Trojaner-Board - Musik spielt ab, aber keine Anwendung läuft

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Musik spielt ab, aber keine Anwendung läuft (https://www.trojaner-board.de/128302-musik-spielt-ab-keine-anwendung-laeuft.html)

Musik spielt ab, aber keine Anwendung läuft

Hallo,

auf meinen beiden Laptops spielt Musik, aber keine Anwendung läuft. Zu diesem Thema habe ich gegoogelt, aber keine brauchbare Antwort gefunden, darum wende ich mich nun an euch.

Ich habe Antivir und Malwarebytes als Sicherheitsprogramme auf den Laptops, ein vollständiger Scan mit beiden Programmen ergab keinen Fund.

Nun habe ich mit OTL noch eine Analyse durchgeführt, leider kann ich nicht wirklich was mit der Log-Datei anfangen. Hier ist sie:

Zitat:

OTL Extras logfile created on: 19.12.2012 00:11:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sandra\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 41,20% Memory free
15,80 Gb Paging File | 9,53 Gb Available in Paging File | 60,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 411,91 Gb Total Space | 359,84 Gb Free Space | 87,36% Space Free | Partition Type: NTFS
Drive D: | 274,60 Gb Total Space | 263,79 Gb Free Space | 96,06% Space Free | Partition Type: NTFS
Drive E: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: SANDRA-MSI | User Name: sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B5FD8464-E477-4C81-A68C-E112E67EF7D0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF848A2C-D1FB-4C4D-9EBA-9DD82CACBCAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2171194-FF6D-4FBD-89EA-487DC8D7273A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B86B9644-A599-41CA-8231-69560B947A42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EFE468A5-DF09-4F29-A68A-10559031D1AA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}" = MSI Software Install
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDC923-826E-4007-8179-50E7C570E545}" = S-Bar
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}" = KLM
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95193654-3EF2-4D17-8503-9F80B56D9ED5}" = MSI VGA Overclock Tool
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAOCCharplan" = DAOC-Charplan
"Dark Age of Camelot" = Dark Age of Camelot
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}" = KLM
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.12.2012 18:55:03 | Computer Name = WIN-1FNACULVO13 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ChargeService.exe, Version: 1.2.6.0,
Zeitstempel: 0x4f029307 Name des fehlerhaften Moduls: ChargeService.exe, Version:
1.2.6.0, Zeitstempel: 0x4f029307 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006fba
ID
des fehlerhaften Prozesses: 0x748 Startzeit der fehlerhaften Anwendung: 0x01cdda4e08170bdf
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
Berichtskennung:
4b31ba5f-4641-11e2-88cb-685d43500cd0

Error - 14.12.2012 09:58:18 | Computer Name = sandra-MSI | Source = WinMgmt | ID = 10
Description =

Error - 14.12.2012 10:01:39 | Computer Name = sandra-MSI | Source = WinMgmt | ID = 10
Description =

Error - 14.12.2012 10:04:10 | Computer Name = sandra-MSI | Source = WinMgmt | ID = 10
Description =

Error - 14.12.2012 10:05:49 | Computer Name = sandra-MSI | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 4.3.6.1987,
Zeitstempel: 0x3bd86c3f Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bd3e ID des fehlerhaften
Prozesses: 0x3ec Startzeit der fehlerhaften Anwendung: 0x01cdda041b18bb25 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\MAGIX\MusicMaker16_Download-Version\PCVisit\setup.exe
Pfad
des fehlerhaften Moduls: C:\windows\syswow64\ole32.dll Berichtskennung: 5c5293ae-45f7-11e2-a086-8c89a5024cfb

Error - 14.12.2012 10:06:53 | Computer Name = sandra-MSI | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 4.3.6.1987,
Zeitstempel: 0x3bd86c3f Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003bd3e ID des fehlerhaften
Prozesses: 0x10e0 Startzeit der fehlerhaften Anwendung: 0x01cdda0442584b89 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\MAGIX\Foto_Manager_9\PCVisit\setup.exe
Pfad
des fehlerhaften Moduls: C:\windows\syswow64\ole32.dll Berichtskennung: 82747ef1-45f7-11e2-a086-8c89a5024cfb

Error - 14.12.2012 10:09:23 | Computer Name = sandra-MSI | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.12.2012 10:09:27 | Computer Name = sandra-MSI | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.12.2012 10:09:39 | Computer Name = sandra-MSI | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.12.2012 11:27:10 | Computer Name = sandra-MSI | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

< End of report >

Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Hallo Cosinus,

danke für deine schnelle Antwort. Ich hoffe, ich habe alles richtig gemacht, hier die Files:

Zitat:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-19 04:03:42
-----------------------------
04:03:42.135 OS Version: Windows x64 6.1.7601 Service Pack 1
04:03:42.135 Number of processors: 8 586 0x3A09
04:03:42.135 ComputerName: SANDRA-MSI UserName: sandra
04:03:43.012 Initialize success
04:06:41.406 AVAST engine defs: 12121801
04:06:51.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:06:51.485 Disk 0 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
04:06:51.502 Disk 0 MBR read successfully
04:06:51.504 Disk 0 MBR scan
04:06:51.508 Disk 0 Windows 7 default MBR code
04:06:51.516 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12315 MB offset 2048
04:06:51.531 Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 25223168
04:06:51.544 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 421793 MB offset 25427968
04:06:51.569 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 281195 MB offset 889260032
04:06:51.595 Disk 0 scanning C:\windows\system32\drivers
04:06:56.558 Service scanning
04:07:17.210 Modules scanning
04:07:17.216 Disk 0 trace - called modules:
04:07:17.229 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
04:07:17.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a12790]
04:07:17.441 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80079e9950]
04:07:17.445 5 ACPI.sys[fffff88000f1c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007afd050]
04:07:19.262 AVAST engine scan C:\windows
04:07:20.955 AVAST engine scan C:\windows\system32
04:09:18.364 AVAST engine scan C:\windows\system32\drivers
04:09:35.897 AVAST engine scan C:\Users\sandra
04:10:24.371 Disk 0 MBR has been saved successfully to "C:\Users\sandra\Desktop\MBR.dat"
04:10:24.378 The log file has been saved successfully to "C:\Users\sandra\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-19 04:03:42
-----------------------------
04:03:42.135 OS Version: Windows x64 6.1.7601 Service Pack 1
04:03:42.135 Number of processors: 8 586 0x3A09
04:03:42.135 ComputerName: SANDRA-MSI UserName: sandra
04:03:43.012 Initialize success
04:06:41.406 AVAST engine defs: 12121801
04:06:51.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:06:51.485 Disk 0 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
04:06:51.502 Disk 0 MBR read successfully
04:06:51.504 Disk 0 MBR scan
04:06:51.508 Disk 0 Windows 7 default MBR code
04:06:51.516 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12315 MB offset 2048
04:06:51.531 Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 25223168
04:06:51.544 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 421793 MB offset 25427968
04:06:51.569 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 281195 MB offset 889260032
04:06:51.595 Disk 0 scanning C:\windows\system32\drivers
04:06:56.558 Service scanning
04:07:17.210 Modules scanning
04:07:17.216 Disk 0 trace - called modules:
04:07:17.229 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
04:07:17.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a12790]
04:07:17.441 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80079e9950]
04:07:17.445 5 ACPI.sys[fffff88000f1c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007afd050]
04:07:19.262 AVAST engine scan C:\windows
04:07:20.955 AVAST engine scan C:\windows\system32
04:09:18.364 AVAST engine scan C:\windows\system32\drivers
04:09:35.897 AVAST engine scan C:\Users\sandra
04:10:24.371 Disk 0 MBR has been saved successfully to "C:\Users\sandra\Desktop\MBR.dat"
04:10:24.378 The log file has been saved successfully to "C:\Users\sandra\Desktop\aswMBR.txt"
04:10:38.794 AVAST engine scan C:\ProgramData
04:11:54.043 Scan finished successfully
04:16:17.601 Disk 0 MBR has been saved successfully to "C:\Users\sandra\Desktop\MBR.dat"
04:16:17.608 The log file has been saved successfully to "C:\Users\sandra\Desktop\aswMBR.txt"

und der TDSS-Killer:

Zitat:

04:26:20.0660 16376 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:26:20.0772 16376 ============================================================
04:26:20.0772 16376 Current date / time: 2012/12/19 04:26:20.0772
04:26:20.0772 16376 SystemInfo:
04:26:20.0772 16376
04:26:20.0772 16376 OS Version: 6.1.7601 ServicePack: 1.0
04:26:20.0772 16376 Product type: Workstation
04:26:20.0772 16376 ComputerName: SANDRA-MSI
04:26:20.0773 16376 UserName: sandra
04:26:20.0773 16376 Windows directory: C:\windows
04:26:20.0773 16376 System windows directory: C:\windows
04:26:20.0773 16376 Running under WOW64
04:26:20.0773 16376 Processor architecture: Intel x64
04:26:20.0773 16376 Number of processors: 8
04:26:20.0773 16376 Page size: 0x1000
04:26:20.0773 16376 Boot type: Normal boot
04:26:20.0773 16376 ============================================================
04:26:21.0251 16376 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:26:21.0270 16376 ============================================================
04:26:21.0270 16376 \Device\Harddisk0\DR0:
04:26:21.0270 16376 MBR partitions:
04:26:21.0270 16376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1840000, BlocksNum 0x337D0800
04:26:21.0270 16376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35010800, BlocksNum 0x22535800
04:26:21.0270 16376 ============================================================
04:26:21.0295 16376 C: <-> \Device\Harddisk0\DR0\Partition1
04:26:21.0329 16376 D: <-> \Device\Harddisk0\DR0\Partition2
04:26:21.0329 16376 ============================================================
04:26:21.0329 16376 Initialize success
04:26:21.0329 16376 ============================================================
04:26:37.0818 16556 ============================================================
04:26:37.0818 16556 Scan started
04:26:37.0818 16556 Mode: Manual;
04:26:37.0818 16556 ============================================================
04:26:38.0173 16556 ================ Scan system memory ========================
04:26:38.0173 16556 System memory - ok
04:26:38.0174 16556 ================ Scan services =============================
04:26:38.0601 16556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
04:26:38.0604 16556 1394ohci - ok
04:26:38.0647 16556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
04:26:38.0652 16556 ACPI - ok
04:26:38.0673 16556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
04:26:38.0674 16556 AcpiPmi - ok
04:26:38.0770 16556 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:26:38.0772 16556 AdobeARMservice - ok
04:26:38.0840 16556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
04:26:38.0847 16556 adp94xx - ok
04:26:38.0878 16556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
04:26:38.0883 16556 adpahci - ok
04:26:38.0913 16556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
04:26:38.0916 16556 adpu320 - ok
04:26:38.0954 16556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
04:26:38.0955 16556 AeLookupSvc - ok
04:26:39.0029 16556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
04:26:39.0036 16556 AFD - ok
04:26:39.0096 16556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
04:26:39.0097 16556 agp440 - ok
04:26:39.0133 16556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
04:26:39.0134 16556 ALG - ok
04:26:39.0151 16556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
04:26:39.0152 16556 aliide - ok
04:26:39.0157 16556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
04:26:39.0158 16556 amdide - ok
04:26:39.0180 16556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
04:26:39.0181 16556 AmdK8 - ok
04:26:39.0187 16556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
04:26:39.0188 16556 AmdPPM - ok
04:26:39.0212 16556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
04:26:39.0214 16556 amdsata - ok
04:26:39.0246 16556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
04:26:39.0254 16556 amdsbs - ok
04:26:39.0258 16556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
04:26:39.0259 16556 amdxata - ok
04:26:39.0481 16556 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
04:26:39.0482 16556 AntiVirSchedulerService - ok
04:26:39.0545 16556 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
04:26:39.0547 16556 AntiVirService - ok
04:26:39.0588 16556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
04:26:39.0589 16556 AppID - ok
04:26:39.0609 16556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
04:26:39.0610 16556 AppIDSvc - ok
04:26:39.0615 16556 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
04:26:39.0617 16556 Appinfo - ok
04:26:39.0631 16556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
04:26:39.0632 16556 arc - ok
04:26:39.0638 16556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
04:26:39.0640 16556 arcsas - ok
04:26:39.0650 16556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
04:26:39.0651 16556 AsyncMac - ok
04:26:39.0657 16556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
04:26:39.0658 16556 atapi - ok
04:26:39.0691 16556 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
04:26:39.0710 16556 athr - ok
04:26:39.0738 16556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
04:26:39.0745 16556 AudioEndpointBuilder - ok
04:26:39.0754 16556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
04:26:39.0758 16556 AudioSrv - ok
04:26:39.0795 16556 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
04:26:39.0796 16556 avgntflt - ok
04:26:39.0827 16556 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
04:26:39.0828 16556 avipbb - ok
04:26:39.0844 16556 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
04:26:39.0845 16556 avkmgr - ok
04:26:39.0886 16556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
04:26:39.0888 16556 AxInstSV - ok
04:26:39.0918 16556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
04:26:39.0923 16556 b06bdrv - ok
04:26:39.0945 16556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
04:26:39.0949 16556 b57nd60a - ok
04:26:39.0988 16556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
04:26:39.0989 16556 BDESVC - ok
04:26:40.0003 16556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
04:26:40.0004 16556 Beep - ok
04:26:40.0040 16556 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
04:26:40.0048 16556 BFE - ok
04:26:40.0078 16556 [ A547A67CD2E6E0354A2EFDBE939C2E6C ] BfLwf C:\windows\system32\DRIVERS\bflwfx64.sys
04:26:40.0079 16556 BfLwf - ok
04:26:40.0118 16556 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
04:26:40.0129 16556 BITS - ok
04:26:40.0153 16556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
04:26:40.0154 16556 blbdrive - ok
04:26:40.0224 16556 [ 05981C3E51D827ED6B8101A54B05E392 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
04:26:40.0241 16556 Bluetooth Device Monitor - ok
04:26:40.0267 16556 [ BBFAF63BF768047FE2441B4139E803E3 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
04:26:40.0284 16556 Bluetooth Media Service - ok
04:26:40.0332 16556 [ 41D8F56E6BBE0111244D87BE2FA90374 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
04:26:40.0348 16556 Bluetooth OBEX Service - ok
04:26:40.0371 16556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
04:26:40.0372 16556 bowser - ok
04:26:40.0396 16556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
04:26:40.0396 16556 BrFiltLo - ok
04:26:40.0412 16556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
04:26:40.0412 16556 BrFiltUp - ok
04:26:40.0443 16556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
04:26:40.0445 16556 Browser - ok
04:26:40.0463 16556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
04:26:40.0471 16556 Brserid - ok
04:26:40.0477 16556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
04:26:40.0478 16556 BrSerWdm - ok
04:26:40.0483 16556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
04:26:40.0483 16556 BrUsbMdm - ok
04:26:40.0488 16556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
04:26:40.0488 16556 BrUsbSer - ok
04:26:40.0531 16556 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
04:26:40.0532 16556 BthEnum - ok
04:26:40.0563 16556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
04:26:40.0564 16556 BTHMODEM - ok
04:26:40.0572 16556 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
04:26:40.0574 16556 BthPan - ok
04:26:40.0603 16556 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
04:26:40.0610 16556 BTHPORT - ok
04:26:40.0647 16556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
04:26:40.0648 16556 bthserv - ok
04:26:40.0675 16556 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
04:26:40.0677 16556 BTHUSB - ok
04:26:40.0720 16556 [ 988CC6CC49303665D3B2435C51505C3F ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
04:26:40.0722 16556 btmaux - ok
04:26:40.0746 16556 [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
04:26:40.0756 16556 btmhsf - ok
04:26:40.0792 16556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
04:26:40.0794 16556 cdfs - ok
04:26:40.0819 16556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
04:26:40.0822 16556 cdrom - ok
04:26:40.0852 16556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
04:26:40.0854 16556 CertPropSvc - ok
04:26:40.0865 16556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
04:26:40.0866 16556 circlass - ok
04:26:40.0885 16556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
04:26:40.0891 16556 CLFS - ok
04:26:41.0002 16556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:26:41.0004 16556 clr_optimization_v2.0.50727_32 - ok
04:26:41.0074 16556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:26:41.0076 16556 clr_optimization_v2.0.50727_64 - ok
04:26:41.0196 16556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:26:41.0199 16556 clr_optimization_v4.0.30319_32 - ok
04:26:41.0302 16556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:26:41.0306 16556 clr_optimization_v4.0.30319_64 - ok
04:26:41.0350 16556 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
04:26:41.0351 16556 clwvd - ok
04:26:41.0395 16556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
04:26:41.0396 16556 CmBatt - ok
04:26:41.0401 16556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
04:26:41.0402 16556 cmdide - ok
04:26:41.0439 16556 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
04:26:41.0445 16556 CNG - ok
04:26:41.0470 16556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
04:26:41.0471 16556 Compbatt - ok
04:26:41.0496 16556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
04:26:41.0497 16556 CompositeBus - ok
04:26:41.0507 16556 COMSysApp - ok
04:26:41.0683 16556 [ DB84D759193FDEDF82144E565108037E ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
04:26:41.0700 16556 cphs - ok
04:26:41.0738 16556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
04:26:41.0739 16556 crcdisk - ok
04:26:41.0809 16556 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
04:26:41.0812 16556 CryptSvc - ok
04:26:41.0864 16556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
04:26:41.0873 16556 DcomLaunch - ok
04:26:41.0903 16556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
04:26:41.0907 16556 defragsvc - ok
04:26:41.0943 16556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
04:26:41.0944 16556 DfsC - ok
04:26:41.0962 16556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
04:26:41.0967 16556 Dhcp - ok
04:26:41.0972 16556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
04:26:41.0973 16556 discache - ok
04:26:41.0991 16556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
04:26:41.0992 16556 Disk - ok
04:26:42.0018 16556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
04:26:42.0021 16556 Dnscache - ok
04:26:42.0029 16556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
04:26:42.0033 16556 dot3svc - ok
04:26:42.0040 16556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
04:26:42.0043 16556 DPS - ok
04:26:42.0070 16556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
04:26:42.0071 16556 drmkaud - ok
04:26:42.0095 16556 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
04:26:42.0109 16556 DXGKrnl - ok
04:26:42.0125 16556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
04:26:42.0126 16556 EapHost - ok
04:26:42.0181 16556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
04:26:42.0213 16556 ebdrv - ok
04:26:42.0236 16556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
04:26:42.0237 16556 EFS - ok
04:26:42.0297 16556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
04:26:42.0308 16556 ehRecvr - ok
04:26:42.0315 16556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
04:26:42.0318 16556 ehSched - ok
04:26:42.0354 16556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
04:26:42.0361 16556 elxstor - ok
04:26:42.0367 16556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
04:26:42.0367 16556 ErrDev - ok
04:26:42.0410 16556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
04:26:42.0417 16556 EventSystem - ok
04:26:42.0436 16556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
04:26:42.0438 16556 exfat - ok
04:26:42.0458 16556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
04:26:42.0460 16556 fastfat - ok
04:26:42.0495 16556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
04:26:42.0505 16556 Fax - ok
04:26:42.0516 16556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
04:26:42.0517 16556 fdc - ok
04:26:42.0539 16556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
04:26:42.0540 16556 fdPHost - ok
04:26:42.0545 16556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
04:26:42.0547 16556 FDResPub - ok
04:26:42.0580 16556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
04:26:42.0581 16556 FileInfo - ok
04:26:42.0586 16556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
04:26:42.0587 16556 Filetrace - ok
04:26:42.0591 16556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
04:26:42.0592 16556 flpydisk - ok
04:26:42.0600 16556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
04:26:42.0603 16556 FltMgr - ok
04:26:42.0633 16556 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
04:26:42.0648 16556 FontCache - ok
04:26:42.0673 16556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:26:42.0674 16556 FontCache3.0.0.0 - ok
04:26:42.0686 16556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
04:26:42.0687 16556 FsDepends - ok
04:26:42.0722 16556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
04:26:42.0723 16556 Fs_Rec - ok
04:26:42.0758 16556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
04:26:42.0761 16556 fvevol - ok
04:26:42.0778 16556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
04:26:42.0779 16556 gagp30kx - ok
04:26:42.0819 16556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
04:26:42.0830 16556 gpsvc - ok
04:26:42.0863 16556 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:26:42.0864 16556 gupdate - ok
04:26:42.0869 16556 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:26:42.0871 16556 gupdatem - ok
04:26:42.0897 16556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
04:26:42.0898 16556 hcw85cir - ok
04:26:42.0915 16556 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
04:26:42.0920 16556 HdAudAddService - ok
04:26:42.0940 16556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
04:26:42.0941 16556 HDAudBus - ok
04:26:42.0946 16556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
04:26:42.0947 16556 HidBatt - ok
04:26:42.0952 16556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
04:26:42.0953 16556 HidBth - ok
04:26:42.0961 16556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
04:26:42.0961 16556 HidIr - ok
04:26:42.0986 16556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
04:26:42.0988 16556 hidserv - ok
04:26:43.0006 16556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
04:26:43.0006 16556 HidUsb - ok
04:26:43.0028 16556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
04:26:43.0030 16556 hkmsvc - ok
04:26:43.0051 16556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
04:26:43.0055 16556 HomeGroupListener - ok
04:26:43.0079 16556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
04:26:43.0083 16556 HomeGroupProvider - ok
04:26:43.0104 16556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
04:26:43.0105 16556 HpSAMD - ok
04:26:43.0130 16556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
04:26:43.0148 16556 HTTP - ok
04:26:43.0153 16556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
04:26:43.0153 16556 hwpolicy - ok
04:26:43.0182 16556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
04:26:43.0183 16556 i8042prt - ok
04:26:43.0205 16556 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\drivers\iaStor.sys
04:26:43.0210 16556 iaStor - ok
04:26:43.0246 16556 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
04:26:43.0248 16556 IAStorDataMgrSvc - ok
04:26:43.0279 16556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
04:26:43.0285 16556 iaStorV - ok
04:26:43.0345 16556 [ 4F8413B0D925164C679FCE772D8AA1EE ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
04:26:43.0347 16556 IB Updater - ok
04:26:43.0374 16556 [ 9E3D44CE737388F6BBBB6DD4A1C1847C ] ibtfltcoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
04:26:43.0375 16556 ibtfltcoex - ok
04:26:43.0427 16556 [ 892385382FC0FB858E0DEA031E9C7AF7 ] IBUpdaterService C:\windows\system32\dmwu.exe
04:26:43.0439 16556 IBUpdaterService - ok
04:26:43.0536 16556 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
04:26:43.0578 16556 IconMan_R - ok
04:26:43.0642 16556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:26:43.0655 16556 idsvc - ok
04:26:43.0860 16556 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
04:26:44.0064 16556 igfx - ok
04:26:44.0089 16556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
04:26:44.0089 16556 iirsp - ok
04:26:44.0114 16556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
04:26:44.0121 16556 IKEEXT - ok
04:26:44.0253 16556 [ BB0D3D57C25D6C5215077A8FAA7AD4B3 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
04:26:44.0303 16556 IntcAzAudAddService - ok
04:26:44.0341 16556 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
04:26:44.0346 16556 IntcDAud - ok
04:26:44.0364 16556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
04:26:44.0365 16556 intelide - ok
04:26:44.0380 16556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
04:26:44.0381 16556 intelppm - ok
04:26:44.0402 16556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
04:26:44.0404 16556 IPBusEnum - ok
04:26:44.0415 16556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
04:26:44.0416 16556 IpFilterDriver - ok
04:26:44.0449 16556 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
04:26:44.0455 16556 iphlpsvc - ok
04:26:44.0459 16556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
04:26:44.0460 16556 IPMIDRV - ok
04:26:44.0465 16556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
04:26:44.0466 16556 IPNAT - ok
04:26:44.0484 16556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
04:26:44.0485 16556 IRENUM - ok
04:26:44.0497 16556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
04:26:44.0498 16556 isapnp - ok
04:26:44.0515 16556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
04:26:44.0518 16556 iScsiPrt - ok
04:26:44.0521 16556 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\drivers\iusb3hcs.sys
04:26:44.0522 16556 iusb3hcs - ok
04:26:44.0543 16556 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\drivers\iusb3hub.sys
04:26:44.0546 16556 iusb3hub - ok
04:26:44.0558 16556 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\drivers\iusb3xhc.sys
04:26:44.0566 16556 iusb3xhc - ok
04:26:44.0601 16556 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
04:26:44.0603 16556 IviRegMgr - ok
04:26:44.0623 16556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
04:26:44.0624 16556 kbdclass - ok
04:26:44.0634 16556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
04:26:44.0635 16556 kbdhid - ok
04:26:44.0644 16556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
04:26:44.0646 16556 KeyIso - ok
04:26:44.0674 16556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
04:26:44.0675 16556 KSecDD - ok
04:26:44.0694 16556 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
04:26:44.0708 16556 KSecPkg - ok
04:26:44.0770 16556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
04:26:44.0771 16556 ksthunk - ok
04:26:44.0796 16556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
04:26:44.0803 16556 KtmRm - ok
04:26:44.0833 16556 [ 19A1E658E858CB93CCA526438086881E ] L1C C:\windows\system32\DRIVERS\e22w7x64.sys
04:26:44.0835 16556 L1C - ok
04:26:44.0875 16556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
04:26:44.0879 16556 LanmanServer - ok
04:26:44.0907 16556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
04:26:44.0910 16556 LanmanWorkstation - ok
04:26:44.0929 16556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
04:26:44.0930 16556 lltdio - ok
04:26:44.0964 16556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
04:26:44.0968 16556 lltdsvc - ok
04:26:44.0977 16556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
04:26:44.0979 16556 lmhosts - ok
04:26:44.0999 16556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
04:26:45.0000 16556 LSI_FC - ok
04:26:45.0005 16556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
04:26:45.0007 16556 LSI_SAS - ok
04:26:45.0011 16556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
04:26:45.0012 16556 LSI_SAS2 - ok
04:26:45.0017 16556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
04:26:45.0018 16556 LSI_SCSI - ok
04:26:45.0030 16556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
04:26:45.0031 16556 luafv - ok
04:26:45.0059 16556 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
04:26:45.0060 16556 MBAMProtector - ok
04:26:45.0104 16556 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
04:26:45.0110 16556 MBAMScheduler - ok
04:26:45.0134 16556 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:26:45.0143 16556 MBAMService - ok
04:26:45.0168 16556 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
04:26:45.0169 16556 MBfilt - ok
04:26:45.0192 16556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
04:26:45.0194 16556 Mcx2Svc - ok
04:26:45.0213 16556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
04:26:45.0214 16556 megasas - ok
04:26:45.0236 16556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
04:26:45.0239 16556 MegaSR - ok
04:26:45.0256 16556 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
04:26:45.0257 16556 MEIx64 - ok
04:26:45.0272 16556 Scan interrupted by user!
04:26:45.0272 16556 ================ Scan global ===============================
04:26:45.0272 16556 Scan interrupted by user!
04:26:45.0272 16556 ================ Scan MBR ==================================
04:26:45.0272 16556 Scan interrupted by user!
04:26:45.0272 16556 ================ Scan VBR ==================================
04:26:45.0272 16556 Scan interrupted by user!
04:26:45.0272 16556 ============================================================
04:26:45.0272 16556 Scan finished
04:26:45.0272 16556 ============================================================
04:26:45.0282 17208 Detected object count: 0
04:26:45.0282 17208 Actual detected object count: 0
04:27:16.0717 15896 ============================================================
04:27:16.0717 15896 Scan started
04:27:16.0717 15896 Mode: Manual; SigCheck; TDLFS;
04:27:16.0717 15896 ============================================================
04:27:16.0953 15896 ================ Scan system memory ========================
04:27:16.0953 15896 System memory - ok
04:27:16.0954 15896 ================ Scan services =============================
04:27:17.0281 15896 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
04:27:17.0383 15896 1394ohci - ok
04:27:17.0401 15896 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
04:27:17.0415 15896 ACPI - ok
04:27:17.0418 15896 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
04:27:17.0451 15896 AcpiPmi - ok
04:27:17.0525 15896 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:27:17.0540 15896 AdobeARMservice - ok
04:27:17.0579 15896 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
04:27:17.0605 15896 adp94xx - ok
04:27:17.0610 15896 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
04:27:17.0620 15896 adpahci - ok
04:27:17.0624 15896 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
04:27:17.0631 15896 adpu320 - ok
04:27:17.0658 15896 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
04:27:17.0842 15896 AeLookupSvc - ok
04:27:17.0873 15896 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
04:27:17.0925 15896 AFD - ok
04:27:17.0951 15896 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
04:27:17.0967 15896 agp440 - ok
04:27:17.0988 15896 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
04:27:18.0033 15896 ALG - ok
04:27:18.0038 15896 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
04:27:18.0054 15896 aliide - ok
04:27:18.0057 15896 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
04:27:18.0063 15896 amdide - ok
04:27:18.0065 15896 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
04:27:18.0085 15896 AmdK8 - ok
04:27:18.0111 15896 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
04:27:18.0138 15896 AmdPPM - ok
04:27:18.0144 15896 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
04:27:18.0162 15896 amdsata - ok
04:27:18.0176 15896 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
04:27:18.0196 15896 amdsbs - ok
04:27:18.0201 15896 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
04:27:18.0209 15896 amdxata - ok
04:27:18.0311 15896 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
04:27:18.0327 15896 AntiVirSchedulerService - ok
04:27:18.0351 15896 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
04:27:18.0365 15896 AntiVirService - ok
04:27:18.0393 15896 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
04:27:18.0510 15896 AppID - ok
04:27:18.0531 15896 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
04:27:18.0556 15896 AppIDSvc - ok
04:27:18.0559 15896 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
04:27:18.0595 15896 Appinfo - ok
04:27:18.0602 15896 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
04:27:18.0609 15896 arc - ok
04:27:18.0626 15896 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
04:27:18.0632 15896 arcsas - ok
04:27:18.0635 15896 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
04:27:18.0667 15896 AsyncMac - ok
04:27:18.0670 15896 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
04:27:18.0676 15896 atapi - ok
04:27:18.0698 15896 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
04:27:18.0730 15896 athr - ok
04:27:18.0759 15896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
04:27:18.0793 15896 AudioEndpointBuilder - ok
04:27:18.0800 15896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
04:27:18.0825 15896 AudioSrv - ok
04:27:18.0842 15896 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
04:27:18.0852 15896 avgntflt - ok
04:27:18.0864 15896 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
04:27:18.0872 15896 avipbb - ok
04:27:18.0891 15896 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
04:27:18.0897 15896 avkmgr - ok
04:27:18.0925 15896 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
04:27:18.0993 15896 AxInstSV - ok
04:27:19.0024 15896 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
04:27:19.0049 15896 b06bdrv - ok
04:27:19.0059 15896 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
04:27:19.0076 15896 b57nd60a - ok
04:27:19.0101 15896 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
04:27:19.0139 15896 BDESVC - ok
04:27:19.0150 15896 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
04:27:19.0197 15896 Beep - ok
04:27:19.0218 15896 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
04:27:19.0269 15896 BFE - ok
04:27:19.0291 15896 [ A547A67CD2E6E0354A2EFDBE939C2E6C ] BfLwf C:\windows\system32\DRIVERS\bflwfx64.sys
04:27:19.0300 15896 BfLwf - ok
04:27:19.0330 15896 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
04:27:19.0385 15896 BITS - ok
04:27:19.0408 15896 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
04:27:19.0430 15896 blbdrive - ok
04:27:19.0489 15896 [ 05981C3E51D827ED6B8101A54B05E392 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
04:27:19.0518 15896 Bluetooth Device Monitor - ok
04:27:19.0543 15896 [ BBFAF63BF768047FE2441B4139E803E3 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
04:27:19.0562 15896 Bluetooth Media Service - ok
04:27:19.0576 15896 [ 41D8F56E6BBE0111244D87BE2FA90374 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
04:27:19.0596 15896 Bluetooth OBEX Service - ok
04:27:19.0618 15896 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
04:27:19.0660 15896 bowser - ok
04:27:19.0676 15896 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
04:27:19.0703 15896 BrFiltLo - ok
04:27:19.0725 15896 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
04:27:19.0776 15896 BrFiltUp - ok
04:27:19.0806 15896 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
04:27:19.0855 15896 Browser - ok
04:27:19.0863 15896 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
04:27:19.0909 15896 Brserid - ok
04:27:19.0925 15896 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
04:27:19.0950 15896 BrSerWdm - ok
04:27:19.0967 15896 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
04:27:19.0993 15896 BrUsbMdm - ok
04:27:19.0998 15896 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
04:27:20.0014 15896 BrUsbSer - ok
04:27:20.0045 15896 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
04:27:20.0159 15896 BthEnum - ok
04:27:20.0177 15896 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
04:27:20.0195 15896 BTHMODEM - ok
04:27:20.0199 15896 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
04:27:20.0215 15896 BthPan - ok
04:27:20.0230 15896 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
04:27:20.0273 15896 BTHPORT - ok
04:27:20.0301 15896 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
04:27:20.0335 15896 bthserv - ok
04:27:20.0355 15896 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
04:27:20.0391 15896 BTHUSB - ok
04:27:20.0417 15896 [ 988CC6CC49303665D3B2435C51505C3F ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
04:27:20.0443 15896 btmaux - ok
04:27:20.0468 15896 [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
04:27:20.0554 15896 btmhsf - ok
04:27:20.0572 15896 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
04:27:20.0600 15896 cdfs - ok
04:27:20.0604 15896 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
04:27:20.0629 15896 cdrom - ok
04:27:20.0649 15896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
04:27:20.0681 15896 CertPropSvc - ok
04:27:20.0684 15896 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
04:27:20.0693 15896 circlass - ok
04:27:20.0706 15896 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
04:27:20.0715 15896 CLFS - ok
04:27:20.0824 15896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:27:20.0838 15896 clr_optimization_v2.0.50727_32 - ok
04:27:20.0904 15896 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:27:20.0918 15896 clr_optimization_v2.0.50727_64 - ok
04:27:21.0035 15896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:27:21.0051 15896 clr_optimization_v4.0.30319_32 - ok
04:27:21.0132 15896 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:27:21.0148 15896 clr_optimization_v4.0.30319_64 - ok
04:27:21.0164 15896 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
04:27:21.0175 15896 clwvd - ok
04:27:21.0192 15896 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
04:27:21.0204 15896 CmBatt - ok
04:27:21.0207 15896 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
04:27:21.0213 15896 cmdide - ok
04:27:21.0242 15896 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
04:27:21.0256 15896 CNG - ok
04:27:21.0267 15896 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
04:27:21.0274 15896 Compbatt - ok
04:27:21.0276 15896 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
04:27:21.0296 15896 CompositeBus - ok
04:27:21.0298 15896 COMSysApp - ok
04:27:21.0472 15896 [ DB84D759193FDEDF82144E565108037E ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
04:27:21.0488 15896 cphs - ok
04:27:21.0502 15896 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
04:27:21.0514 15896 crcdisk - ok
04:27:21.0538 15896 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
04:27:21.0592 15896 CryptSvc - ok
04:27:21.0635 15896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
04:27:21.0699 15896 DcomLaunch - ok
04:27:21.0723 15896 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
04:27:21.0763 15896 defragsvc - ok
04:27:21.0788 15896 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
04:27:21.0825 15896 DfsC - ok
04:27:21.0840 15896 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
04:27:21.0877 15896 Dhcp - ok
04:27:21.0879 15896 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
04:27:21.0968 15896 discache - ok
04:27:22.0023 15896 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
04:27:22.0040 15896 Disk - ok
04:27:22.0072 15896 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
04:27:22.0170 15896 Dnscache - ok
04:27:22.0205 15896 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
04:27:22.0263 15896 dot3svc - ok
04:27:22.0272 15896 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
04:27:22.0306 15896 DPS - ok
04:27:22.0324 15896 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
04:27:22.0341 15896 drmkaud - ok
04:27:22.0362 15896 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
04:27:22.0376 15896 DXGKrnl - ok
04:27:22.0396 15896 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
04:27:22.0427 15896 EapHost - ok
04:27:22.0486 15896 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
04:27:22.0535 15896 ebdrv - ok
04:27:22.0590 15896 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
04:27:22.0634 15896 EFS - ok
04:27:22.0695 15896 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
04:27:22.0746 15896 ehRecvr - ok
04:27:22.0761 15896 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
04:27:22.0798 15896 ehSched - ok
04:27:22.0825 15896 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
04:27:22.0852 15896 elxstor - ok
04:27:22.0856 15896 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
04:27:22.0870 15896 ErrDev - ok
04:27:22.0923 15896 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
04:27:22.0961 15896 EventSystem - ok
04:27:22.0981 15896 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
04:27:23.0011 15896 exfat - ok
04:27:23.0027 15896 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
04:27:23.0060 15896 fastfat - ok
04:27:23.0088 15896 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
04:27:23.0119 15896 Fax - ok
04:27:23.0125 15896 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
04:27:23.0148 15896 fdc - ok
04:27:23.0168 15896 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
04:27:23.0197 15896 fdPHost - ok
04:27:23.0199 15896 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
04:27:23.0221 15896 FDResPub - ok
04:27:23.0235 15896 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
04:27:23.0242 15896 FileInfo - ok
04:27:23.0244 15896 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
04:27:23.0266 15896 Filetrace - ok
04:27:23.0269 15896 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
04:27:23.0276 15896 flpydisk - ok
04:27:23.0291 15896 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
04:27:23.0299 15896 FltMgr - ok
04:27:23.0317 15896 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
04:27:23.0347 15896 FontCache - ok
04:27:23.0377 15896 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:27:23.0382 15896 FontCache3.0.0.0 - ok
04:27:23.0391 15896 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
04:27:23.0397 15896 FsDepends - ok
04:27:23.0426 15896 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
04:27:23.0442 15896 Fs_Rec - ok
04:27:23.0462 15896 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
04:27:23.0481 15896 fvevol - ok
04:27:23.0485 15896 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
04:27:23.0491 15896 gagp30kx - ok
04:27:23.0519 15896 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
04:27:23.0545 15896 gpsvc - ok
04:27:23.0576 15896 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:27:23.0594 15896 gupdate - ok
04:27:23.0599 15896 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:27:23.0608 15896 gupdatem - ok
04:27:23.0626 15896 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
04:27:23.0647 15896 hcw85cir - ok
04:27:23.0660 15896 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
04:27:23.0674 15896 HdAudAddService - ok
04:27:23.0678 15896 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
04:27:23.0692 15896 HDAudBus - ok
04:27:23.0694 15896 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
04:27:23.0704 15896 HidBatt - ok
04:27:23.0707 15896 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
04:27:23.0716 15896 HidBth - ok
04:27:23.0726 15896 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
04:27:23.0735 15896 HidIr - ok
04:27:23.0757 15896 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
04:27:23.0788 15896 hidserv - ok
04:27:23.0797 15896 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
04:27:23.0804 15896 HidUsb - ok
04:27:23.0832 15896 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
04:27:23.0867 15896 hkmsvc - ok
04:27:23.0879 15896 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
04:27:23.0913 15896 HomeGroupListener - ok
04:27:23.0933 15896 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
04:27:23.0953 15896 HomeGroupProvider - ok
04:27:23.0983 15896 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
04:27:23.0990 15896 HpSAMD - ok
04:27:23.0999 15896 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
04:27:24.0037 15896 HTTP - ok
04:27:24.0039 15896 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
04:27:24.0045 15896 hwpolicy - ok
04:27:24.0048 15896 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
04:27:24.0056 15896 i8042prt - ok
04:27:24.0067 15896 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\drivers\iaStor.sys
04:27:24.0077 15896 iaStor - ok
04:27:24.0109 15896 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
04:27:24.0114 15896 IAStorDataMgrSvc - ok
04:27:24.0130 15896 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
04:27:24.0139 15896 iaStorV - ok
04:27:24.0199 15896 [ 4F8413B0D925164C679FCE772D8AA1EE ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
04:27:24.0216 15896 IB Updater - ok
04:27:24.0245 15896 [ 9E3D44CE737388F6BBBB6DD4A1C1847C ] ibtfltcoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
04:27:24.0279 15896 ibtfltcoex - ok
04:27:24.0323 15896 [ 892385382FC0FB858E0DEA031E9C7AF7 ] IBUpdaterService C:\windows\system32\dmwu.exe
04:27:24.0359 15896 IBUpdaterService - ok
04:27:24.0441 15896 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
04:27:24.0471 15896 IconMan_R - ok
04:27:24.0530 15896 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:27:24.0555 15896 idsvc - ok
04:27:24.0749 15896 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
04:27:24.0885 15896 igfx - ok
04:27:24.0902 15896 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
04:27:24.0909 15896 iirsp - ok
04:27:24.0969 15896 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
04:27:25.0026 15896 IKEEXT - ok
04:27:25.0125 15896 [ BB0D3D57C25D6C5215077A8FAA7AD4B3 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
04:27:25.0180 15896 IntcAzAudAddService - ok
04:27:25.0193 15896 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
04:27:25.0218 15896 IntcDAud - ok
04:27:25.0227 15896 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
04:27:25.0233 15896 intelide - ok
04:27:25.0236 15896 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
04:27:25.0252 15896 intelppm - ok
04:27:25.0273 15896 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
04:27:25.0303 15896 IPBusEnum - ok
04:27:25.0311 15896 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
04:27:25.0339 15896 IpFilterDriver - ok
04:27:25.0369 15896 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
04:27:25.0389 15896 iphlpsvc - ok
04:27:25.0392 15896 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
04:27:25.0411 15896 IPMIDRV - ok
04:27:25.0438 15896 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
04:27:25.0471 15896 IPNAT - ok
04:27:25.0474 15896 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
04:27:25.0488 15896 IRENUM - ok
04:27:25.0490 15896 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
04:27:25.0497 15896 isapnp - ok
04:27:25.0510 15896 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
04:27:25.0519 15896 iScsiPrt - ok
04:27:25.0521 15896 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\drivers\iusb3hcs.sys
04:27:25.0527 15896 iusb3hcs - ok
04:27:25.0538 15896 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\drivers\iusb3hub.sys
04:27:25.0547 15896 iusb3hub - ok
04:27:25.0560 15896 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\drivers\iusb3xhc.sys
04:27:25.0572 15896 iusb3xhc - ok
04:27:25.0597 15896 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
04:27:25.0604 15896 IviRegMgr - ok
04:27:25.0619 15896 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
04:27:25.0626 15896 kbdclass - ok
04:27:25.0628 15896 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
04:27:25.0636 15896 kbdhid - ok
04:27:25.0648 15896 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
04:27:25.0656 15896 KeyIso - ok
04:27:25.0679 15896 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
04:27:25.0686 15896 KSecDD - ok
04:27:25.0731 15896 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
04:27:25.0739 15896 KSecPkg - ok
04:27:25.0766 15896 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
04:27:25.0808 15896 ksthunk - ok
04:27:25.0832 15896 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
04:27:25.0861 15896 KtmRm - ok
04:27:25.0886 15896 [ 19A1E658E858CB93CCA526438086881E ] L1C C:\windows\system32\DRIVERS\e22w7x64.sys
04:27:25.0894 15896 L1C - ok
04:27:25.0911 15896 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
04:27:25.0942 15896 LanmanServer - ok
04:27:25.0969 15896 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
04:27:25.0997 15896 LanmanWorkstation - ok
04:27:26.0009 15896 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
04:27:26.0039 15896 lltdio - ok
04:27:26.0067 15896 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
04:27:26.0102 15896 lltdsvc - ok
04:27:26.0104 15896 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
04:27:26.0126 15896 lmhosts - ok
04:27:26.0136 15896 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
04:27:26.0143 15896 LSI_FC - ok
04:27:26.0146 15896 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
04:27:26.0153 15896 LSI_SAS - ok
04:27:26.0162 15896 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
04:27:26.0169 15896 LSI_SAS2 - ok
04:27:26.0172 15896 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
04:27:26.0179 15896 LSI_SCSI - ok
04:27:26.0182 15896 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
04:27:26.0210 15896 luafv - ok
04:27:26.0230 15896 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
04:27:26.0236 15896 MBAMProtector - ok
04:27:26.0265 15896 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
04:27:26.0273 15896 MBAMScheduler - ok
04:27:26.0294 15896 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:27:26.0306 15896 MBAMService - ok
04:27:26.0331 15896 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
04:27:26.0337 15896 MBfilt - ok
04:27:26.0363 15896 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
04:27:26.0377 15896 Mcx2Svc - ok
04:27:26.0393 15896 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
04:27:26.0399 15896 megasas - ok
04:27:26.0404 15896 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
04:27:26.0413 15896 MegaSR - ok
04:27:26.0418 15896 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
04:27:26.0424 15896 MEIx64 - ok
04:27:26.0445 15896 MGHwCtrl - ok
04:27:26.0493 15896 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\S-Bar\MSIService.exe
04:27:26.0514 15896 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
04:27:26.0515 15896 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
04:27:26.0539 15896 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
04:27:26.0589 15896 MMCSS - ok
04:27:26.0614 15896 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
04:27:26.0658 15896 Modem - ok
04:27:26.0671 15896 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
04:27:26.0694 15896 monitor - ok
04:27:26.0709 15896 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
04:27:26.0718 15896 mouclass - ok
04:27:26.0721 15896 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
04:27:26.0741 15896 mouhid - ok
04:27:26.0756 15896 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
04:27:26.0765 15896 mountmgr - ok
04:27:26.0814 15896 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:27:26.0832 15896 MozillaMaintenance - ok
04:27:26.0846 15896 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
04:27:26.0856 15896 mpio - ok
04:27:26.0869 15896 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
04:27:26.0907 15896 mpsdrv - ok
04:27:26.0934 15896 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
04:27:26.0967 15896 MpsSvc - ok
04:27:26.0970 15896 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
04:27:26.0995 15896 MRxDAV - ok
04:27:27.0008 15896 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
04:27:27.0040 15896 mrxsmb - ok
04:27:27.0056 15896 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
04:27:27.0083 15896 mrxsmb10 - ok
04:27:27.0088 15896 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
04:27:27.0109 15896 mrxsmb20 - ok
04:27:27.0112 15896 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
04:27:27.0123 15896 msahci - ok
04:27:27.0131 15896 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
04:27:27.0144 15896 msdsm - ok
04:27:27.0163 15896 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
04:27:27.0189 15896 MSDTC - ok
04:27:27.0196 15896 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
04:27:27.0233 15896 Msfs - ok
04:27:27.0252 15896 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
04:27:27.0281 15896 mshidkmdf - ok
04:27:27.0340 15896 [ 87B9DAF6D123EC06C19B41D5295441AD ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
04:27:27.0354 15896 MSI Foundation Service ( UnsignedFile.Multi.Generic ) - warning
04:27:27.0354 15896 MSI Foundation Service - detected UnsignedFile.Multi.Generic (1)
04:27:27.0364 15896 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
04:27:27.0380 15896 msisadrv - ok
04:27:27.0411 15896 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
04:27:27.0459 15896 MSiSCSI - ok
04:27:27.0461 15896 msiserver - ok
04:27:27.0474 15896 [ C72ADF8436182E12B1B7E04390CE4C5B ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
04:27:27.0483 15896 MSI_SuperCharger - ok
04:27:27.0486 15896 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
04:27:27.0530 15896 MSKSSRV - ok
04:27:27.0552 15896 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
04:27:27.0582 15896 MSPCLOCK - ok
04:27:27.0584 15896 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
04:27:27.0615 15896 MSPQM - ok
04:27:27.0626 15896 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
04:27:27.0637 15896 MsRPC - ok
04:27:27.0640 15896 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
04:27:27.0646 15896 mssmbios - ok
04:27:27.0648 15896 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
04:27:27.0679 15896 MSTEE - ok
04:27:27.0681 15896 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
04:27:27.0697 15896 MTConfig - ok
04:27:27.0700 15896 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
04:27:27.0706 15896 Mup - ok
04:27:27.0735 15896 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
04:27:27.0768 15896 napagent - ok
04:27:27.0813 15896 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
04:27:27.0855 15896 NativeWifiP - ok
04:27:27.0892 15896 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
04:27:27.0910 15896 NDIS - ok
04:27:27.0925 15896 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
04:27:27.0947 15896 NdisCap - ok
04:27:27.0957 15896 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
04:27:27.0979 15896 NdisTapi - ok
04:27:27.0982 15896 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
04:27:28.0002 15896 Ndisuio - ok
04:27:28.0012 15896 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
04:27:28.0044 15896 NdisWan - ok
04:27:28.0052 15896 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
04:27:28.0082 15896 NDProxy - ok
04:27:28.0088 15896 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
04:27:28.0119 15896 NetBIOS - ok
04:27:28.0135 15896 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
04:27:28.0168 15896 NetBT - ok
04:27:28.0174 15896 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
04:27:28.0181 15896 Netlogon - ok
04:27:28.0217 15896 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
04:27:28.0246 15896 Netman - ok
04:27:28.0252 15896 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
04:27:28.0283 15896 netprofm - ok
04:27:28.0307 15896 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:27:28.0315 15896 NetTcpPortSharing - ok
04:27:28.0490 15896 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
04:27:28.0717 15896 NETwNs64 - ok
04:27:28.0744 15896 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
04:27:28.0751 15896 nfrd960 - ok
04:27:28.0776 15896 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
04:27:28.0801 15896 NlaSvc - ok
04:27:28.0807 15896 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
04:27:28.0834 15896 Npfs - ok
04:27:28.0857 15896 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
04:27:28.0879 15896 nsi - ok
04:27:28.0894 15896 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
04:27:28.0928 15896 nsiproxy - ok
04:27:28.0969 15896 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
04:27:28.0999 15896 Ntfs - ok
04:27:29.0026 15896 [ 3F39F013168428C8E505A7B9E6CBA8A2 ] NTIOLib_1_0_3 C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
04:27:29.0033 15896 NTIOLib_1_0_3 - ok
04:27:29.0057 15896 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
04:27:29.0082 15896 Null - ok
04:27:29.0294 15896 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
04:27:29.0564 15896 nvlddmkm - ok
04:27:29.0594 15896 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
04:27:29.0600 15896 nvpciflt - ok
04:27:29.0638 15896 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
04:27:29.0658 15896 nvraid - ok
04:27:29.0664 15896 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
04:27:29.0676 15896 nvstor - ok
04:27:29.0706 15896 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\windows\system32\nvvsvc.exe
04:27:29.0727 15896 nvsvc - ok
04:27:29.0776 15896 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
04:27:29.0815 15896 nvUpdatusService - ok
04:27:29.0834 15896 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
04:27:29.0845 15896 nv_agp - ok
04:27:29.0848 15896 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
04:27:29.0859 15896 ohci1394 - ok
04:27:29.0886 15896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
04:27:29.0918 15896 p2pimsvc - ok
04:27:29.0934 15896 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
04:27:29.0959 15896 p2psvc - ok
04:27:29.0982 15896 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
04:27:29.0993 15896 Parport - ok
04:27:30.0019 15896 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
04:27:30.0029 15896 partmgr - ok
04:27:30.0062 15896 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
04:27:30.0087 15896 PcaSvc - ok
04:27:30.0092 15896 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
04:27:30.0103 15896 pci - ok
04:27:30.0106 15896 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
04:27:30.0114 15896 pciide - ok
04:27:30.0118 15896 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
04:27:30.0127 15896 pcmcia - ok
04:27:30.0129 15896 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
04:27:30.0136 15896 pcw - ok
04:27:30.0149 15896 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
04:27:30.0188 15896 PEAUTH - ok
04:27:30.0223 15896 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
04:27:30.0238 15896 PerfHost - ok
04:27:30.0281 15896 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
04:27:30.0322 15896 pla - ok
04:27:30.0351 15896 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
04:27:30.0385 15896 PlugPlay - ok
04:27:30.0406 15896 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
04:27:30.0426 15896 PNRPAutoReg - ok
04:27:30.0442 15896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
04:27:30.0453 15896 PNRPsvc - ok
04:27:30.0483 15896 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
04:27:30.0513 15896 PolicyAgent - ok
04:27:30.0527 15896 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
04:27:30.0559 15896 Power - ok
04:27:30.0590 15896 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
04:27:30.0633 15896 PptpMiniport - ok
04:27:30.0642 15896 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
04:27:30.0656 15896 Processor - ok
04:27:30.0678 15896 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
04:27:30.0710 15896 ProfSvc - ok
04:27:30.0724 15896 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
04:27:30.0731 15896 ProtectedStorage - ok
04:27:30.0748 15896 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
04:27:30.0786 15896 Psched - ok
04:27:30.0804 15896 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
04:27:30.0812 15896 PSI_SVC_2 - ok
04:27:30.0862 15896 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
04:27:30.0889 15896 ql2300 - ok
04:27:30.0892 15896 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
04:27:30.0900 15896 ql40xx - ok
04:27:30.0950 15896 [ 165BF7E379FAA483E0185B2A0B0970D8 ] Qualcomm Atheros Killer Service C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
04:27:30.0977 15896 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - warning
04:27:30.0977 15896 Qualcomm Atheros Killer Service - detected UnsignedFile.Multi.Generic (1)
04:27:31.0006 15896 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
04:27:31.0019 15896 QWAVE - ok
04:27:31.0035 15896 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
04:27:31.0052 15896 QWAVEdrv - ok
04:27:31.0055 15896 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
04:27:31.0079 15896 RasAcd - ok
04:27:31.0109 15896 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
04:27:31.0134 15896 RasAgileVpn - ok
04:27:31.0160 15896 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
04:27:31.0190 15896 RasAuto - ok
04:27:31.0213 15896 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
04:27:31.0240 15896 Rasl2tp - ok
04:27:31.0252 15896 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
04:27:31.0277 15896 RasMan - ok
04:27:31.0283 15896 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
04:27:31.0314 15896 RasPppoe - ok
04:27:31.0317 15896 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
04:27:31.0344 15896 RasSstp - ok
04:27:31.0355 15896 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
04:27:31.0380 15896 rdbss - ok
04:27:31.0382 15896 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
04:27:31.0391 15896 rdpbus - ok
04:27:31.0398 15896 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
04:27:31.0419 15896 RDPCDD - ok
04:27:31.0422 15896 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
04:27:31.0453 15896 RDPENCDD - ok
04:27:31.0461 15896 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
04:27:31.0483 15896 RDPREFMP - ok
04:27:31.0503 15896 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
04:27:31.0551 15896 RDPWD - ok
04:27:31.0573 15896 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
04:27:31.0582 15896 rdyboost - ok
04:27:31.0598 15896 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
04:27:31.0604 15896 regi - ok
04:27:31.0633 15896 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
04:27:31.0661 15896 RemoteAccess - ok
04:27:31.0682 15896 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
04:27:31.0712 15896 RemoteRegistry - ok
04:27:31.0735 15896 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
04:27:31.0751 15896 RFCOMM - ok
04:27:31.0760 15896 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
04:27:31.0787 15896 RpcEptMapper - ok
04:27:31.0807 15896 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
04:27:31.0819 15896 RpcLocator - ok
04:27:31.0833 15896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
04:27:31.0858 15896 RpcSs - ok
04:27:31.0894 15896 [ 33404B769915388BE7162D9ED58422AC ] RSPCIESTOR C:\windows\system32\DRIVERS\RtsPStor.sys
04:27:31.0904 15896 RSPCIESTOR - ok
04:27:31.0939 15896 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
04:27:31.0984 15896 rspndr - ok
04:27:31.0990 15896 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
04:27:31.0998 15896 SamSs - ok
04:27:32.0001 15896 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
04:27:32.0008 15896 sbp2port - ok
04:27:32.0030 15896 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
04:27:32.0054 15896 SCardSvr - ok
04:27:32.0057 15896 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
04:27:32.0083 15896 scfilter - ok
04:27:32.0111 15896 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
04:27:32.0156 15896 Schedule - ok
04:27:32.0183 15896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
04:27:32.0222 15896 SCPolicySvc - ok
04:27:32.0253 15896 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
04:27:32.0271 15896 sdbus - ok
04:27:32.0293 15896 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
04:27:32.0313 15896 SDRSVC - ok
04:27:32.0326 15896 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
04:27:32.0352 15896 secdrv - ok
04:27:32.0361 15896 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
04:27:32.0390 15896 seclogon - ok
04:27:32.0406 15896 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
04:27:32.0433 15896 SENS - ok
04:27:32.0451 15896 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
04:27:32.0477 15896 SensrSvc - ok
04:27:32.0497 15896 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
04:27:32.0516 15896 Serenum - ok
04:27:32.0537 15896 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
04:27:32.0557 15896 Serial - ok
04:27:32.0559 15896 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
04:27:32.0569 15896 sermouse - ok
04:27:32.0578 15896 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
04:27:32.0609 15896 SessionEnv - ok
04:27:32.0611 15896 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
04:27:32.0626 15896 sffdisk - ok
04:27:32.0628 15896 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
04:27:32.0642 15896 sffp_mmc - ok
04:27:32.0644 15896 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
04:27:32.0654 15896 sffp_sd - ok
04:27:32.0656 15896 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
04:27:32.0664 15896 sfloppy - ok
04:27:32.0690 15896 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
04:27:32.0755 15896 SharedAccess - ok
04:27:32.0786 15896 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
04:27:32.0835 15896 ShellHWDetection - ok
04:27:32.0858 15896 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
04:27:32.0865 15896 SiSRaid2 - ok
04:27:32.0867 15896 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
04:27:32.0874 15896 SiSRaid4 - ok
04:27:32.0881 15896 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
04:27:32.0908 15896 Smb - ok
04:27:32.0920 15896 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
04:27:32.0933 15896 SNMPTRAP - ok
04:27:32.0935 15896 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
04:27:32.0941 15896 spldr - ok
04:27:32.0969 15896 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
04:27:32.0989 15896 Spooler - ok
04:27:33.0124 15896 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
04:27:33.0207 15896 sppsvc - ok
04:27:33.0219 15896 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
04:27:33.0252 15896 sppuinotify - ok
04:27:33.0273 15896 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
04:27:33.0301 15896 srv - ok
04:27:33.0307 15896 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
04:27:33.0321 15896 srv2 - ok
04:27:33.0325 15896 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
04:27:33.0333 15896 srvnet - ok
04:27:33.0355 15896 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
04:27:33.0386 15896 SSDPSRV - ok
04:27:33.0390 15896 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
04:27:33.0412 15896 SstpSvc - ok
04:27:33.0419 15896 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
04:27:33.0425 15896 stexstor - ok
04:27:33.0443 15896 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
04:27:33.0460 15896 stisvc - ok
04:27:33.0470 15896 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
04:27:33.0476 15896 swenum - ok
04:27:33.0499 15896 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
04:27:33.0530 15896 swprv - ok
04:27:33.0605 15896 [ F4DB1D9E6A42D491F0F8E21854301C0B ] SynTP C:\windows\system32\drivers\SynTP.sys
04:27:33.0637 15896 SynTP - ok
04:27:33.0680 15896 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
04:27:33.0726 15896 SysMain - ok
04:27:33.0735 15896 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
04:27:33.0754 15896 TabletInputService - ok
04:27:33.0799 15896 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
04:27:33.0839 15896 TapiSrv - ok
04:27:33.0852 15896 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
04:27:33.0875 15896 TBS - ok
04:27:33.0982 15896 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
04:27:34.0037 15896 Tcpip - ok
04:27:34.0072 15896 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
04:27:34.0096 15896 TCPIP6 - ok
04:27:34.0109 15896 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
04:27:34.0129 15896 tcpipreg - ok
04:27:34.0158 15896 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
04:27:34.0193 15896 TDPIPE - ok
04:27:34.0217 15896 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
04:27:34.0240 15896 TDTCP - ok
04:27:34.0249 15896 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
04:27:34.0289 15896 tdx - ok
04:27:34.0291 15896 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
04:27:34.0298 15896 TermDD - ok
04:27:34.0327 15896 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
04:27:34.0361 15896 TermService - ok
04:27:34.0370 15896 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
04:27:34.0380 15896 Themes - ok
04:27:34.0390 15896 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
04:27:34.0412 15896 THREADORDER - ok
04:27:34.0436 15896 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
04:27:34.0469 15896 TrkWks - ok
04:27:34.0501 15896 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
04:27:34.0524 15896 TrustedInstaller - ok
04:27:34.0538 15896 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
04:27:34.0559 15896 tssecsrv - ok
04:27:34.0572 15896 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
04:27:34.0585 15896 TsUsbFlt - ok
04:27:34.0587 15896 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
04:27:34.0599 15896 TsUsbGD - ok
04:27:34.0614 15896 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
04:27:34.0640 15896 tunnel - ok
04:27:34.0643 15896 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
04:27:34.0649 15896 uagp35 - ok
04:27:34.0654 15896 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
04:27:34.0689 15896 udfs - ok
04:27:34.0716 15896 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
04:27:34.0724 15896 UI0Detect - ok
04:27:34.0740 15896 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
04:27:34.0747 15896 uliagpkx - ok
04:27:34.0772 15896 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
04:27:34.0792 15896 umbus - ok
04:27:34.0804 15896 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
04:27:34.0815 15896 UmPass - ok
04:27:34.0825 15896 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
04:27:34.0855 15896 upnphost - ok
04:27:34.0858 15896 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
04:27:34.0884 15896 usbccgp - ok
04:27:34.0887 15896 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
04:27:34.0904 15896 usbcir - ok
04:27:34.0911 15896 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
04:27:34.0919 15896 usbehci - ok
04:27:34.0937 15896 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
04:27:34.0954 15896 usbhub - ok
04:27:34.0956 15896 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
04:27:34.0973 15896 usbohci - ok
04:27:34.0988 15896 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
04:27:35.0003 15896 usbprint - ok
04:27:35.0011 15896 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
04:27:35.0038 15896 USBSTOR - ok
04:27:35.0040 15896 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
04:27:35.0054 15896 usbuhci - ok
04:27:35.0072 15896 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
04:27:35.0101 15896 UxSms - ok
04:27:35.0117 15896 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
04:27:35.0124 15896 VaultSvc - ok
04:27:35.0135 15896 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
04:27:35.0142 15896 vdrvroot - ok
04:27:35.0154 15896 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
04:27:35.0186 15896 vds - ok
04:27:35.0204 15896 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
04:27:35.0214 15896 vga - ok
04:27:35.0216 15896 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
04:27:35.0241 15896 VgaSave - ok
04:27:35.0244 15896 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
04:27:35.0253 15896 vhdmp - ok
04:27:35.0256 15896 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
04:27:35.0262 15896 viaide - ok
04:27:35.0272 15896 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
04:27:35.0278 15896 volmgr - ok
04:27:35.0292 15896 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
04:27:35.0303 15896 volmgrx - ok
04:27:35.0307 15896 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
04:27:35.0317 15896 volsnap - ok
04:27:35.0320 15896 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
04:27:35.0328 15896 vsmraid - ok
04:27:35.0365 15896 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
04:27:35.0410 15896 VSS - ok
04:27:35.0432 15896 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
04:27:35.0445 15896 vwifibus - ok
04:27:35.0456 15896 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
04:27:35.0466 15896 vwififlt - ok
04:27:35.0491 15896 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
04:27:35.0523 15896 W32Time - ok
04:27:35.0550 15896 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
04:27:35.0558 15896 WacomPen - ok
04:27:35.0588 15896 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
04:27:35.0604 15896 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
04:27:35.0604 15896 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
04:27:35.0615 15896 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
04:27:35.0639 15896 WANARP - ok
04:27:35.0641 15896 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
04:27:35.0662 15896 Wanarpv6 - ok
04:27:35.0730 15896 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
04:27:35.0798 15896 wbengine - ok
04:27:35.0809 15896 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
04:27:35.0835 15896 WbioSrvc - ok
04:27:35.0844 15896 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
04:27:35.0866 15896 wcncsvc - ok
04:27:35.0882 15896 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
04:27:35.0900 15896 WcsPlugInService - ok
04:27:35.0927 15896 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
04:27:35.0933 15896 Wd - ok
04:27:35.0963 15896 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
04:27:35.0997 15896 Wdf01000 - ok
04:27:36.0007 15896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
04:27:36.0051 15896 WdiServiceHost - ok
04:27:36.0053 15896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
04:27:36.0064 15896 WdiSystemHost - ok
04:27:36.0085 15896 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
04:27:36.0109 15896 WebClient - ok
04:27:36.0118 15896 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
04:27:36.0148 15896 Wecsvc - ok
04:27:36.0160 15896 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
04:27:36.0185 15896 wercplsupport - ok
04:27:36.0216 15896 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
04:27:36.0249 15896 WerSvc - ok
04:27:36.0283 15896 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
04:27:36.0304 15896 WfpLwf - ok
04:27:36.0306 15896 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
04:27:36.0312 15896 WIMMount - ok
04:27:36.0327 15896 WinDefend - ok
04:27:36.0329 15896 WinHttpAutoProxySvc - ok
04:27:36.0418 15896 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
04:27:36.0477 15896 Winmgmt - ok
04:27:36.0524 15896 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
04:27:36.0576 15896 WinRM - ok
04:27:36.0614 15896 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
04:27:36.0641 15896 Wlansvc - ok
04:27:36.0688 15896 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:27:36.0703 15896 wlcrasvc - ok
04:27:36.0799 15896 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:27:36.0844 15896 wlidsvc - ok
04:27:36.0875 15896 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
04:27:36.0882 15896 WmiAcpi - ok
04:27:36.0912 15896 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
04:27:36.0927 15896 wmiApSrv - ok
04:27:36.0943 15896 WMPNetworkSvc - ok
04:27:36.0972 15896 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
04:27:36.0987 15896 WPCSvc - ok
04:27:36.0990 15896 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
04:27:36.0999 15896 WPDBusEnum - ok
04:27:37.0026 15896 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
04:27:37.0048 15896 ws2ifsl - ok
04:27:37.0056 15896 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
04:27:37.0074 15896 wscsvc - ok
04:27:37.0076 15896 WSearch - ok
04:27:37.0146 15896 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
04:27:37.0200 15896 wuauserv - ok
04:27:37.0227 15896 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
04:27:37.0253 15896 WudfPf - ok
04:27:37.0262 15896 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
04:27:37.0282 15896 wudfsvc - ok
04:27:37.0305 15896 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
04:27:37.0318 15896 WwanSvc - ok
04:27:37.0329 15896 ================ Scan global ===============================
04:27:37.0349 15896 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
04:27:37.0387 15896 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
04:27:37.0397 15896 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
04:27:37.0430 15896 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
04:27:37.0460 15896 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
04:27:37.0465 15896 [Global] - ok
04:27:37.0466 15896 ================ Scan MBR ==================================
04:27:37.0478 15896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:27:37.0738 15896 \Device\Harddisk0\DR0 - ok
04:27:37.0739 15896 ================ Scan VBR ==================================
04:27:37.0762 15896 [ DDAB3B038F50F3435B7FD89D3E8C1170 ] \Device\Harddisk0\DR0\Partition1
04:27:37.0764 15896 \Device\Harddisk0\DR0\Partition1 - ok
04:27:37.0787 15896 [ 0657DA5060EC01DCE83A3632DF6DA742 ] \Device\Harddisk0\DR0\Partition2
04:27:37.0792 15896 \Device\Harddisk0\DR0\Partition2 - ok
04:27:37.0793 15896 ============================================================
04:27:37.0793 15896 Scan finished
04:27:37.0793 15896 ============================================================
04:27:37.0804 16108 Detected object count: 4
04:27:37.0805 16108 Actual detected object count: 4
04:27:51.0575 16108 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
04:27:51.0575 16108 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:27:51.0576 16108 MSI Foundation Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:27:51.0576 16108 MSI Foundation Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:27:51.0578 16108 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:27:51.0578 16108 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:27:51.0579 16108 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
04:27:51.0580 16108 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combifix:

Combofix Logfile:

Code:

ComboFix 12-12-17.02 - sandra 19.12.2012   8:02.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8089.6447 [GMT 1:00]

ausgeführt von:: c:\users\sandra\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-19 bis 2012-12-19  ))))))))))))))))))))))))))))))

.

.

2012-12-19 07:07 . 2012-12-19 07:07        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-12-19 07:07 . 2012-12-19 07:07        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-12-19 03:21 . 2012-12-19 03:21        --------        d-----w-        c:\program files (x86)\Perion

2012-12-19 03:21 . 2012-12-19 03:21        447        ----a-w-        C:\user.js

2012-12-19 03:20 . 2012-12-19 03:20        --------        d-----w-        c:\program files (x86)\Wajam

2012-12-17 18:33 . 2012-12-17 18:33        --------        d-----w-        c:\program files (x86)\DAOC-Charplan

2012-12-16 21:06 . 2012-12-16 21:06        --------        d-----w-        c:\program files (x86)\MSXML 4.0

2012-12-16 07:55 . 2012-12-16 07:55        --------        d-----w-        c:\programdata\Malwarebytes

2012-12-16 07:55 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-12-16 07:55 . 2012-12-16 07:55        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-16 00:57 . 2012-07-26 08:00        2560        ----a-w-        c:\windows\system32\drivers\it-IT\wdf01000.sys.mui

2012-12-16 00:57 . 2012-07-26 07:46        2560        ----a-w-        c:\windows\system32\drivers\de-DE\wdf01000.sys.mui

2012-12-16 00:57 . 2012-07-26 05:05        2560        ----a-w-        c:\windows\system32\drivers\es-ES\wdf01000.sys.mui

2012-12-16 00:57 . 2012-07-26 05:04        2560        ----a-w-        c:\windows\system32\drivers\fr-FR\wdf01000.sys.mui

2012-12-16 00:57 . 2012-07-26 04:47        2560        ----a-w-        c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-16 00:57 . 2012-07-26 04:55        785512        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys

2012-12-16 00:57 . 2012-07-26 04:55        54376        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys

2012-12-16 00:57 . 2012-07-26 02:36        9728        ----a-w-        c:\windows\system32\Wdfres.dll

2012-12-16 00:52 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe

2012-12-16 00:44 . 2012-07-26 03:08        84992        ----a-w-        c:\windows\system32\WUDFSvc.dll

2012-12-16 00:44 . 2012-07-26 03:08        194048        ----a-w-        c:\windows\system32\WUDFPlatform.dll

2012-12-16 00:44 . 2012-07-26 02:26        87040        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys

2012-12-16 00:44 . 2012-07-26 02:26        198656        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys

2012-12-16 00:44 . 2012-07-26 03:08        229888        ----a-w-        c:\windows\system32\WUDFHost.exe

2012-12-16 00:44 . 2012-07-26 03:08        744448        ----a-w-        c:\windows\system32\WUDFx.dll

2012-12-16 00:44 . 2012-07-26 03:08        45056        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll

2012-12-16 00:42 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-12-16 00:42 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll

2012-12-16 00:42 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-12-16 00:42 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll

2012-12-16 00:42 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll

2012-12-15 14:27 . 2012-12-15 14:27        --------        d-----w-        C:\NVIDIA

2012-12-15 02:42 . 2012-12-15 02:42        --------        d-----w-        c:\users\Gretel

2012-12-15 02:07 . 2012-10-04 17:45        215040        ----a-w-        c:\windows\system32\winsrv.dll

2012-12-14 19:07 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-12-14 19:07 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-12-14 19:07 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-12-14 19:04 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-12-14 19:04 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-12-14 19:04 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-12-14 19:04 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-12-14 19:04 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll

2012-12-14 19:04 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-12-14 19:04 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-12-14 19:03 . 2012-06-02 14:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-12-14 19:03 . 2012-06-02 14:15        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-12-14 15:52 . 2012-12-14 15:52        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service

2012-12-14 15:52 . 2012-12-14 15:52        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird

2012-12-14 15:50 . 2012-12-14 15:50        --------        d-----w-        c:\program files (x86)\Electronic Arts

2012-12-14 15:38 . 2012-12-14 15:38        --------        d-----w-        c:\users\ronny

2012-12-14 15:35 . 2012-12-14 15:36        --------        d-----w-        c:\program files (x86)\Google

2012-12-14 15:26 . 2012-12-14 15:26        --------        d-----w-        c:\programdata\Intel

2012-12-14 14:07 . 2012-12-14 14:07        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2012-12-14 14:04 . 2012-12-14 15:33        --------        d-----w-        c:\program files (x86)\MAGIX

2012-12-14 14:04 . 2007-04-27 08:43        120200        ----a-w-        c:\windows\SysWow64\DLLDEV32i.dll

2012-12-14 14:04 . 2012-12-14 15:31        --------        d-----w-        c:\program files (x86)\Common Files\MAGIX Services

2012-12-14 14:04 . 2007-04-17 10:51        14112        ----a-w-        c:\windows\system32\drivers\regi.sys

2012-12-14 14:04 . 2012-12-14 14:04        --------        d-----w-        c:\program files (x86)\Common Files\InterVideo

2012-12-14 14:04 . 2012-12-14 14:04        --------        d-----w-        c:\program files (x86)\Common Files\Protexis

2012-12-14 14:04 . 2012-12-14 14:04        --------        d-----w-        c:\programdata\Corel

2012-12-14 14:04 . 2012-12-14 14:04        --------        d-----w-        c:\program files (x86)\Corel

2012-12-14 14:00 . 2012-12-14 14:26        --------        d-----w-        c:\users\sandra

2012-12-14 13:58 . 2012-12-14 13:58        --------        d-----w-        C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-15 02:08 . 2011-03-29 01:36        19696        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-10-16 08:38 . 2012-12-15 02:07        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-15 02:07        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-15 02:07        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll

2012-10-04 16:40 . 2012-12-15 02:07        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-10-02 22:21 . 2012-03-15 05:32        973672        ----a-w-        c:\windows\system32\nvumdshimx.dll

2012-10-02 22:21 . 2012-03-15 05:32        247144        ----a-w-        c:\windows\system32\nvinitx.dll

2012-10-02 22:21 . 2012-03-15 05:32        202600        ----a-w-        c:\windows\SysWow64\nvinit.dll

2012-10-02 22:21 . 2012-03-15 05:32        1760104        ----a-w-        c:\windows\system32\nvdispco64.dll

2012-10-02 22:21 . 2012-03-15 05:32        2731880        ----a-w-        c:\windows\system32\nvapi64.dll

2012-10-02 22:21 . 2012-03-15 05:32        2428776        ----a-w-        c:\windows\SysWow64\nvapi.dll

2012-10-02 19:51 . 2012-03-15 05:32        3536817        ----a-w-        c:\windows\system32\nvcoproc.bin

2012-10-02 19:51 . 2012-03-15 05:32        3293544        ----a-w-        c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2012-03-15 05:32        6200680        ----a-w-        c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2012-03-15 05:32        891240        ----a-w-        c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2012-03-15 05:32        866664        ----a-w-        c:\windows\system32\nv3dappshext.dll

2012-10-02 19:50 . 2012-03-15 05:32        63336        ----a-w-        c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2012-03-15 05:32        55144        ----a-w-        c:\windows\system32\nv3dappshextr.dll

2012-10-02 19:50 . 2012-03-15 05:32        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll

2012-10-02 19:50 . 2012-03-15 05:32        118120        ----a-w-        c:\windows\system32\nvmctray.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]

"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]

"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-11-03 5499392]

"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]

"KLM"="c:\program files (x86)\MSI\KLM\KLM.exe" [2011-12-19 1522376]

"VGAOCAP"="c:\program files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe" [2012-01-31 88576]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-10-13 136488]

"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-10-13 230696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe [2012-3-8 549888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-12-13 747008]

R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-14 60416]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-01-04 16152]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]

S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2012-03-08 75880]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-20 1014096]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-20 1104208]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-11-03 160768]

S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]

S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-01-03 138768]

S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-03-08 492032]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-05 109064]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-20 1304912]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-10-13 31216]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-01-04 355096]

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-01-04 786200]

S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys [2012-03-08 161616]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 339048]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 15:35]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 15:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://mystart.incredibar.com/mbmb212?a=6PQT9c2gZt&i=26

mStart Page = hxxp://msi.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: DhcpNameServer = 192.168.0.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-12-19  08:09:03

ComboFix-quarantined-files.txt  2012-12-19 07:09

.

Vor Suchlauf: 10 Verzeichnis(se), 386.101.075.968 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 386.013.777.920 Bytes frei

.

- - End Of File - - C805673AC5B12DCC9F3EBF6BABCA40C8

--- --- ---

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

hier der AdvCleaner:

Zitat:

# AdwCleaner v2.101 - Datei am 20/12/2012 um 07:34:37 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : sandra - SANDRA-MSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\sandra\Downloads\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

Gefunden : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Perion
Ordner Gefunden : C:\Program Files (x86)\Wajam
Ordner Gefunden : C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gefunden : C:\Users\sandra\AppData\Local\Wajam
Ordner Gefunden : C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\Software\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKU\S-1-5-21-1950173301-3659085451-2770679902-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mbmb212?a=6PQT9c2gZt&i=26

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gretel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4186 octets] - [20/12/2012 07:34:37]

########## EOF - C:\AdwCleaner[R1].txt - [4246 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Datei vom adwCleaner:

Zitat:

# AdwCleaner v2.101 - Datei am 21/12/2012 um 13:17:31 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : sandra - SANDRA-MSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\sandra\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

Gestoppt & Gelöscht : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\sandra\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mbmb212?a=6PQT9c2gZt&i=26 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gretel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4307 octets] - [20/12/2012 07:34:37]
AdwCleaner[S1].txt - [4035 octets] - [21/12/2012 13:17:31]

########## EOF - C:\AdwCleaner[S1].txt - [4095 octets] ##########

OTL.text:

OTL Logfile:

Code:

OTL logfile created on: 21.12.2012 13:22:14 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\sandra\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,90 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 75,45% Memory free

15,80 Gb Paging File | 13,51 Gb Available in Paging File | 85,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 411,91 Gb Total Space | 357,35 Gb Free Space | 86,75% Space Free | Partition Type: NTFS

Drive D: | 274,60 Gb Total Space | 266,81 Gb Free Space | 97,16% Space Free | Partition Type: NTFS

Drive E: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: SANDRA-MSI | User Name: sandra | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\sandra\Desktop\OTL (1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe ()

PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI)

PRC - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)

PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)

PRC - C:\Program Files (x86)\MSI\KLM\KLM.exe (Micro-Star International Co., Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.)

PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)

PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0284e2e0afcfd7ce09094b30c0486d46\System.ServiceProcess.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()

MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe ()

MOD - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll ()

MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (Qualcomm Atheros Killer Service) -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe ()

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (MSI_SuperCharger) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI)

SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (Micro Star SCM) -- C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (MSI Foundation Service) -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe (MSI)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys File not found

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (BfLwf) -- C:\Windows\SysNative\drivers\bflwfx64.sys (Bigfoot Networks, Inc.)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\e22W7x64.sys (Qualcomm Atheros, Inc.)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)

DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)

DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)

DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)

DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)

DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)

DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{7938087C-7958-4B93-979E-5706042D5497}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{7938087C-7958-4B93-979E-5706042D5497}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1950173301-3659085451-2770679902-1000\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1950173301-3659085451-2770679902-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1950173301-3659085451-2770679902-1001\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1950173301-3659085451-2770679902-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.14 16:52:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.12.14 17:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra\AppData\Roaming\mozilla\Extensions

[2012.12.19 04:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 
 ========== Chrome  ==========

 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe (Micro-Star International Co., Ltd.)

O4 - HKLM..\Run: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe (Micro-Star International Co.,Ltd.)

O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)

O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKLM..\Run: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe ()

O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)

O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-1950173301-3659085451-2770679902-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1950173301-3659085451-2770679902-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1950173301-3659085451-2770679902-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1950173301-3659085451-2770679902-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1950173301-3659085451-2770679902-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-21-1950173301-3659085451-2770679902-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D6DB9F-048D-4B0E-A7D4-6F9A21FB7059}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.07.25 16:09:28 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.19 12:45:43 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Avira

[2012.12.19 12:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.12.19 12:40:15 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys

[2012.12.19 12:40:15 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys

[2012.12.19 12:40:15 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys

[2012.12.19 12:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.12.19 12:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.12.19 12:26:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.12.19 08:08:50 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll

[2012.12.19 08:08:50 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

[2012.12.19 08:08:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll

[2012.12.19 08:08:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll

[2012.12.19 08:07:10 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012.12.19 07:51:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012.12.19 07:51:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012.12.19 07:51:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012.12.19 07:51:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.12.19 07:51:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012.12.19 07:49:15 | 005,012,571 | R--- | C] (Swearware) -- C:\Users\sandra\Desktop\ComboFix.exe

[2012.12.19 04:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.12.19 00:10:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL (1).exe

[2012.12.17 19:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAOC-Charplan

[2012.12.17 19:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAOC-Charplan

[2012.12.16 22:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012.12.16 08:55:25 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Malwarebytes

[2012.12.16 08:55:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.12.16 08:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.12.16 08:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.16 08:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.12.16 01:57:57 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys

[2012.12.16 01:57:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll

[2012.12.16 01:52:40 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe

[2012.12.16 01:46:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012.12.16 01:46:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012.12.16 01:46:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012.12.16 01:46:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2012.12.16 01:46:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012.12.16 01:46:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012.12.16 01:46:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012.12.16 01:46:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012.12.16 01:46:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012.12.16 01:46:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012.12.16 01:46:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012.12.16 01:46:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012.12.16 01:46:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012.12.16 01:46:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012.12.16 01:46:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2012.12.16 01:44:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll

[2012.12.16 01:44:49 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll

[2012.12.16 01:44:49 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe

[2012.12.16 01:44:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll

[2012.12.16 01:42:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll

[2012.12.16 01:42:28 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys

[2012.12.15 15:28:09 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll

[2012.12.15 15:28:09 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll

[2012.12.15 15:28:09 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll

[2012.12.15 15:28:09 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll

[2012.12.15 15:28:09 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll

[2012.12.15 15:28:09 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll

[2012.12.15 15:28:09 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll

[2012.12.15 15:28:09 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll

[2012.12.15 15:28:09 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll

[2012.12.15 15:28:09 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll

[2012.12.15 15:28:09 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll

[2012.12.15 15:28:09 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll

[2012.12.15 15:28:09 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll

[2012.12.15 15:28:09 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll

[2012.12.15 15:28:09 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll

[2012.12.15 15:28:09 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll

[2012.12.15 15:28:09 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco64.dll

[2012.12.15 15:28:09 | 000,831,848 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll

[2012.12.15 15:28:09 | 000,030,056 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvpciflt.sys

[2012.12.15 15:27:01 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2012.12.15 03:08:40 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll

[2012.12.15 03:08:38 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe

[2012.12.15 03:08:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe

[2012.12.15 03:08:37 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll

[2012.12.15 03:08:37 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll

[2012.12.15 03:08:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll

[2012.12.15 03:08:27 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll

[2012.12.15 03:08:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl

[2012.12.15 03:08:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl

[2012.12.15 03:08:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll

[2012.12.15 03:08:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll

[2012.12.15 03:08:24 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.12.15 03:08:23 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.12.15 03:08:23 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.12.15 03:08:21 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll

[2012.12.15 03:08:21 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll

[2012.12.15 03:08:19 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll

[2012.12.15 03:08:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys

[2012.12.15 03:08:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll

[2012.12.15 03:08:18 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll

[2012.12.15 03:08:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll

[2012.12.15 03:08:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe

[2012.12.15 03:08:16 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys

[2012.12.15 03:08:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll

[2012.12.15 03:08:16 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll

[2012.12.15 03:08:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll

[2012.12.15 03:08:15 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS

[2012.12.15 03:08:15 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll

[2012.12.15 03:08:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll

[2012.12.15 03:08:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll

[2012.12.15 03:07:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2012.12.15 03:07:58 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2012.12.15 03:07:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2012.12.15 03:07:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2012.12.15 03:07:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2012.12.15 03:07:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2012.12.15 03:07:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2012.12.15 03:07:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2012.12.15 03:07:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2012.12.15 03:07:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2012.12.15 03:07:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2012.12.15 03:07:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.12.15 03:07:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.12.15 03:07:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.12.15 03:07:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.12.15 03:07:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2012.12.15 03:07:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.12.15 03:07:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.12.15 03:07:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.12.15 03:07:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2012.12.15 03:07:52 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll

[2012.12.15 03:07:52 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll

[2012.12.15 03:07:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll

[2012.12.15 03:07:51 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe

[2012.12.15 03:07:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll

[2012.12.15 03:07:28 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll

[2012.12.15 03:07:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll

[2012.12.15 03:07:22 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll

[2012.12.15 03:07:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll

[2012.12.15 03:07:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll

[2012.12.15 03:07:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll

[2012.12.15 03:07:18 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll

[2012.12.15 03:07:15 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll

[2012.12.15 03:07:13 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll

[2012.12.15 03:07:12 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll

[2012.12.15 03:07:12 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2012.12.15 03:07:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2012.12.15 03:07:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe

[2012.12.15 03:07:08 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012.12.15 03:07:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012.12.14 23:54:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2012.12.14 20:07:43 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll

[2012.12.14 20:07:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll

[2012.12.14 20:04:14 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll

[2012.12.14 20:04:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe

[2012.12.14 20:04:14 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll

[2012.12.14 20:04:05 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll

[2012.12.14 20:04:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll

[2012.12.14 20:04:05 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll

[2012.12.14 20:03:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll

[2012.12.14 20:03:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe

[2012.12.14 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Thunderbird

[2012.12.14 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\Thunderbird

[2012.12.14 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Mozilla

[2012.12.14 16:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.12.14 16:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.12.14 16:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2012.12.14 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2012.12.14 16:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.12.14 16:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012.12.14 16:35:24 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\Google

[2012.12.14 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\Deployment

[2012.12.14 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\Apps

[2012.12.14 16:34:48 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Macromedia

[2012.12.14 16:34:46 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Adobe

[2012.12.14 16:27:05 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\Micro-Star_International_

[2012.12.14 16:27:02 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Intel Corporation

[2012.12.14 16:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel

[2012.12.14 15:26:08 | 000,000,000 | R--D | C] -- C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012.12.14 15:26:08 | 000,000,000 | R--D | C] -- C:\Users\sandra\Searches

[2012.12.14 15:26:08 | 000,000,000 | R--D | C] -- C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012.12.14 15:26:00 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Identities

[2012.12.14 15:25:58 | 000,000,000 | R--D | C] -- C:\Users\sandra\Contacts

[2012.12.14 15:10:05 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\VirtualStore

[2012.12.14 15:09:11 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\InstallShield

[2012.12.14 15:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012.12.14 15:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012.12.14 15:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012.12.14 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\MAGIX

[2012.12.14 15:05:20 | 001,003,520 | ---- | C] (MAGIX AG) -- C:\windows\SysWow64\MXRestore.exe

[2012.12.14 15:05:20 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLAV32.dll

[2012.12.14 15:05:20 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLRES32.dll

[2012.12.14 15:05:20 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLDRV32.dll

[2012.12.14 15:05:20 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLDEV32.dll

[2012.12.14 15:05:20 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLCPY32.dll

[2012.12.14 15:05:20 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLCDA32.dll

[2012.12.14 15:05:20 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLIO32.dll

[2012.12.14 15:05:20 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLPRF32.dll

[2012.12.14 15:05:20 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLPNT32.dll

[2012.12.14 15:05:20 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\STRING32.dll

[2012.12.14 15:05:20 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLPTL32.dll

[2012.12.14 15:05:20 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLCDF32.dll

[2012.12.14 15:05:20 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLTPO32.dll

[2012.12.14 15:05:20 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLPRJ32.dll

[2012.12.14 15:05:20 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLIMG32.dll

[2012.12.14 15:05:20 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLRD32.dll

[2012.12.14 15:05:20 | 000,038,784 | ---- | C] (MAGIX) -- C:\windows\SysWow64\drivers\virtualdisk_u.sys

[2012.12.14 15:05:20 | 000,038,272 | ---- | C] (MAGIX) -- C:\windows\SysWow64\drivers\virtualdisk.sys

[2012.12.14 15:05:20 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLMSC32.dll

[2012.12.14 15:05:20 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLISO32.dll

[2012.12.14 15:05:20 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLDIR32.dll

[2012.12.14 15:05:20 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\TTIC32.dll

[2012.12.14 15:05:20 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\TTI32.dll

[2012.12.14 15:05:20 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\windows\SysWow64\DLLIX.dll

[2012.12.14 15:05:20 | 000,014,208 | ---- | C] (MAGIX) -- C:\windows\SysWow64\drivers\disksec.sys

[2012.12.14 15:05:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4a.dll

[2012.12.14 15:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX

[2012.12.14 15:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2012.12.14 15:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX

[2012.12.14 15:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services

[2012.12.14 15:04:42 | 000,014,112 | ---- | C] (InterVideo) -- C:\windows\SysNative\drivers\regi.sys

[2012.12.14 15:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel

[2012.12.14 15:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InterVideo

[2012.12.14 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis

[2012.12.14 15:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2012.12.14 15:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel

[2012.12.14 15:03:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll

[2012.12.14 15:02:46 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\RTCOM

[2012.12.14 15:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012.12.14 15:02:39 | 003,747,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkAPO64.dll

[2012.12.14 15:02:39 | 002,634,856 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtPgEx64.dll

[2012.12.14 15:02:39 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\WavesGUILib.dll

[2012.12.14 15:02:39 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTSnMg64.cpl

[2012.12.14 15:02:39 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTCOM64.dll

[2012.12.14 15:02:39 | 000,823,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkApi64.dll

[2012.12.14 15:02:39 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSX64.dll

[2012.12.14 15:02:39 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEP64A.dll

[2012.12.14 15:02:39 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtlCPAPI64.dll

[2012.12.14 15:02:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DHT64.dll

[2012.12.14 15:02:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DAA64.dll

[2012.12.14 15:02:39 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSH64.dll

[2012.12.14 15:02:39 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEED64A.dll

[2012.12.14 15:02:39 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSHP64.dll

[2012.12.14 15:02:39 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSWOW64.dll

[2012.12.14 15:02:39 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkCfg64.dll

[2012.12.14 15:02:39 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEL64A.dll

[2012.12.14 15:02:39 | 000,100,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RCoInstII64.dll

[2012.12.14 15:02:39 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEG64A.dll

[2012.12.14 15:02:39 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkCoLDR64.dll

[2012.12.14 15:02:38 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioEQ.dll

[2012.12.14 15:02:38 | 000,955,736 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPOShell64.dll

[2012.12.14 15:02:38 | 000,626,264 | ---- | C] (Creative Technology Ltd.) -- C:\windows\SysNative\MBTHX64.dll

[2012.12.14 15:02:38 | 000,561,752 | ---- | C] (Creative Technology Ltd.) -- C:\windows\SysWow64\MBTHX32.dll

[2012.12.14 15:02:38 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO20.dll

[2012.12.14 15:02:38 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\windows\SysNative\MBWrp64.dll

[2012.12.14 15:02:38 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\windows\SysNative\drivers\MBfilt64.sys

[2012.12.14 15:02:37 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\windows\SysNative\FMAPO64.dll

[2012.12.14 15:02:36 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\RtlExUpd.dll

[2012.12.14 15:02:36 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\SysNative\AERTAC64.dll

[2012.12.14 15:02:36 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\SysNative\AERTAR64.dll

[2012.12.14 15:02:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2012.12.14 15:00:14 | 000,000,000 | --SD | C] -- C:\Users\sandra\AppData\Roaming\Microsoft

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Videos

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Saved Games

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Pictures

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Music

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Links

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Favorites

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Downloads

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Documents

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\Desktop

[2012.12.14 15:00:14 | 000,000,000 | R--D | C] -- C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Vorlagen

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\AppData\Local\Verlauf

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\AppData\Local\Temporary Internet Files

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Startmenü

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\SendTo

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Recent

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Netzwerkumgebung

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Lokale Einstellungen

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Documents\Eigene Videos

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Documents\Eigene Musik

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Eigene Dateien

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Documents\Eigene Bilder

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Druckumgebung

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Cookies

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\AppData\Local\Anwendungsdaten

[2012.12.14 15:00:14 | 000,000,000 | -HSD | C] -- C:\Users\sandra\Anwendungsdaten

[2012.12.14 15:00:14 | 000,000,000 | -H-D | C] -- C:\Users\sandra\AppData

[2012.12.14 15:00:14 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\Temp

[2012.12.14 15:00:14 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Local\Microsoft

[2012.12.14 15:00:14 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Media Center Programs

[2012.12.14 14:58:58 | 000,000,000 | ---D | C] -- C:\Recovery

[2012.12.14 14:58:55 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.21 13:19:28 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.21 13:19:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.12.21 13:18:56 | 2066,284,543 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.21 12:40:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.21 10:20:32 | 000,024,432 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.21 10:20:32 | 000,024,432 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.20 07:34:11 | 000,547,175 | ---- | M] () -- C:\Users\sandra\Desktop\adwcleaner.exe

[2012.12.19 12:26:20 | 000,295,544 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012.12.19 07:49:42 | 005,012,571 | R--- | M] (Swearware) -- C:\Users\sandra\Desktop\ComboFix.exe

[2012.12.19 04:20:34 | 002,195,988 | ---- | M] () -- C:\Users\sandra\Desktop\tdsskiller-2-8-14-0.zip

[2012.12.19 04:16:17 | 000,000,512 | ---- | M] () -- C:\Users\sandra\Desktop\MBR.dat

[2012.12.19 00:11:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL (1).exe

[2012.12.18 05:45:16 | 004,043,186 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012.12.18 05:45:16 | 000,705,842 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat

[2012.12.18 05:45:16 | 000,704,866 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat

[2012.12.18 05:45:16 | 000,700,520 | ---- | M] () -- C:\windows\SysNative\perfh010.dat

[2012.12.18 05:45:16 | 000,665,578 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012.12.18 05:45:16 | 000,627,420 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012.12.18 05:45:16 | 000,140,814 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat

[2012.12.18 05:45:16 | 000,133,892 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat

[2012.12.18 05:45:16 | 000,133,758 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012.12.18 05:45:16 | 000,130,896 | ---- | M] () -- C:\windows\SysNative\perfc010.dat

[2012.12.18 05:45:16 | 000,110,140 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012.12.17 19:33:08 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\DAOC-Charplan.lnk

[2012.12.16 08:55:20 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.15 17:26:46 | 000,000,186 | ---- | M] () -- C:\Users\sandra\Desktop\reservierung.rtf

[2012.12.14 23:57:44 | 000,159,772 | ---- | M] () -- C:\windows\SysWow64\license.rtf

[2012.12.14 23:57:44 | 000,159,772 | ---- | M] () -- C:\windows\SysNative\license.rtf

[2012.12.14 16:46:08 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012.12.14 16:36:21 | 000,002,295 | ---- | M] () -- C:\Users\sandra\Desktop\Google Chrome.lnk

[2012.12.14 15:05:10 | 000,000,040 | -H-- | M] () -- C:\windows\SysNative\ivireg.ivr

[2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys

[2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.20 07:34:10 | 000,547,175 | ---- | C] () -- C:\Users\sandra\Desktop\adwcleaner.exe

[2012.12.19 07:51:59 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012.12.19 07:51:59 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012.12.19 07:51:59 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012.12.19 07:51:59 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012.12.19 07:51:59 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012.12.19 04:20:33 | 002,195,988 | ---- | C] () -- C:\Users\sandra\Desktop\tdsskiller-2-8-14-0.zip

[2012.12.19 04:10:24 | 000,000,512 | ---- | C] () -- C:\Users\sandra\Desktop\MBR.dat

[2012.12.17 19:33:08 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\DAOC-Charplan.lnk

[2012.12.16 08:55:20 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.16 01:57:59 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012.12.16 01:44:49 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012.12.15 17:26:46 | 000,000,186 | ---- | C] () -- C:\Users\sandra\Desktop\reservierung.rtf

[2012.12.14 23:54:16 | 2066,284,543 | -HS- | C] () -- C:\hiberfil.sys

[2012.12.14 16:52:59 | 000,002,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2012.12.14 16:36:21 | 000,002,295 | ---- | C] () -- C:\Users\sandra\Desktop\Google Chrome.lnk

[2012.12.14 16:35:29 | 000,001,110 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.12.14 16:35:28 | 000,001,106 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.12.14 16:26:54 | 000,001,419 | ---- | C] () -- C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012.12.14 16:26:10 | 000,001,453 | ---- | C] () -- C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012.12.14 15:07:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.12.14 15:05:20 | 000,038,492 | ---- | C] () -- C:\windows\SysWow64\DLLAV32.lib

[2012.12.14 15:04:59 | 000,120,200 | ---- | C] () -- C:\windows\SysWow64\DLLDEV32i.dll

[2012.12.14 15:04:43 | 000,000,040 | -H-- | C] () -- C:\windows\SysNative\ivireg.ivr

[2012.12.14 15:02:41 | 000,000,176 | ---- | C] () -- C:\windows\SysNative\drivers\RTHDAEQ0.dat

[2012.12.14 15:02:39 | 000,216,472 | ---- | C] () -- C:\windows\SysNative\drivers\RTAIODAT.DAT

[2012.03.15 07:19:58 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012.03.15 07:01:16 | 000,001,313 | ---- | C] () -- C:\windows\THXCfg_SP_APOIM.ini

[2012.03.15 07:01:16 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_HP_APOIM.ini

[2012.03.15 07:01:16 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_APOIM.ini

[2012.03.15 07:01:14 | 000,182,272 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL

[2012.03.15 07:01:14 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL

[2012.03.15 05:53:07 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin

[2012.03.15 05:53:05 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin

[2012.03.15 05:53:03 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012.03.15 05:53:02 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

--- --- ---

Extras.text von OTL:

OTL Logfile:

Code:

OTL Extras logfile created on: 21.12.2012 13:22:14 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\sandra\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,90 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 75,45% Memory free

15,80 Gb Paging File | 13,51 Gb Available in Paging File | 85,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 411,91 Gb Total Space | 357,35 Gb Free Space | 86,75% Space Free | Partition Type: NTFS

Drive D: | 274,60 Gb Total Space | 266,81 Gb Free Space | 97,16% Space Free | Partition Type: NTFS

Drive E: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: SANDRA-MSI | User Name: sandra | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-1950173301-3659085451-2770679902-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{B5FD8464-E477-4C81-A68C-E112E67EF7D0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{FF848A2C-D1FB-4C4D-9EBA-9DD82CACBCAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2634129A-E867-4A74-AEA2-0B0AC20B7185}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

"{5760818F-EA22-402D-82B2-29459E749C53}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

"{9CF975B1-5913-4A48-BF54-B1322DC835DB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{A2171194-FF6D-4FBD-89EA-487DC8D7273A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{B86B9644-A599-41CA-8231-69560B947A42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{E65FFFCC-8B00-49C8-8213-CDE48394DA00}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{EFE468A5-DF09-4F29-A68A-10559031D1AA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver

"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}" = MSI Software Install

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{39BDC923-826E-4007-8179-50E7C570E545}" = S-Bar

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}" = KLM

"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95193654-3EF2-4D17-8503-9F80B56D9ED5}" = MSI VGA Overclock Tool

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"Avira AntiVir Desktop" = Avira Free Antivirus

"DAOCCharplan" = DAOC-Charplan

"Dark Age of Camelot" = Dark Age of Camelot

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}" = KLM

"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 14.12.2012 22:08:04 | Computer Name = sandra-MSI | Source = .NET Runtime | ID = 1026

Description = 

 

Error - 14.12.2012 22:08:07 | Computer Name = sandra-MSI | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: KLM.exe, Version: 1.0.1112.1901, 

Zeitstempel: 0x4eeed613  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,

 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b9bc  ID des fehlerhaften

 Prozesses: 0x18a4  Startzeit der fehlerhaften Anwendung: 0x01cdda69035cbfb0  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\MSI\KLM\KLM.exe  Pfad des fehlerhaften

 Moduls: C:\windows\syswow64\KERNELBASE.dll  Berichtskennung: 441f3149-465c-11e2-94b0-8c89a5024cfb

 

Error - 14.12.2012 22:08:17 | Computer Name = sandra-MSI | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 14.12.2012 22:42:36 | Computer Name = sandra-MSI | Source = .NET Runtime | ID = 1026

Description = 

 

Error - 14.12.2012 22:42:38 | Computer Name = sandra-MSI | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: KLM.exe, Version: 1.0.1112.1901, 

Zeitstempel: 0x4eeed613  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,

 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b9bc  ID des fehlerhaften

 Prozesses: 0x207c  Startzeit der fehlerhaften Anwendung: 0x01cdda6dd6f3deda  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\MSI\KLM\KLM.exe  Pfad des fehlerhaften

 Moduls: C:\windows\syswow64\KERNELBASE.dll  Berichtskennung: 1624ae13-4661-11e2-94b0-8c89a5024cfb

 

Error - 15.12.2012 15:27:32 | Computer Name = sandra-MSI | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.12.2012 15:34:26 | Computer Name = sandra-MSI | Source = .NET Runtime | ID = 1026

Description = 

 

Error - 15.12.2012 15:34:27 | Computer Name = sandra-MSI | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: KLM.exe, Version: 1.0.1112.1901, 

Zeitstempel: 0x4eeed613  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,

 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b9bc  ID des fehlerhaften

 Prozesses: 0x1648  Startzeit der fehlerhaften Anwendung: 0x01cddafb30c06b5a  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\MSI\KLM\KLM.exe  Pfad des fehlerhaften

 Moduls: C:\windows\syswow64\KERNELBASE.dll  Berichtskennung: 6fb6c8c7-46ee-11e2-a6d8-8c89a5024cfb

 

Error - 15.12.2012 15:36:28 | Computer Name = sandra-MSI | Source = .NET Runtime | ID = 1026

Description = 

 

Error - 15.12.2012 15:36:29 | Computer Name = sandra-MSI | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: KLM.exe, Version: 1.0.1112.1901, 

Zeitstempel: 0x4eeed613  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,

 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b9bc  ID des fehlerhaften

 Prozesses: 0x1798  Startzeit der fehlerhaften Anwendung: 0x01cddafb798c962b  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\MSI\KLM\KLM.exe  Pfad des fehlerhaften

 Moduls: C:\windows\syswow64\KERNELBASE.dll  Berichtskennung: b845e9b3-46ee-11e2-a6d8-8c89a5024cfb

 

[ System Events ]

Error - 15.12.2012 20:39:32 | Computer Name = sandra-MSI | Source = DCOM | ID = 10010

Description = 

 

Error - 15.12.2012 20:40:02 | Computer Name = sandra-MSI | Source = DCOM | ID = 10010

Description = 

 

Error - 15.12.2012 20:57:37 | Computer Name = sandra-MSI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft XML Core Services

 4.0 Service Pack 2 für x64-Systeme (KB954430)

 

Error - 15.12.2012 21:01:36 | Computer Name = sandra-MSI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft XML Core Services 4.0 Service

 Pack 2 für x64-basierte Systeme (KB973688)

 

Error - 16.12.2012 00:50:33 | Computer Name = sandra-MSI | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Neustart des Diensts.

 

Error - 16.12.2012 00:51:24 | Computer Name = sandra-MSI | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Google Update-Dienst (gupdate) erreicht.

 

Error - 16.12.2012 00:51:24 | Computer Name = sandra-MSI | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 16.12.2012 00:51:25 | Computer Name = sandra-MSI | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Intel(R) Rapid Storage Technology erreicht.

 

Error - 16.12.2012 00:51:25 | Computer Name = sandra-MSI | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 16.12.2012 00:53:32 | Computer Name = sandra-MSI | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 

beendet:   %%16405

 

 

< End of report >

--- --- ---

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo,

sorry Weihnachten ist etwas dazwischen gekommen, darum antworte ich jetzt erst:

ESET Logfile:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=d45da09f35da214b873744e6071ac99a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-29 08:33:10
# local_time=2012-12-29 09:33:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 43046 222193280 728 0
# compatibility_mode=5893 16776574 100 94 24983748 108399840 0 0
# scanned=198409
# found=0
# cleaned=0
# scan_time=3126

WArum fehlt das Log von Malwarebytes?

weil ich nicht wußte, dass du das auch haben willst.. stand ja nich dabei....

Zitat:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sandra :: SANDRA-MSI [Administrator]

Schutz: Aktiviert

16.12.2012 08:57:36
mbam-log-2012-12-16 (08-57-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 464666
Laufzeit: 38 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

16.12.2012 08:57:36

mbam-log-2012-12-16 (08-57-36).txt

Warum postest du ein MBAM Log vom 16.12.?! Ich hab dich erst am 22.12. gebeten einen neuen Scan mit MBAM zu machen...

ja hast du und nachdem du das Log wolltest, hab ich nochmal einen Scan gemacht und musste auf Logdateien klicken, weil kein Fenster aufgegangen ist nach dem Scan.

Diese Dateien hab ich dann kopiert.. ich hatte keine anderen...

Zitat:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sandra :: SANDRA-MSI [Administrator]

31.12.2012 08:59:48
mbam-log-2012-12-31 (08-59-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 273018
Laufzeit: 1 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)