:08 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-08-14 16:08 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-14 16:08 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-14 16:08 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-14 16:08 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-14 16:08 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-14 16:08 . 2013-07-19 01:58	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-14 16:08 . 2013-07-19 01:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-08-13 20:11 . 2013-08-13 20:11	--------	d-----w-	c:\program files (x86)\ESET
2013-08-13 18:10 . 2013-08-15 16:45	--------	d-----w-	c:\programdata\SecTaskMan
2013-08-13 18:09 . 2013-08-13 18:09	--------	d-----w-	c:\program files (x86)\Security Task Manager
2013-08-13 12:26 . 2013-07-02 08:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE126363-46EA-4B83-ADFD-498855DB5B11}\mpengine.dll
2013-08-09 15:38 . 2013-07-30 22:48	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-04 21:30 . 2013-08-14 17:54	--------	d-----w-	c:\windows\system32\MRT
2013-07-24 15:50 . 2013-07-24 15:51	--------	d-----w-	c:\programdata\VirtualizedApplications
2013-07-24 13:39 . 2013-07-28 01:03	--------	d-----w-	c:\users\Sandra\AppData\Roaming\SoftGrid Client
2013-07-24 13:39 . 2013-07-24 13:39	--------	d-----w-	c:\users\Sandra\AppData\Local\SoftGrid Client
2013-07-24 13:39 . 2013-07-25 16:14	--------	d-----w-	c:\program files (x86)\Microsoft Application Virtualization Client
2013-07-24 13:39 . 2013-07-24 13:39	--------	d-----w-	c:\program files\Microsoft Office
2013-07-24 13:39 . 2013-07-24 13:40	--------	d-----w-	c:\users\Sandra\AppData\Roaming\TP
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 17:52 . 2012-06-02 08:14	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-13 20:05 . 2012-06-27 19:17	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 20:05 . 2012-06-27 19:17	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 16:07	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-06-27 20:53 . 2013-03-04 17:09	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 20:53 . 2012-06-29 11:42	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-27 20:53 . 2012-06-29 11:42	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-27 16:59 . 2013-06-27 16:59	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-27 16:59 . 2013-06-27 16:59	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-27 16:59 . 2013-06-27 16:59	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-13 11:46 . 2013-06-13 11:46	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-13 11:46 . 2013-06-13 11:46	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-13 11:46 . 2013-06-13 11:46	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-06-13 11:46 . 2013-06-13 11:46	311200	----a-w-	c:\windows\system32\javaws.exe
2013-06-13 11:46 . 2013-06-13 11:46	188832	----a-w-	c:\windows\system32\javaw.exe
2013-06-13 11:46 . 2013-06-13 11:46	188320	----a-w-	c:\windows\system32\java.exe
2013-06-05 03:34 . 2013-07-10 16:23	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 16:25	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 16:25	509440	----a-w-	c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
E-POP.lnk - c:\program files (x86)\Samsung\E-POP\E-POP.exe [2012-5-19 1786248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;Cinergy T Stick Black HID service;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;Cinergy T Stick Black BDA service;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;Cinergy T Stick Black USB service;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 20:10	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 20:05]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 13:24]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 13:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\3jkwhkri.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Facebook Update - c:\users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Easy Settings\dmhkcore.exe
c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-15  20:17:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-15 18:17
.
Vor Suchlauf: 9 Verzeichnis(se), 322.533.781.504 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 322.788.839.424 Bytes frei
.
- - End Of File - - D33B8851568FA2275CCBCDEF2DE7295F
         

--- --- ---
D41D8CD98F00B204E9800998ECF8427E]
[/CODE]
Kann/Soll ich den Win Defender und Avast schon wieder aktivieren oder soll ich erstmal
meine Pfoten von allem weglassen ?
Falls Du fragst:dllhost.exe weiterhin fleißig am Ram saugen.

Windefender bleibt grundsätzlich aus.

Windows-Defender abschalten

Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:

• Gehe in die Systemsteuerung und klicke auf Windows Defender.
• Klicke Extras > Optionen.
• Administratoroptionen > Haken entfernen bei Windows Defender verwenden.
• Bestätige und schliesse alle offenen Fenster.

Mehr zu den Hintergründen und einer tieferen Deaktivierung: LINK

Ich sehe hier aber nichts, was so einen Prozess erzeugen könnte. Wir können nochmal suchen:
Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Avast ausgeschaltet lassen ?

Steht nicht in der Anleitung => spielt keine Rolle.

Ok, war unsicher.Hier das Ergebnis vom TDSS.

Code: Alles auswählenAufklappen

ATTFilter

[21:20:24.0946 1796  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:20:25.0305 1796  ============================================================
21:20:25.0305 1796  Current date / time: 2013/08/15 21:20:25.0305
21:20:25.0305 1796  SystemInfo:
21:20:25.0305 1796  
21:20:25.0305 1796  OS Version: 6.1.7601 ServicePack: 1.0
21:20:25.0305 1796  Product type: Workstation
21:20:25.0305 1796  ComputerName: SANDRA-PC
21:20:25.0305 1796  UserName: Sandra
21:20:25.0305 1796  Windows directory: C:\windows
21:20:25.0305 1796  System windows directory: C:\windows
21:20:25.0305 1796  Running under WOW64
21:20:25.0305 1796  Processor architecture: Intel x64
21:20:25.0305 1796  Number of processors: 4
21:20:25.0305 1796  Page size: 0x1000
21:20:25.0305 1796  Boot type: Normal boot
21:20:25.0305 1796  ============================================================
21:20:26.0038 1796  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:26.0132 1796  ============================================================
21:20:26.0132 1796  \Device\Harddisk0\DR0:
21:20:26.0132 1796  MBR partitions:
21:20:26.0132 1796  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:20:26.0132 1796  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2D800000
21:20:26.0148 1796  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2D833000, BlocksNum 0x44030800
21:20:26.0148 1796  ============================================================
21:20:26.0194 1796  C: <-> \Device\Harddisk0\DR0\Partition2
21:20:26.0272 1796  D: <-> \Device\Harddisk0\DR0\Partition3
21:20:26.0288 1796  ============================================================
21:20:26.0288 1796  Initialize success
21:20:26.0288 1796  ============================================================
21:20:42.0918 2500  ============================================================
21:20:42.0918 2500  Scan started
21:20:42.0918 2500  Mode: Manual; SigCheck; TDLFS; 
21:20:42.0918 2500  ============================================================
21:20:43.0167 2500  ================ Scan system memory ========================
21:20:43.0167 2500  System memory - ok
21:20:43.0167 2500  ================ Scan services =============================
21:20:43.0370 2500  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
21:20:43.0620 2500  1394ohci - ok
21:20:43.0666 2500  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
21:20:43.0713 2500  ACPI - ok
21:20:43.0744 2500  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
21:20:43.0838 2500  AcpiPmi - ok
21:20:43.0932 2500  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:20:43.0947 2500  AdobeARMservice - ok
21:20:44.0072 2500  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:20:44.0088 2500  AdobeFlashPlayerUpdateSvc - ok
21:20:44.0134 2500  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
21:20:44.0150 2500  adp94xx - ok
21:20:44.0181 2500  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
21:20:44.0197 2500  adpahci - ok
21:20:44.0212 2500  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
21:20:44.0228 2500  adpu320 - ok
21:20:44.0259 2500  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
21:20:44.0400 2500  AeLookupSvc - ok
21:20:44.0478 2500  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
21:20:44.0540 2500  AFD - ok
21:20:44.0587 2500  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
21:20:44.0602 2500  agp440 - ok
21:20:44.0634 2500  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
21:20:44.0696 2500  ALG - ok
21:20:44.0727 2500  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
21:20:44.0743 2500  aliide - ok
21:20:44.0758 2500  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
21:20:44.0758 2500  amdide - ok
21:20:44.0790 2500  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
21:20:44.0836 2500  AmdK8 - ok
21:20:44.0852 2500  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
21:20:44.0883 2500  AmdPPM - ok
21:20:44.0930 2500  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
21:20:44.0946 2500  amdsata - ok
21:20:44.0977 2500  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
21:20:44.0992 2500  amdsbs - ok
21:20:45.0008 2500  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
21:20:45.0008 2500  amdxata - ok
21:20:45.0055 2500  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
21:20:45.0180 2500  AppID - ok
21:20:45.0195 2500  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
21:20:45.0258 2500  AppIDSvc - ok
21:20:45.0304 2500  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
21:20:45.0351 2500  Appinfo - ok
21:20:45.0429 2500  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
21:20:45.0429 2500  arc - ok
21:20:45.0445 2500  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
21:20:45.0460 2500  arcsas - ok
21:20:45.0492 2500  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
21:20:45.0538 2500  aswFsBlk - ok
21:20:45.0601 2500  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
21:20:45.0601 2500  aswMonFlt - ok
21:20:45.0648 2500  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
21:20:45.0648 2500  aswRdr - ok
21:20:45.0694 2500  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
21:20:45.0694 2500  aswRvrt - ok
21:20:45.0726 2500  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
21:20:45.0772 2500  aswSnx - ok
21:20:45.0819 2500  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\windows\system32\drivers\aswSP.sys
21:20:45.0835 2500  aswSP - ok
21:20:45.0882 2500  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
21:20:45.0882 2500  aswTdi - ok
21:20:45.0944 2500  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
21:20:45.0960 2500  aswVmm - ok
21:20:45.0991 2500  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
21:20:46.0038 2500  AsyncMac - ok
21:20:46.0069 2500  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
21:20:46.0069 2500  atapi - ok
21:20:46.0131 2500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:20:46.0272 2500  AudioEndpointBuilder - ok
21:20:46.0287 2500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
21:20:46.0318 2500  AudioSrv - ok
21:20:46.0396 2500  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:20:46.0412 2500  avast! Antivirus - ok
21:20:46.0490 2500  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
21:20:46.0552 2500  AxInstSV - ok
21:20:46.0599 2500  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
21:20:46.0646 2500  b06bdrv - ok
21:20:46.0677 2500  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
21:20:46.0740 2500  b57nd60a - ok
21:20:46.0786 2500  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
21:20:46.0833 2500  BDESVC - ok
21:20:46.0849 2500  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
21:20:46.0911 2500  Beep - ok
21:20:46.0974 2500  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
21:20:47.0036 2500  BFE - ok
21:20:47.0083 2500  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
21:20:47.0161 2500  BITS - ok
21:20:47.0176 2500  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
21:20:47.0208 2500  blbdrive - ok
21:20:47.0254 2500  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
21:20:47.0286 2500  bowser - ok
21:20:47.0317 2500  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
21:20:47.0348 2500  BrFiltLo - ok
21:20:47.0364 2500  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
21:20:47.0379 2500  BrFiltUp - ok
21:20:47.0426 2500  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
21:20:47.0488 2500  BridgeMP - ok
21:20:47.0535 2500  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
21:20:47.0598 2500  Browser - ok
21:20:47.0629 2500  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
21:20:47.0691 2500  Brserid - ok
21:20:47.0722 2500  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
21:20:47.0738 2500  BrSerWdm - ok
21:20:47.0754 2500  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
21:20:47.0785 2500  BrUsbMdm - ok
21:20:47.0800 2500  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
21:20:47.0832 2500  BrUsbSer - ok
21:20:47.0863 2500  [ 9D95F74875491CECBF9E10A5936A570E ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
21:20:47.0925 2500  BtFilter ( UnsignedFile.Multi.Generic ) - warning
21:20:47.0925 2500  BtFilter - detected UnsignedFile.Multi.Generic (1)
21:20:47.0972 2500  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
21:20:48.0019 2500  BthEnum - ok
21:20:48.0034 2500  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
21:20:48.0081 2500  BTHMODEM - ok
21:20:48.0112 2500  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
21:20:48.0144 2500  BthPan - ok
21:20:48.0175 2500  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
21:20:48.0237 2500  BTHPORT - ok
21:20:48.0284 2500  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
21:20:48.0315 2500  bthserv - ok
21:20:48.0346 2500  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
21:20:48.0362 2500  BTHUSB - ok
21:20:48.0409 2500  catchme - ok
21:20:48.0440 2500  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
21:20:48.0502 2500  cdfs - ok
21:20:48.0534 2500  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
21:20:48.0549 2500  cdrom - ok
21:20:48.0580 2500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
21:20:48.0643 2500  CertPropSvc - ok
21:20:48.0674 2500  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
21:20:48.0705 2500  circlass - ok
21:20:48.0721 2500  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
21:20:48.0736 2500  CLFS - ok
21:20:48.0799 2500  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:48.0799 2500  clr_optimization_v2.0.50727_32 - ok
21:20:48.0877 2500  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:20:48.0892 2500  clr_optimization_v2.0.50727_64 - ok
21:20:48.0970 2500  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:20:48.0986 2500  clr_optimization_v4.0.30319_32 - ok
21:20:49.0017 2500  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:20:49.0033 2500  clr_optimization_v4.0.30319_64 - ok
21:20:49.0080 2500  [ E13A438F9E51DD034730678E33B73290 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
21:20:49.0080 2500  clwvd - ok
21:20:49.0111 2500  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
21:20:49.0142 2500  CmBatt - ok
21:20:49.0173 2500  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
21:20:49.0173 2500  cmdide - ok
21:20:49.0204 2500  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
21:20:49.0251 2500  CNG - ok
21:20:49.0282 2500  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
21:20:49.0298 2500  Compbatt - ok
21:20:49.0329 2500  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
21:20:49.0376 2500  CompositeBus - ok
21:20:49.0392 2500  COMSysApp - ok
21:20:49.0407 2500  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
21:20:49.0423 2500  crcdisk - ok
21:20:49.0470 2500  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\windows\system32\cryptsvc.dll
21:20:49.0501 2500  CryptSvc - ok
21:20:49.0610 2500  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:20:49.0657 2500  cvhsvc - ok
21:20:49.0688 2500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
21:20:49.0750 2500  DcomLaunch - ok
21:20:49.0797 2500  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
21:20:49.0844 2500  defragsvc - ok
21:20:49.0875 2500  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
21:20:49.0922 2500  DfsC - ok
21:20:49.0953 2500  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
21:20:49.0984 2500  Dhcp - ok
21:20:50.0016 2500  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
21:20:50.0062 2500  discache - ok
21:20:50.0094 2500  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
21:20:50.0125 2500  Disk - ok
21:20:50.0156 2500  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
21:20:50.0203 2500  Dnscache - ok
21:20:50.0234 2500  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
21:20:50.0296 2500  dot3svc - ok
21:20:50.0312 2500  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
21:20:50.0374 2500  DPS - ok
21:20:50.0406 2500  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
21:20:50.0437 2500  drmkaud - ok
21:20:50.0484 2500  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
21:20:50.0515 2500  DXGKrnl - ok
21:20:50.0546 2500  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
21:20:50.0593 2500  EapHost - ok
21:20:50.0686 2500  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
21:20:50.0780 2500  ebdrv - ok
21:20:50.0811 2500  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
21:20:50.0842 2500  EFS - ok
21:20:50.0905 2500  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
21:20:50.0967 2500  ehRecvr - ok
21:20:50.0983 2500  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
21:20:51.0045 2500  ehSched - ok
21:20:51.0108 2500  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
21:20:51.0123 2500  elxstor - ok
21:20:51.0154 2500  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
21:20:51.0170 2500  ErrDev - ok
21:20:51.0232 2500  [ 98B103D1D5C426A10219437E36E03FE8 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
21:20:51.0232 2500  ETD - ok
21:20:51.0279 2500  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
21:20:51.0342 2500  EventSystem - ok
21:20:51.0357 2500  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
21:20:51.0404 2500  exfat - ok
21:20:51.0420 2500  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
21:20:51.0466 2500  fastfat - ok
21:20:51.0482 2500  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
21:20:51.0544 2500  Fax - ok
21:20:51.0576 2500  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
21:20:51.0591 2500  fdc - ok
21:20:51.0638 2500  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
21:20:51.0700 2500  fdPHost - ok
21:20:51.0716 2500  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
21:20:51.0763 2500  FDResPub - ok
21:20:51.0778 2500  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
21:20:51.0810 2500  FileInfo - ok
21:20:51.0825 2500  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
21:20:51.0888 2500  Filetrace - ok
21:20:51.0903 2500  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
21:20:51.0919 2500  flpydisk - ok
21:20:51.0934 2500  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
21:20:51.0950 2500  FltMgr - ok
21:20:51.0997 2500  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
21:20:52.0044 2500  FontCache - ok
21:20:52.0090 2500  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:20:52.0106 2500  FontCache3.0.0.0 - ok
21:20:52.0215 2500  [ 983C472BBC167AC028988446E63298CE ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
21:20:52.0231 2500  Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
21:20:52.0231 2500  Freemake Improver - detected UnsignedFile.Multi.Generic (1)
21:20:52.0309 2500  [ 46532E80E18BB25D3B568DA10A160653 ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
21:20:52.0324 2500  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
21:20:52.0324 2500  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
21:20:52.0340 2500  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
21:20:52.0356 2500  FsDepends - ok
21:20:52.0387 2500  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
21:20:52.0387 2500  Fs_Rec - ok
21:20:52.0434 2500  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
21:20:52.0449 2500  fvevol - ok
21:20:52.0496 2500  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
21:20:52.0496 2500  gagp30kx - ok
21:20:52.0543 2500  [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
21:20:52.0558 2500  GameConsoleService - ok
21:20:52.0605 2500  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
21:20:52.0652 2500  gpsvc - ok
21:20:52.0730 2500  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:20:52.0730 2500  gupdate - ok
21:20:52.0746 2500  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:20:52.0746 2500  gupdatem - ok
21:20:52.0777 2500  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
21:20:52.0808 2500  hcw85cir - ok
21:20:52.0839 2500  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:20:52.0870 2500  HdAudAddService - ok
21:20:52.0902 2500  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
21:20:52.0933 2500  HDAudBus - ok
21:20:52.0964 2500  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
21:20:52.0980 2500  HidBatt - ok
21:20:52.0995 2500  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
21:20:53.0042 2500  HidBth - ok
21:20:53.0058 2500  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
21:20:53.0073 2500  HidIr - ok
21:20:53.0104 2500  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
21:20:53.0151 2500  hidserv - ok
21:20:53.0198 2500  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
21:20:53.0214 2500  HidUsb - ok
21:20:53.0229 2500  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
21:20:53.0276 2500  hkmsvc - ok
21:20:53.0292 2500  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:20:53.0338 2500  HomeGroupListener - ok
21:20:53.0370 2500  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:20:53.0416 2500  HomeGroupProvider - ok
21:20:53.0432 2500  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
21:20:53.0463 2500  HpSAMD - ok
21:20:53.0494 2500  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
21:20:53.0557 2500  HTTP - ok
21:20:53.0572 2500  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
21:20:53.0588 2500  hwpolicy - ok
21:20:53.0604 2500  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
21:20:53.0619 2500  i8042prt - ok
21:20:53.0650 2500  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
21:20:53.0666 2500  iaStor - ok
21:20:53.0728 2500  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
21:20:53.0744 2500  iaStorV - ok
21:20:53.0791 2500  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:20:53.0822 2500  idsvc - ok
21:20:54.0087 2500  [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
21:20:54.0477 2500  igfx - ok
21:20:54.0508 2500  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
21:20:54.0524 2500  iirsp - ok
21:20:54.0571 2500  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
21:20:54.0633 2500  IKEEXT - ok
21:20:54.0727 2500  [ 8E05ADB4B809B478B2EC65A1A1633DEB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
21:20:54.0805 2500  IntcAzAudAddService - ok
21:20:54.0852 2500  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
21:20:54.0898 2500  IntcDAud - ok
21:20:54.0914 2500  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
21:20:54.0930 2500  intelide - ok
21:20:54.0961 2500  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
21:20:54.0992 2500  intelppm - ok
21:20:55.0039 2500  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
21:20:55.0086 2500  IPBusEnum - ok
21:20:55.0101 2500  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
21:20:55.0148 2500  IpFilterDriver - ok
21:20:55.0179 2500  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
21:20:55.0210 2500  iphlpsvc - ok
21:20:55.0226 2500  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
21:20:55.0257 2500  IPMIDRV - ok
21:20:55.0288 2500  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
21:20:55.0335 2500  IPNAT - ok
21:20:55.0366 2500  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
21:20:55.0398 2500  IRENUM - ok
21:20:55.0429 2500  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
21:20:55.0429 2500  isapnp - ok
21:20:55.0460 2500  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
21:20:55.0476 2500  iScsiPrt - ok
21:20:55.0507 2500  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
21:20:55.0522 2500  kbdclass - ok
21:20:55.0554 2500  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
21:20:55.0569 2500  kbdhid - ok
21:20:55.0585 2500  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
21:20:55.0600 2500  KeyIso - ok
21:20:55.0632 2500  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
21:20:55.0647 2500  KSecDD - ok
21:20:55.0678 2500  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
21:20:55.0694 2500  KSecPkg - ok
21:20:55.0710 2500  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
21:20:55.0756 2500  ksthunk - ok
21:20:55.0788 2500  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
21:20:55.0850 2500  KtmRm - ok
21:20:55.0912 2500  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
21:20:55.0959 2500  LanmanServer - ok
21:20:55.0990 2500  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:20:56.0037 2500  LanmanWorkstation - ok
21:20:56.0084 2500  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
21:20:56.0115 2500  lltdio - ok
21:20:56.0146 2500  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
21:20:56.0209 2500  lltdsvc - ok
21:20:56.0224 2500  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
21:20:56.0287 2500  lmhosts - ok
21:20:56.0365 2500  [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:20:56.0380 2500  LMS - ok
21:20:56.0412 2500  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
21:20:56.0427 2500  LSI_FC - ok
21:20:56.0474 2500  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
21:20:56.0505 2500  LSI_SAS - ok
21:20:56.0521 2500  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
21:20:56.0536 2500  LSI_SAS2 - ok
21:20:56.0552 2500  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
21:20:56.0568 2500  LSI_SCSI - ok
21:20:56.0630 2500  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
21:20:56.0677 2500  luafv - ok
21:20:56.0692 2500  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
21:20:56.0739 2500  Mcx2Svc - ok
21:20:56.0802 2500  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
21:20:56.0802 2500  megasas - ok
21:20:56.0833 2500  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
21:20:56.0848 2500  MegaSR - ok
21:20:56.0895 2500  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
21:20:56.0911 2500  MEIx64 - ok
21:20:56.0926 2500  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
21:20:56.0989 2500  MMCSS - ok
21:20:57.0004 2500  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
21:20:57.0051 2500  Modem - ok
21:20:57.0082 2500  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
21:20:57.0114 2500  monitor - ok
21:20:57.0145 2500  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
21:20:57.0160 2500  mouclass - ok
21:20:57.0192 2500  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
21:20:57.0207 2500  mouhid - ok
21:20:57.0223 2500  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
21:20:57.0238 2500  mountmgr - ok
21:20:57.0316 2500  [ E6DB6C61739E18906DC2C4191F6EDEA2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:20:57.0316 2500  MozillaMaintenance - ok
21:20:57.0348 2500  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
21:20:57.0363 2500  mpio - ok
21:20:57.0379 2500  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
21:20:57.0426 2500  mpsdrv - ok
21:20:57.0472 2500  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
21:20:57.0535 2500  MpsSvc - ok
21:20:57.0566 2500  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
21:20:57.0597 2500  MRxDAV - ok
21:20:57.0613 2500  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
21:20:57.0660 2500  mrxsmb - ok
21:20:57.0675 2500  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
21:20:57.0691 2500  mrxsmb10 - ok
21:20:57.0722 2500  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
21:20:57.0722 2500  mrxsmb20 - ok
21:20:57.0753 2500  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
21:20:57.0769 2500  msahci - ok
21:20:57.0784 2500  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
21:20:57.0800 2500  msdsm - ok
21:20:57.0816 2500  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
21:20:57.0847 2500  MSDTC - ok
21:20:57.0878 2500  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
21:20:57.0909 2500  Msfs - ok
21:20:57.0940 2500  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
21:20:57.0987 2500  mshidkmdf - ok
21:20:57.0987 2500  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
21:20:58.0003 2500  msisadrv - ok
21:20:58.0034 2500  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
21:20:58.0081 2500  MSiSCSI - ok
21:20:58.0081 2500  msiserver - ok
21:20:58.0112 2500  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
21:20:58.0143 2500  MSKSSRV - ok
21:20:58.0174 2500  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
21:20:58.0206 2500  MSPCLOCK - ok
21:20:58.0221 2500  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
21:20:58.0284 2500  MSPQM - ok
21:20:58.0299 2500  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
21:20:58.0315 2500  MsRPC - ok
21:20:58.0346 2500  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
21:20:58.0362 2500  mssmbios - ok
21:20:58.0377 2500  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
21:20:58.0424 2500  MSTEE - ok
21:20:58.0440 2500  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
21:20:58.0486 2500  MTConfig - ok
21:20:58.0518 2500  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
21:20:58.0518 2500  Mup - ok
21:20:58.0564 2500  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
21:20:58.0611 2500  napagent - ok
21:20:58.0674 2500  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
21:20:58.0705 2500  NativeWifiP - ok
21:20:58.0752 2500  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
21:20:58.0783 2500  NDIS - ok
21:20:58.0830 2500  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
21:20:58.0876 2500  NdisCap - ok
21:20:58.0908 2500  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
21:20:58.0939 2500  NdisTapi - ok
21:20:58.0954 2500  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
21:20:59.0001 2500  Ndisuio - ok
21:20:59.0032 2500  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
21:20:59.0079 2500  NdisWan - ok
21:20:59.0095 2500  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
21:20:59.0126 2500  NDProxy - ok
21:20:59.0157 2500  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
21:20:59.0220 2500  NetBIOS - ok
21:20:59.0235 2500  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
21:20:59.0298 2500  NetBT - ok
21:20:59.0313 2500  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
21:20:59.0329 2500  Netlogon - ok
21:20:59.0360 2500  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
21:20:59.0422 2500  Netman - ok
21:20:59.0422 2500  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
21:20:59.0485 2500  netprofm - ok
21:20:59.0516 2500  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:59.0532 2500  NetTcpPortSharing - ok
21:20:59.0719 2500  [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
21:20:59.0953 2500  NETwNs64 - ok
21:20:59.0984 2500  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
21:21:00.0000 2500  nfrd960 - ok
21:21:00.0046 2500  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
21:21:00.0078 2500  NlaSvc - ok
21:21:00.0093 2500  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
21:21:00.0124 2500  Npfs - ok
21:21:00.0140 2500  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
21:21:00.0202 2500  nsi - ok
21:21:00.0218 2500  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
21:21:00.0280 2500  nsiproxy - ok
21:21:00.0561 2500  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
21:21:00.0608 2500  Ntfs - ok
21:21:00.0655 2500  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
21:21:00.0686 2500  Null - ok
21:21:00.0998 2500  [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
21:21:01.0419 2500  nvlddmkm - ok
21:21:01.0435 2500  [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
21:21:01.0450 2500  nvpciflt - ok
21:21:01.0466 2500  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
21:21:01.0482 2500  nvraid - ok
21:21:01.0513 2500  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
21:21:01.0528 2500  nvstor - ok
21:21:01.0560 2500  [ E04FCE1D149CF05C3449E3171F9C3E41 ] NVSvc           C:\windows\system32\nvvsvc.exe
21:21:01.0591 2500  NVSvc - ok
21:21:01.0653 2500  [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:21:01.0731 2500  nvUpdatusService - ok
21:21:01.0762 2500  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
21:21:01.0778 2500  nv_agp - ok
21:21:01.0809 2500  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
21:21:01.0825 2500  ohci1394 - ok
21:21:01.0872 2500  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:01.0887 2500  ose - ok
21:21:02.0059 2500  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:02.0215 2500  osppsvc - ok
21:21:02.0246 2500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
21:21:02.0293 2500  p2pimsvc - ok
21:21:02.0324 2500  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
21:21:02.0340 2500  p2psvc - ok
21:21:02.0386 2500  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
21:21:02.0433 2500  Parport - ok
21:21:02.0464 2500  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
21:21:02.0464 2500  partmgr - ok
21:21:02.0496 2500  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
21:21:02.0527 2500  PcaSvc - ok
21:21:02.0558 2500  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
21:21:02.0558 2500  pci - ok
21:21:02.0574 2500  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
21:21:02.0589 2500  pciide - ok
21:21:02.0620 2500  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
21:21:02.0636 2500  pcmcia - ok
21:21:02.0636 2500  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
21:21:02.0652 2500  pcw - ok
21:21:02.0667 2500  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
21:21:02.0730 2500  PEAUTH - ok
21:21:02.0792 2500  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
21:21:02.0808 2500  PerfHost - ok
21:21:02.0870 2500  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
21:21:02.0948 2500  pla - ok
21:21:02.0979 2500  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
21:21:03.0026 2500  PlugPlay - ok
21:21:03.0057 2500  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
21:21:03.0088 2500  PNRPAutoReg - ok
21:21:03.0104 2500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
21:21:03.0120 2500  PNRPsvc - ok
21:21:03.0151 2500  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
21:21:03.0213 2500  PolicyAgent - ok
21:21:03.0244 2500  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
21:21:03.0307 2500  Power - ok
21:21:03.0338 2500  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
21:21:03.0369 2500  PptpMiniport - ok
21:21:03.0400 2500  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
21:21:03.0432 2500  Processor - ok
21:21:03.0447 2500  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
21:21:03.0494 2500  ProfSvc - ok
21:21:03.0510 2500  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
21:21:03.0525 2500  ProtectedStorage - ok
21:21:03.0556 2500  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
21:21:03.0603 2500  Psched - ok
21:21:03.0650 2500  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
21:21:03.0681 2500  ql2300 - ok
21:21:03.0697 2500  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
21:21:03.0712 2500  ql40xx - ok
21:21:03.0744 2500  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
21:21:03.0775 2500  QWAVE - ok
21:21:03.0790 2500  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
21:21:03.0822 2500  QWAVEdrv - ok
21:21:03.0837 2500  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
21:21:03.0884 2500  RasAcd - ok
21:21:03.0915 2500  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
21:21:03.0978 2500  RasAgileVpn - ok
21:21:03.0978 2500  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
21:21:04.0040 2500  RasAuto - ok
21:21:04.0056 2500  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
21:21:04.0087 2500  Rasl2tp - ok
21:21:04.0118 2500  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
21:21:04.0165 2500  RasMan - ok
21:21:04.0180 2500  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
21:21:04.0227 2500  RasPppoe - ok
21:21:04.0258 2500  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
21:21:04.0305 2500  RasSstp - ok
21:21:04.0336 2500  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
21:21:04.0383 2500  rdbss - ok
21:21:04.0399 2500  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
21:21:04.0414 2500  rdpbus - ok
21:21:04.0430 2500  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
21:21:04.0477 2500  RDPCDD - ok
21:21:04.0508 2500  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
21:21:04.0555 2500  RDPENCDD - ok
21:21:04.0570 2500  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
21:21:04.0617 2500  RDPREFMP - ok
21:21:04.0680 2500  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
21:21:04.0711 2500  RdpVideoMiniport - ok
21:21:04.0742 2500  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
21:21:04.0773 2500  RDPWD - ok
21:21:04.0804 2500  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
21:21:04.0820 2500  rdyboost - ok
21:21:04.0851 2500  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
21:21:04.0898 2500  RemoteAccess - ok
21:21:04.0929 2500  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
21:21:04.0992 2500  RemoteRegistry - ok
21:21:05.0023 2500  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
21:21:05.0054 2500  RFCOMM - ok
21:21:05.0132 2500  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:21:05.0179 2500  RichVideo ( UnsignedFile.Multi.Generic ) - warning
21:21:05.0179 2500  RichVideo - detected UnsignedFile.Multi.Generic (1)
21:21:05.0226 2500  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
21:21:05.0288 2500  RpcEptMapper - ok
21:21:05.0319 2500  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
21:21:05.0335 2500  RpcLocator - ok
21:21:05.0366 2500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
21:21:05.0397 2500  RpcSs - ok
21:21:05.0428 2500  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
21:21:05.0491 2500  rspndr - ok
21:21:05.0522 2500  [ 24C2CA3C4F4C681952C33C4716B68853 ] RTL2832UBDA     C:\windows\system32\drivers\RTL2832UBDA.sys
21:21:05.0538 2500  RTL2832UBDA - ok
21:21:05.0569 2500  [ AFB6E8EE9821F4F917B22B9D22B1EBDF ] RTL2832UUSB     C:\windows\system32\Drivers\RTL2832UUSB.sys
21:21:05.0569 2500  RTL2832UUSB - ok
21:21:05.0616 2500  [ 2F49D7EF09789976C9DBCBD87719DE32 ] RTL2832U_IRHID  C:\windows\system32\DRIVERS\RTL2832U_IRHID.sys
21:21:05.0616 2500  RTL2832U_IRHID - ok
21:21:05.0662 2500  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
21:21:05.0678 2500  RTL8167 - ok
21:21:05.0756 2500  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
21:21:05.0756 2500  rtport - ok
21:21:05.0787 2500  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\windows\system32\Drivers\SABI.sys
21:21:05.0834 2500  SABI - ok
21:21:05.0850 2500  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
21:21:05.0865 2500  SamSs - ok
21:21:05.0896 2500  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
21:21:05.0912 2500  sbp2port - ok
21:21:05.0928 2500  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
21:21:05.0990 2500  SCardSvr - ok
21:21:06.0006 2500  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
21:21:06.0068 2500  scfilter - ok
21:21:06.0099 2500  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
21:21:06.0162 2500  Schedule - ok
21:21:06.0193 2500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
21:21:06.0224 2500  SCPolicySvc - ok
21:21:06.0255 2500  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
21:21:06.0318 2500  SDRSVC - ok
21:21:06.0349 2500  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
21:21:06.0411 2500  secdrv - ok
21:21:06.0411 2500  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
21:21:06.0489 2500  seclogon - ok
21:21:06.0505 2500  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
21:21:06.0552 2500  SENS - ok
21:21:06.0583 2500  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
21:21:06.0630 2500  SensrSvc - ok
21:21:06.0661 2500  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
21:21:06.0676 2500  Serenum - ok
21:21:06.0708 2500  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
21:21:06.0739 2500  Serial - ok
21:21:06.0754 2500  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
21:21:06.0786 2500  sermouse - ok
21:21:06.0817 2500  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
21:21:06.0864 2500  SessionEnv - ok
21:21:06.0879 2500  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
21:21:06.0910 2500  sffdisk - ok
21:21:06.0942 2500  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
21:21:06.0973 2500  sffp_mmc - ok
21:21:06.0988 2500  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
21:21:07.0004 2500  sffp_sd - ok
21:21:07.0035 2500  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
21:21:07.0051 2500  sfloppy - ok
21:21:07.0098 2500  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
21:21:07.0129 2500  Sftfs - ok
21:21:07.0222 2500  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:21:07.0238 2500  sftlist - ok
21:21:07.0254 2500  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
21:21:07.0269 2500  Sftplay - ok
21:21:07.0300 2500  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
21:21:07.0300 2500  Sftredir - ok
21:21:07.0316 2500  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
21:21:07.0316 2500  Sftvol - ok
21:21:07.0363 2500  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:21:07.0378 2500  sftvsa - ok
21:21:07.0425 2500  [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv           C:\windows\system32\DRIVERS\SGdrv64.sys
21:21:07.0456 2500  SGDrv - ok
21:21:07.0488 2500  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
21:21:07.0550 2500  SharedAccess - ok
21:21:07.0581 2500  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:21:07.0644 2500  ShellHWDetection - ok
21:21:07.0675 2500  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
21:21:07.0675 2500  SiSRaid2 - ok
21:21:07.0722 2500  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
21:21:07.0722 2500  SiSRaid4 - ok
21:21:07.0784 2500  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:21:07.0800 2500  SkypeUpdate - ok
21:21:07.0815 2500  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
21:21:07.0878 2500  Smb - ok
21:21:07.0924 2500  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
21:21:07.0956 2500  SNMPTRAP - ok
21:21:07.0971 2500  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
21:21:07.0987 2500  spldr - ok
21:21:08.0018 2500  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
21:21:08.0065 2500  Spooler - ok
21:21:08.0143 2500  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
21:21:08.0236 2500  sppsvc - ok
21:21:08.0252 2500  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
21:21:08.0299 2500  sppuinotify - ok
21:21:08.0330 2500  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
21:21:08.0377 2500  srv - ok
21:21:08.0392 2500  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
21:21:08.0424 2500  srv2 - ok
21:21:08.0455 2500  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
21:21:08.0470 2500  srvnet - ok
21:21:08.0517 2500  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
21:21:08.0564 2500  SSDPSRV - ok
21:21:08.0580 2500  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
21:21:08.0626 2500  SstpSvc - ok
21:21:08.0658 2500  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
21:21:08.0658 2500  stexstor - ok
21:21:08.0704 2500  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
21:21:08.0736 2500  stisvc - ok
21:21:08.0751 2500  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
21:21:08.0767 2500  swenum - ok
21:21:08.0798 2500  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
21:21:08.0845 2500  swprv - ok
21:21:08.0892 2500  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
21:21:08.0954 2500  SysMain - ok
21:21:08.0985 2500  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:21:09.0016 2500  TabletInputService - ok
21:21:09.0048 2500  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
21:21:09.0094 2500  TapiSrv - ok
21:21:09.0110 2500  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
21:21:09.0172 2500  TBS - ok
21:21:09.0235 2500  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
21:21:09.0282 2500  Tcpip - ok
21:21:09.0328 2500  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
21:21:09.0360 2500  TCPIP6 - ok
21:21:09.0391 2500  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
21:21:09.0422 2500  tcpipreg - ok
21:21:09.0453 2500  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
21:21:09.0500 2500  TDPIPE - ok
21:21:09.0531 2500  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
21:21:09.0531 2500  TDTCP - ok
21:21:09.0562 2500  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
21:21:09.0594 2500  tdx - ok
21:21:09.0625 2500  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
21:21:09.0656 2500  TermDD - ok
21:21:09.0672 2500  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
21:21:09.0718 2500  TermService - ok
21:21:09.0734 2500  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
21:21:09.0765 2500  Themes - ok
21:21:09.0781 2500  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
21:21:09.0812 2500  THREADORDER - ok
21:21:09.0843 2500  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
21:21:09.0890 2500  TrkWks - ok
21:21:09.0937 2500  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:21:09.0984 2500  TrustedInstaller - ok
21:21:10.0015 2500  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
21:21:10.0046 2500  tssecsrv - ok
21:21:10.0155 2500  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
21:21:10.0218 2500  TsUsbFlt - ok
21:21:10.0233 2500  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
21:21:10.0249 2500  TsUsbGD - ok
21:21:10.0264 2500  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
21:21:10.0311 2500  tunnel - ok
21:21:10.0327 2500  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
21:21:10.0342 2500  uagp35 - ok
21:21:10.0374 2500  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
21:21:10.0436 2500  udfs - ok
21:21:10.0467 2500  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
21:21:10.0483 2500  UI0Detect - ok
21:21:10.0483 2500  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
21:21:10.0498 2500  uliagpkx - ok
21:21:10.0514 2500  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
21:21:10.0530 2500  umbus - ok
21:21:10.0561 2500  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
21:21:10.0592 2500  UmPass - ok
21:21:10.0717 2500  [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:21:10.0795 2500  UNS - ok
21:21:10.0842 2500  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
21:21:10.0888 2500  upnphost - ok
21:21:10.0920 2500  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
21:21:10.0951 2500  usbccgp - ok
21:21:10.0982 2500  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
21:21:11.0013 2500  usbcir - ok
21:21:11.0029 2500  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
21:21:11.0060 2500  usbehci - ok
21:21:11.0107 2500  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
21:21:11.0138 2500  usbhub - ok
21:21:11.0185 2500  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
21:21:11.0200 2500  usbohci - ok
21:21:11.0232 2500  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
21:21:11.0263 2500  usbprint - ok
21:21:11.0278 2500  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
21:21:11.0325 2500  USBSTOR - ok
21:21:11.0325 2500  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
21:21:11.0341 2500  usbuhci - ok
21:21:11.0388 2500  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
21:21:11.0419 2500  usbvideo - ok
21:21:11.0481 2500  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
21:21:11.0528 2500  UxSms - ok
21:21:11.0544 2500  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
21:21:11.0559 2500  VaultSvc - ok
21:21:11.0590 2500  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
21:21:11.0606 2500  vdrvroot - ok
21:21:11.0622 2500  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
21:21:11.0684 2500  vds - ok
21:21:11.0715 2500  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
21:21:11.0715 2500  vga - ok
21:21:11.0731 2500  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
21:21:11.0793 2500  VgaSave - ok
21:21:11.0809 2500  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
21:21:11.0824 2500  vhdmp - ok
21:21:11.0840 2500  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
21:21:11.0856 2500  viaide - ok
21:21:11.0871 2500  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
21:21:11.0887 2500  volmgr - ok
21:21:11.0902 2500  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
21:21:11.0918 2500  volmgrx - ok
21:21:11.0949 2500  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
21:21:11.0965 2500  volsnap - ok
21:21:11.0996 2500  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
21:21:12.0012 2500  vsmraid - ok
21:21:12.0090 2500  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
21:21:12.0168 2500  VSS - ok
21:21:12.0183 2500  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
21:21:12.0214 2500  vwifibus - ok
21:21:12.0261 2500  [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
21:21:12.0292 2500  vwififlt - ok
21:21:12.0339 2500  [ 49003B357D101CDC474937437ECF5ABC ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
21:21:12.0355 2500  vwifimp - ok
21:21:12.0386 2500  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
21:21:12.0433 2500  W32Time - ok
21:21:12.0464 2500  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
21:21:12.0480 2500  WacomPen - ok
21:21:12.0526 2500  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
21:21:12.0558 2500  WANARP - ok
21:21:12.0573 2500  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
21:21:12.0604 2500  Wanarpv6 - ok
21:21:12.0636 2500  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
21:21:12.0698 2500  wbengine - ok
21:21:12.0714 2500  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
21:21:12.0745 2500  WbioSrvc - ok
21:21:12.0760 2500  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
21:21:12.0792 2500  wcncsvc - ok
21:21:12.0792 2500  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:21:12.0838 2500  WcsPlugInService - ok
21:21:12.0854 2500  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
21:21:12.0870 2500  Wd - ok
21:21:12.0916 2500  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
21:21:12.0948 2500  Wdf01000 - ok
21:21:12.0963 2500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
21:21:13.0026 2500  WdiServiceHost - ok
21:21:13.0026 2500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
21:21:13.0057 2500  WdiSystemHost - ok
21:21:13.0072 2500  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
21:21:13.0104 2500  WebClient - ok
21:21:13.0135 2500  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
21:21:13.0197 2500  Wecsvc - ok
21:21:13.0213 2500  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
21:21:13.0244 2500  wercplsupport - ok
21:21:13.0275 2500  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
21:21:13.0353 2500  WerSvc - ok
21:21:13.0369 2500  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
21:21:13.0416 2500  WfpLwf - ok
21:21:13.0447 2500  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
21:21:13.0447 2500  WIMMount - ok
21:21:13.0494 2500  WinDefend - ok
21:21:13.0509 2500  WinHttpAutoProxySvc - ok
21:21:13.0556 2500  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
21:21:13.0618 2500  Winmgmt - ok
21:21:13.0665 2500  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
21:21:13.0743 2500  WinRM - ok
21:21:13.0806 2500  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
21:21:13.0868 2500  Wlansvc - ok
21:21:13.0915 2500  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:21:13.0915 2500  wlcrasvc - ok
21:21:14.0024 2500  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:14.0086 2500  wlidsvc - ok
21:21:14.0102 2500  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
21:21:14.0133 2500  WmiAcpi - ok
21:21:14.0164 2500  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
21:21:14.0196 2500  wmiApSrv - ok
21:21:14.0242 2500  WMPNetworkSvc - ok
21:21:14.0274 2500  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
21:21:14.0305 2500  WPCSvc - ok
21:21:14.0320 2500  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
21:21:14.0336 2500  WPDBusEnum - ok
21:21:14.0352 2500  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
21:21:14.0398 2500  ws2ifsl - ok
21:21:14.0430 2500  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
21:21:14.0445 2500  wscsvc - ok
21:21:14.0445 2500  WSearch - ok
21:21:14.0523 2500  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
21:21:14.0586 2500  wuauserv - ok
21:21:14.0617 2500  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
21:21:14.0679 2500  WudfPf - ok
21:21:14.0726 2500  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
21:21:14.0757 2500  WUDFRd - ok
21:21:14.0788 2500  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
21:21:14.0804 2500  wudfsvc - ok
21:21:14.0851 2500  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
21:21:14.0882 2500  WwanSvc - ok
21:21:14.0960 2500  ================ Scan global ===============================
21:21:14.0976 2500  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:21:14.0991 2500  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
21:21:15.0007 2500  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
21:21:15.0038 2500  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:21:15.0085 2500  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:21:15.0085 2500  [Global] - ok
21:21:15.0085 2500  ================ Scan MBR ==================================
21:21:15.0116 2500  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
21:21:15.0381 2500  \Device\Harddisk0\DR0 - ok
21:21:15.0381 2500  ================ Scan VBR ==================================
21:21:15.0381 2500  [ 9175F45EE127626E640D3E67F2247BD7 ] \Device\Harddisk0\DR0\Partition1
21:21:15.0397 2500  \Device\Harddisk0\DR0\Partition1 - ok
21:21:15.0412 2500  [ 5E85D38605589E86DB60C9E55BA0F696 ] \Device\Harddisk0\DR0\Partition2
21:21:15.0412 2500  \Device\Harddisk0\DR0\Partition2 - ok
21:21:15.0444 2500  [ 0A5820F8032360A9EDBC8F40A6997387 ] \Device\Harddisk0\DR0\Partition3
21:21:15.0444 2500  \Device\Harddisk0\DR0\Partition3 - ok
21:21:15.0444 2500  ============================================================
21:21:15.0444 2500  Scan finished
21:21:15.0444 2500  ============================================================
21:21:15.0459 3508  Detected object count: 4
21:21:15.0459 3508  Actual detected object count: 4
21:21:39.0795 3508  BtFilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:39.0795 3508  BtFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:39.0795 3508  Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:39.0795 3508  Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:39.0795 3508  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:39.0795 3508  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:21:39.0795 3508  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:39.0795 3508  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Okay nichts zu sehen. Wir machen weiter.

Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2:

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.

Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!


Schritt 3:

Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

So, fertig. Kurz zwei Dinge vorweg: aus mir nicht bekannten Gründen, habe ich zwar avast beendet, konnte aber irgendeinen Prozess (AvastUI.exe) im TaskManager ums Verrecken nicht beenden, weil mir ständig der Zugriff verweigert wurde. Hoffe das hatte keinerlei negative Auswirkungen auf irgendeinen Scan-Vorgang ?!? Ansonsten besteht das alte Problem weiterhin.
Und hier nun die einzelnen Logs.

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Sandra :: SANDRA-PC [Administrator]

17.08.2013 21:10:45
mbam-log-2013-08-17 (21-10-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 247955
Laufzeit: 4 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Der vom Eset:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e45eaf9ed5635b409dd37ac21845d79d
# engine=14764
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-13 09:19:05
# local_time=2013-08-13 11:19:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 2880100 153138617 0 0
# compatibility_mode=5893 16776573 100 94 10846 128058595 0 0
# scanned=182092
# found=2
# cleaned=1
# scan_time=3357
sh=E83CC32D8758A5BC68D9069BB220FCB79AAA5910 ft=1 fh=d65d2a34273d9235 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\update[1]"
sh=E83CC32D8758A5BC68D9069BB220FCB79AAA5910 ft=1 fh=d65d2a34273d9235 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\update[1]"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e45eaf9ed5635b409dd37ac21845d79d
# engine=14815
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-17 08:53:30
# local_time=2013-08-17 10:53:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 3224165 153482682 0 0
# compatibility_mode=5893 16776574 100 94 261376 128402660 0 0
# scanned=178894
# found=0
# cleaned=0
# scan_time=4883
         

...und der SecurityCheck

Code: Alles auswählenAufklappen

ATTFilter

Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1) 
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Juchuu...endlich mal alles getroffen.