Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GUV Trojaner Windows 7

GUV Trojaner Windows 7


Plagegeister aller Art und deren Bekämpfung: GUV Trojaner Windows 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 09.06.2013, 11:11   #1
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hallo zusammen,

mein Schwiegervater hat sich anscheinend den sogenannten GUV Trojaner eingehandelt.

Sah nur das eine Internetseite von der GUV offen ist mit der Aufforderung 100€ zuzahlen -
Merkwürdigkeit: Seit wann den die Bundesregierung den mit Paysafe bezahlt werden will

Bisher haben wir nur den Rechner im abgesicherten Modus gestartet, mit meinem nach eventuellen Lösungen gesucht und da bin ich auf eure Seite gestoßen, ansonsten habe/n ich/wir noch nichts unternommen.

Kann uns hier jemand helfen?

Vielen lieben Dank im Voraus

LG TiRoFiOs

Alt 09.06.2013, 11:18   #2
markusg
/// Malware-holic
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hi
wenn du den Rechner im abges. Modus starten kannst, folgenes via usb stick auf den pc kopieren, bzw logs vom infizierten auf nen internet fähigem

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 09.06.2013, 12:12   #3
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Sorry hat ein bisschen länger gedauert musste erstmal mein Netbook suchen, da es mit meinem (MAC) nicht funktioniert

Aber hier habe ich die OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.06.2013 12:45:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\josef\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,21 Gb Available Physical Memory | 80,29% Memory free
7,99 Gb Paging File | 7,34 Gb Available in Paging File | 91,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,69 Gb Total Space | 78,73 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
Drive E: | 139,58 Gb Total Space | 118,23 Gb Free Space | 84,70% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,96 Gb Free Space | 99,97% Space Free | Partition Type: FAT
 
Computer Name: JOSEF-PC | User Name: josef | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 12:38:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\josef\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.29 14:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.07 11:18:54 | 000,311,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.05 21:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.18 10:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.07 08:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 13:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.19 06:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.07 03:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008.05.27 07:13:38 | 000,059,136 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV - [2012.05.08 16:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.09.07 08:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={5120F384-5FBB-11E2-ABCB-00262D5350FA}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27361109g836l0388z1k5t57i1a51q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {88d776b4-c426-402a-961c-db0e25e2317b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=bab52bf20000000000000ceee680365e
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE354
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={5120F384-5FBB-11E2-ABCB-00262D5350FA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.31 17:32:52 | 000,000,000 | ---D | M]
 
[2013.01.16 11:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josef\AppData\Roaming\mozilla\Firefox\extensions
[2013.01.16 11:13:47 | 000,000,000 | ---D | M] (DrawPlus Starter Edition DE) -- C:\Users\josef\AppData\Roaming\mozilla\Firefox\extensions\{88d776b4-c426-402a-961c-db0e25e2317b}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ctfmon32.exe] C:\ProgramData\jg6zl.dat (Корпорация Майкрософт)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{340BAA4C-85BE-4DDD-8229-5DAE1F085D50}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6189C70F-21B4-4DCF-883D-F3BB00C42CED}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3dd24ad5-a2e1-11e0-a8f8-00262d5350fa}\Shell - "" = AutoRun
O33 - MountPoints2\{3dd24ad5-a2e1-11e0-a8f8-00262d5350fa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3dd24af3-a2e1-11e0-a8f8-00262d5350fa}\Shell - "" = AutoRun
O33 - MountPoints2\{3dd24af3-a2e1-11e0-a8f8-00262d5350fa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3dd24b0d-a2e1-11e0-a8f8-00262d5350fa}\Shell - "" = AutoRun
O33 - MountPoints2\{3dd24b0d-a2e1-11e0-a8f8-00262d5350fa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3dd24b11-a2e1-11e0-a8f8-00262d5350fa}\Shell - "" = AutoRun
O33 - MountPoints2\{3dd24b11-a2e1-11e0-a8f8-00262d5350fa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c1e74a96-a2e2-11e0-88d1-00262d5350fa}\Shell - "" = AutoRun
O33 - MountPoints2\{c1e74a96-a2e2-11e0-88d1-00262d5350fa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dcf78f6c-3ab4-11e2-a123-00262d5350fa}\Shell - "" = AutoRun
O33 - MountPoints2\{dcf78f6c-3ab4-11e2-a123-00262d5350fa}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: BDE X Man - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Device Detection - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DIMUpdate wird heruntergeladen...1300677038363 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 12:42:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\josef\Desktop\OTL.exe
[2013.06.08 23:26:06 | 000,173,568 | ---- | C] (Корпорация Майкрософт) -- C:\ProgramData\jg6zl.dat
[2013.06.08 23:26:06 | 000,173,568 | ---- | C] (Корпорация Майкрософт) -- C:\ProgramData\foto23.dat
[2013.06.08 23:26:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.13 10:16:25 | 000,000,000 | ---D | C] -- C:\Users\josef\AppData\Roaming\Ashampoo
[2013.05.13 10:15:45 | 000,000,000 | ---D | C] -- C:\Users\josef\AppData\Local\ashampoo
[2013.05.13 10:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.05.13 10:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.05.13 10:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013.05.13 10:15:20 | 000,000,000 | ---D | C] -- C:\Users\josef\AppData\Local\Programs
[2011.03.30 20:48:37 | 001,127,728 | ---- | C] (Microsoft Corporation) -- C:\Users\josef\IE9-Windows7-x64-deu.exe
[2009.08.22 10:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 12:40:25 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.09 12:40:25 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.09 12:40:25 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.09 12:40:25 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.09 12:40:25 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.09 12:38:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\josef\Desktop\OTL.exe
[2013.06.09 11:15:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 11:15:52 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 11:15:11 | 000,017,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 11:15:11 | 000,017,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 11:14:15 | 095,023,320 | ---- | M] () -- C:\ProgramData\lz6gj.pad
[2013.06.08 23:26:18 | 000,001,033 | ---- | M] () -- C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.06.08 23:26:17 | 095,023,320 | ---- | M] () -- C:\ProgramData\32otof.pad
[2013.06.08 23:26:17 | 000,002,645 | ---- | M] () -- C:\ProgramData\lz6gj.js
[2013.06.08 23:26:17 | 000,000,151 | ---- | M] () -- C:\ProgramData\lz6gj.reg
[2013.06.08 23:26:17 | 000,000,056 | ---- | M] () -- C:\ProgramData\lz6gj.bat
[2013.06.08 23:26:06 | 000,173,568 | ---- | M] (Корпорация Майкрософт) -- C:\ProgramData\jg6zl.dat
[2013.06.08 23:26:06 | 000,173,568 | ---- | M] (Корпорация Майкрософт) -- C:\ProgramData\foto23.dat
[2013.05.15 20:52:09 | 000,006,148 | -H-- | M] () -- C:\Users\Public\Documents\.DS_Store
[2013.05.14 22:56:07 | 000,477,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.13 10:15:44 | 000,001,285 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.08 23:26:18 | 000,001,033 | ---- | C] () -- C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.06.08 23:26:17 | 000,002,645 | ---- | C] () -- C:\ProgramData\lz6gj.js
[2013.06.08 23:26:17 | 000,000,151 | ---- | C] () -- C:\ProgramData\lz6gj.reg
[2013.06.08 23:26:17 | 000,000,056 | ---- | C] () -- C:\ProgramData\lz6gj.bat
[2013.06.08 23:26:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\lz6gj.pad
[2013.06.08 23:26:06 | 095,023,320 | ---- | C] () -- C:\ProgramData\32otof.pad
[2013.05.15 20:52:08 | 000,006,148 | -H-- | C] () -- C:\Users\Public\Documents\.DS_Store
[2013.05.13 10:15:44 | 000,001,285 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2012.11.15 23:23:53 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2012.09.27 22:14:37 | 000,000,278 | ---- | C] () -- C:\Windows\SBcCtrlSet1.bin
[2012.09.25 21:49:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.09.25 21:46:33 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012.05.30 16:42:48 | 000,182,045 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2012.05.30 16:42:48 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2011.10.25 08:47:31 | 000,003,584 | ---- | C] () -- C:\Users\josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.10 17:15:50 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.19 13:41:30 | 000,123,551 | ---- | C] () -- C:\Users\josef\altersteilzeit[1].pdf
[2010.06.25 21:07:37 | 000,023,552 | ---- | C] () -- C:\Users\josef\AppData\Local\WebpageIcons.db
[2009.11.19 20:39:20 | 000,000,500 | ---- | C] () -- C:\Users\josef\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.16 20:00:47 | 000,000,000 | -HSD | M] -- C:\Users\josef\AppData\Roaming\.#
[2012.09.27 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\2pTech
[2010.12.30 14:20:45 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\AquaSoft
[2013.05.13 10:16:25 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Ashampoo
[2012.09.22 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Avery
[2011.09.28 07:49:51 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Babylon
[2010.05.30 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\de.schlecker.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2013.01.16 10:59:53 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\DesktopIconForAmazon
[2013.02.17 11:53:42 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\DVDVideoSoft
[2013.02.17 11:54:01 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.20 22:37:28 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Foxit
[2010.11.30 21:06:52 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Foxit Software
[2009.11.16 20:43:14 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\GameConsole
[2013.01.08 14:53:48 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\gtk-2.0
[2011.11.02 13:11:30 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\IrfanView
[2010.04.11 18:05:10 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Lexware
[2012.12.27 16:20:36 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Nokia
[2011.07.09 19:28:14 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Nokia Ovi Suite
[2012.06.30 08:37:33 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Nokia Suite
[2013.01.16 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\OCS
[2012.05.29 15:09:32 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\OpenCandy
[2010.11.15 18:02:35 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\OpenOffice.org
[2013.01.16 10:59:57 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Opera
[2011.06.24 09:50:31 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\PC Suite
[2013.01.28 11:13:12 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\PDF Software
[2011.09.27 12:29:32 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\PixelPlanet
[2009.11.17 21:45:59 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\PowerCinema
[2009.11.17 21:46:11 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\SoftDMA
[2011.05.30 12:28:28 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\TeamViewer
[2009.11.20 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\Template
[2012.05.29 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\josef\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.29 15:31:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.25 22:21:54 | 000,000,000 | ---D | M] -- C:\Applikationen
[2013.03.24 21:31:30 | 000,000,000 | ---D | M] -- C:\BDV
[2009.10.03 05:28:21 | 000,000,000 | ---D | M] -- C:\BOOK
[2009.08.22 12:23:06 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.11.22 21:28:38 | 000,000,000 | ---D | M] -- C:\col1832
[2013.05.16 19:00:39 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.16 19:28:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.03.25 10:52:46 | 000,000,000 | ---D | M] -- C:\elements
[2009.08.22 07:15:26 | 000,000,000 | ---D | M] -- C:\Intel
[2013.03.17 11:32:04 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.14 22:20:16 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.27 17:05:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.06.09 11:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.16 19:28:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.16 19:28:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.06.09 07:14:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.04.12 13:43:09 | 000,000,000 | ---D | M] -- C:\Systemsteuerung
[2012.03.16 11:59:10 | 000,000,000 | ---D | M] -- C:\temp
[2013.02.09 14:51:09 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.09 13:23:24 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.01.19 13:37:06 | 000,123,551 | ---- | M] () -- C:\Users\josef\altersteilzeit[1].pdf
[2011.03.30 20:48:41 | 001,127,728 | ---- | M] (Microsoft Corporation) -- C:\Users\josef\IE9-Windows7-x64-deu.exe
[2013.06.09 12:48:59 | 004,718,592 | -HS- | M] () -- C:\Users\josef\ntuser.dat
[2013.06.09 12:48:59 | 000,262,144 | -HS- | M] () -- C:\Users\josef\ntuser.dat.LOG1
[2009.11.16 19:28:45 | 000,000,000 | -HS- | M] () -- C:\Users\josef\ntuser.dat.LOG2
[2009.11.16 22:04:28 | 000,065,536 | -HS- | M] () -- C:\Users\josef\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.16 22:04:28 | 000,524,288 | -HS- | M] () -- C:\Users\josef\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.16 22:04:28 | 000,524,288 | -HS- | M] () -- C:\Users\josef\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.01.17 14:21:09 | 000,065,536 | -HS- | M] () -- C:\Users\josef\ntuser.dat{3f5735c9-035a-11df-9f41-00262d5350fa}.TM.blf
[2010.01.17 14:21:09 | 000,524,288 | -HS- | M] () -- C:\Users\josef\ntuser.dat{3f5735c9-035a-11df-9f41-00262d5350fa}.TMContainer00000000000000000001.regtrans-ms
[2010.01.17 14:21:09 | 000,524,288 | -HS- | M] () -- C:\Users\josef\ntuser.dat{3f5735c9-035a-11df-9f41-00262d5350fa}.TMContainer00000000000000000002.regtrans-ms
[2010.10.23 18:22:36 | 000,065,536 | -HS- | M] () -- C:\Users\josef\ntuser.dat{831f59ed-debc-11df-90fd-00262d5350fa}.TM.blf
[2010.10.23 18:22:36 | 000,524,288 | -HS- | M] () -- C:\Users\josef\ntuser.dat{831f59ed-debc-11df-90fd-00262d5350fa}.TMContainer00000000000000000001.regtrans-ms
[2010.10.23 18:22:36 | 000,524,288 | -HS- | M] () -- C:\Users\josef\ntuser.dat{831f59ed-debc-11df-90fd-00262d5350fa}.TMContainer00000000000000000002.regtrans-ms
[2009.11.16 19:28:45 | 000,000,020 | -HS- | M] () -- C:\Users\josef\ntuser.ini
[2011.09.27 12:17:12 | 000,015,872 | -HS- | M] () -- C:\Users\josef\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2634FC95

< End of report >
--- --- ---
[code]

und hier ist die Extra.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 12:45:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\josef\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,21 Gb Available Physical Memory | 80,29% Memory free
7,99 Gb Paging File | 7,34 Gb Available in Paging File | 91,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,69 Gb Total Space | 78,73 Gb Free Space | 53,67% Space Free | Partition Type: NTFS
Drive E: | 139,58 Gb Total Space | 118,23 Gb Free Space | 84,70% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,96 Gb Free Space | 99,97% Space Free | Partition Type: FAT
 
Computer Name: JOSEF-PC | User Name: josef | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FDB171-4119-43C3-A46B-835F4D340DD5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B5384CC-1DD2-4014-8514-3AFA0AC81FFF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2D0CB372-B68D-438E-B1D2-D29F22C8DE89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2EABC42C-0D89-4318-ACB9-196DE1EBF62B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{440A3A49-557A-475E-86ED-D3A91D8CEE6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{466CE343-1AB6-4E1C-98A7-B890FCDA4340}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4EDF4020-76E4-4771-A8A8-C11552AF8957}" = rport=445 | protocol=6 | dir=out | app=system | 
"{53C98354-EC6B-4EC9-AC47-852532EC4559}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{5774A248-3EFA-47D9-9780-95F7C6F8F3D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58EE72D2-B918-4FC4-ABF2-DBA98DA0500D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{68601FA6-ADCB-4258-B607-5F1404D5BA11}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{69307223-9245-4E1B-997B-183063CB71AE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{73FCE7BE-6B5D-4A76-8F05-0B721F0CA0F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7603190E-4DB9-499D-885F-B53FA399E791}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ACE4FA1E-BFE2-4D08-B012-9384869FA96C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BC9FE4BB-CA5E-40FE-A72A-3CF2FE63CD24}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C0FFDB08-4073-4088-972B-0F6370CF1D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DB38C413-2EF8-49A1-868D-D19D19815503}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E052C3E0-9E59-4683-8CB6-3E52E1A0BEA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0926761-CA91-4074-8721-2A7BEF985EB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2BDC0CB-C4DC-4202-B8C6-F131ABE506D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EEEFD3DB-1D44-48E5-B023-CAF69F36B671}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F7A2C703-CFBB-489E-9EDE-941D16D3DC7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E8B72B-1FD1-4691-91C0-2D385FF17C98}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{0313B7BF-E9CF-41A4-BB18-0F16FE93E06C}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-ac66u wireless router utilities\qiswizard.exe | 
"{04D4C509-37C7-47FB-86A9-E89235236208}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-ac66u wireless router utilities\discovery.exe | 
"{0AC5BACA-BCD7-42A8-8AEC-20A16CFB0360}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{0B125004-FA06-4619-97DB-4132E85F2D87}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{0DB6F52F-2488-4615-B42D-CC238964C6BE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{125B6F70-8743-4B4E-BF95-4AE59331D3AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1EBEBFA3-7479-487D-95B5-06B590E59A9D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{246C9AE5-1622-49AC-BC60-073826D73A5E}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-ac66u wireless router utilities\rescue.exe | 
"{26A893FC-DBE8-44F7-847B-8715870E85BC}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{2A4BCFD0-205B-4941-851C-27F16CD8F2E9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{2A853BF8-B6FA-4B05-B0FD-E81898FD54BA}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{2ACA50C7-0315-4FE3-B249-8AFAF89213A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{3ADAFE64-699D-4D83-9CD7-E851C67C3481}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{3BBDB694-4D9C-475E-AB73-198152E2E380}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{3D3C5E0A-DAA3-45F0-AC25-E138B4F10D9A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{3F7A2DC4-C5B5-44E1-AC22-DCBE2DA6456E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{41C155A0-5496-4BF8-B673-5B35B8AEE3C0}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{465BA02A-88DB-4EBB-B10D-68664418B993}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{577B534D-FE82-4588-AC90-18F3E3B15248}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5CAB4304-1682-4D88-81B7-50966693655D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{66DE3F2F-979F-4BE1-BDBD-2548A89E631B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D90F08E-50C4-4BEE-8FF9-0DFAE22A04A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{709F98C6-1B56-469C-AA7C-7E33F537B2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{70B4D963-56CB-4A9F-97E3-8CB7B77716E7}" = protocol=6 | dir=in | app=d:\routersetup\qiswizard.exe | 
"{721C0621-FEBB-4C9A-9ECA-160F46A177E4}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{72216B4B-9AC4-46AC-9C3B-B74BDF2A705E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{75BA4417-18B3-47BC-8F28-38D034F7B0AB}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-ac66u wireless router utilities\rescue.exe | 
"{7613D826-6006-48C3-8EED-414696460568}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76198223-573D-4D12-8CD4-1F5BD50A07B4}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-ac66u wireless router utilities\qiswizard.exe | 
"{81F0BF40-465F-4412-900C-4A17D31A66CC}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{88831CFA-70CB-4940-BFBC-D15B894115C9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{8F5E2783-3C69-4A35-A1B1-FA6878683C3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{920363F3-752D-41C5-B4B8-BAFE691A1C0F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{92B9C3AB-8557-4A36-A751-7B4AEF88E21F}" = protocol=17 | dir=in | app=d:\routersetup\qiswizard.exe | 
"{A11AE5D8-D422-4B12-98E1-5559F9422748}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{A24152DA-3286-47C9-B7D8-A1C30B045A85}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A5A48B92-8A06-46CC-AB98-D30EDF70F628}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{A813DE11-3A8C-4847-B3FD-7123F9B2C375}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{AA769957-E048-491F-8CBE-B246FBB53B87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABC7DA6D-5BDE-4A72-8747-3BB3CCB8DAE2}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-ac66u wireless router utilities\discovery.exe | 
"{B27EB3B7-D162-4E3B-8278-DBCC3CD2EAFD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6DA33E5-5AB1-4F17-95BB-1CC32D74B544}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{BFC483E3-3B69-470D-A88C-A08DE837A50F}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{C2170DDA-7889-437E-B5FB-F02FB0D97D12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{C58EA881-BA73-44AE-B430-C0E4B6B220E3}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{C6FD15E8-0E2D-4EE6-BDB2-7C0DF1B394F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{D1C19CC6-FD70-4C5D-956B-49B9396F5B6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{D2EC4CF6-BF08-4298-9EFE-5BD3B653BCF0}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{D8AABB03-CA8D-478A-9763-5281D43A0491}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{DE4AE3C4-E93B-40F7-8CB6-394AC0A699E0}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E18141E8-EA58-4B98-BCFC-5BE2D4142C32}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{EBF9070A-6C5A-4224-8313-5A5E16858D10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{F0937816-40FD-4B8A-8358-3E5046C05D0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F39F53D1-AF6C-4998-AC12-3119146D00F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{F4F3D385-2CF1-450A-A399-99E4492F512F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F701602B-BD45-46C5-8F9C-D80820203895}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{F8193EBE-01D9-4C5B-97D2-C9163C71D38E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"TCP Query User{A2E0BDB4-A321-4E18-9218-30747A933D9E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{F2E5311B-F4C0-405F-96CA-C77D12DD373B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{496F4FDB-A4A5-4AB1-89C2-7B4FFD37F9F1}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{266E41AB-D928-4AF2-A8E4-B24E31F5758C}" = ASUS RT-AC66U Wireless Router Utilities
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEF64B1-79A5-4E2F-8FBC-4CA89ECD3595}" = EtikettenAssistent 4.2
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"Avira AntiVir Desktop" = Avira Free Antivirus
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Nokia Suite" = Nokia Suite
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"VLC media player" = VLC media player 1.0.3
"Zattoo4" = Zattoo4 4.0.5
"ZooEasyPro_v10" = ZooEasy v10
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.05.2013 11:45:27 | Computer Name = josef-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
 Zeitstempel: 0x515e30fe  Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 8.15.11.8652,
 Zeitstempel: 0x4a6f107f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004672e  ID des fehlerhaften
 Prozesses: 0xcb4  Startzeit der fehlerhaften Anwendung: 0x01ce563a33eaa86b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\nvwgf2um.dll  Berichtskennung: 74ebaa8f-c22d-11e2-9768-00262d5350fa
 
Error - 22.05.2013 10:37:43 | Computer Name = josef-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 11.0.8402.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ff0    Startzeit: 
01ce56e091f59752    Endzeit: 18    Anwendungspfad: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

Berichts-ID:
 23b39bea-c2ed-11e2-9b36-00262d5350fa  
 
Error - 22.05.2013 15:16:15 | Computer Name = josef-PC | Source = Microsoft Office 11 | ID = 2001
Description = 
 
Error - 22.05.2013 16:28:02 | Computer Name = josef-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0,
 Zeitstempel: 0x4c1c2372  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xb04  Startzeit der fehlerhaften Anwendung: 0x01ce57209a203496  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 190b8f98-c31e-11e2-8215-00262d5350fa
 
Error - 23.05.2013 04:40:17 | Computer Name = josef-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0,
 Zeitstempel: 0x4c1c2372  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xdf4  Startzeit der fehlerhaften Anwendung: 0x01ce578fb89326c5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 64b3363c-c384-11e2-971e-00262d5350fa
 
Error - 23.05.2013 04:42:55 | Computer Name = josef-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 11.0.8402.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ba8    Startzeit: 
01ce579139956613    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

Berichts-ID:
 bb97d4d4-c384-11e2-971e-00262d5350fa  
 
Error - 26.05.2013 15:31:39 | Computer Name = josef-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 11.0.8402.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: fac    Startzeit: 
01ce5a444544e5c1    Endzeit: 13    Anwendungspfad: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

Berichts-ID:
 daff9296-c63a-11e2-8225-00262d5350fa  
 
Error - 07.06.2013 11:37:38 | Computer Name = josef-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0,
 Zeitstempel: 0x4c1c2372  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xadc  Startzeit der fehlerhaften Anwendung: 0x01ce6391b3578a42  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 2e5d662e-cf88-11e2-97e3-00262d5350fa
 
Error - 07.06.2013 17:04:18 | Computer Name = josef-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0,
 Zeitstempel: 0x4c1c2372  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xf20  Startzeit der fehlerhaften Anwendung: 0x01ce63c0c4285af6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: d0cee7c0-cfb5-11e2-9aa4-00262d5350fa
 
Error - 09.06.2013 01:08:45 | Computer Name = josef-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
[ System Events ]
Error - 09.06.2013 05:16:30 | Computer Name = josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.06.2013 05:16:30 | Computer Name = josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.06.2013 05:16:34 | Computer Name = josef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2013 05:16:34 | Computer Name = josef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2013 05:16:34 | Computer Name = josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.06.2013 05:37:02 | Computer Name = josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.06.2013 06:39:36 | Computer Name = josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.06.2013 06:40:59 | Computer Name = josef-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.06.2013 06:40:59 | Computer Name = josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 09.06.2013 06:44:31 | Computer Name = josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
--- --- ---
[code]


Ich sage schon einmal
LG TiRoFiOs
__________________
Alt 09.06.2013, 18:14   #4
markusg
/// Malware-holic
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [ctfmon32.exe] C:\ProgramData\jg6zl.dat (Корпорация Майкрософт)
[2013.06.08 23:26:06 | 000,173,568 | ---- | C] (Корпорация Майкрософт) -- C:\ProgramData\foto23.dat
[2013.06.08 23:26:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.06.09 11:14:15 | 095,023,320 | ---- | M] () -- C:\ProgramData\lz6gj.pad
[2013.06.08 23:26:18 | 000,001,033 | ---- | M] () -- C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013.06.08 23:26:17 | 000,002,645 | ---- | M] () -- C:\ProgramData\lz6gj.js
[2013.06.08 23:26:17 | 000,000,151 | ---- | M] () -- C:\ProgramData\lz6gj.reg
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 19:35   #5
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hallo,

hier ist die gewünschte Textfile

Auch hier sage ich schonmal im Voraus

Den Upload mach ich auch gleich noch

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully.
C:\ProgramData\jg6zl.dat moved successfully.
C:\ProgramData\foto23.dat moved successfully.
C:\ProgramData\rundll32.exe moved successfully.
C:\ProgramData\lz6gj.pad moved successfully.
C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk moved successfully.
C:\ProgramData\lz6gj.js moved successfully.
C:\ProgramData\lz6gj.reg moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: hedev
->Temp folder emptied: 43164427 bytes
 
User: josef
->Temp folder emptied: 10827160 bytes
->Temporary Internet Files folder emptied: 799865750 bytes
->Java cache emptied: 22318116 bytes
->Flash cache emptied: 42148 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450482 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 94591 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 836,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06092013_201804

Files\Folders moved on Reboot...
C:\Users\josef\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
LG TiRoFioS


Alt 09.06.2013, 19:41   #6
markusg
/// Malware-holic
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


danke fürs hochladen.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> GUV Trojaner Windows 7

Alt 09.06.2013, 19:44   #7
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Upload hat ohne Problem funktioniert...

Und ich sag , ich sag einfach



LG TiRoFiOs

Und hier ist nächste Logfile

Code:
ATTFilter
20:53:22.0470 3680  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:53:22.0720 3680  ============================================================
20:53:22.0720 3680  Current date / time: 2013/06/09 20:53:22.0720
20:53:22.0720 3680  SystemInfo:
20:53:22.0720 3680  
20:53:22.0720 3680  OS Version: 6.1.7601 ServicePack: 1.0
20:53:22.0720 3680  Product type: Workstation
20:53:22.0720 3680  ComputerName: JOSEF-PC
20:53:22.0721 3680  UserName: josef
20:53:22.0721 3680  Windows directory: C:\Windows
20:53:22.0721 3680  System windows directory: C:\Windows
20:53:22.0721 3680  Running under WOW64
20:53:22.0721 3680  Processor architecture: Intel x64
20:53:22.0721 3680  Number of processors: 2
20:53:22.0721 3680  Page size: 0x1000
20:53:22.0721 3680  Boot type: Normal boot
20:53:22.0721 3680  ============================================================
20:53:23.0172 3680  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:53:23.0181 3680  Drive \Device\Harddisk1\DR2 - Size: 0x7D73F000 (1.96 Gb), SectorSize: 0x200, Cylinders: 0xFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:53:23.0186 3680  ============================================================
20:53:23.0186 3680  \Device\Harddisk0\DR0:
20:53:23.0186 3680  MBR partitions:
20:53:23.0186 3680  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
20:53:23.0186 3680  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x1255F2B0
20:53:23.0205 3680  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13D02800, BlocksNum 0x1172B800
20:53:23.0205 3680  \Device\Harddisk1\DR2:
20:53:23.0205 3680  MBR partitions:
20:53:23.0205 3680  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3EB9B8
20:53:23.0205 3680  ============================================================
20:53:23.0240 3680  C: <-> \Device\Harddisk0\DR0\Partition2
20:53:23.0278 3680  E: <-> \Device\Harddisk0\DR0\Partition3
20:53:23.0278 3680  ============================================================
20:53:23.0278 3680  Initialize success
20:53:23.0278 3680  ============================================================
20:53:57.0904 3016  ============================================================
20:53:57.0904 3016  Scan started
20:53:57.0904 3016  Mode: Manual; SigCheck; TDLFS; 
20:53:57.0904 3016  ============================================================
20:53:58.0315 3016  ================ Scan system memory ========================
20:53:58.0315 3016  System memory - ok
20:53:58.0316 3016  ================ Scan services =============================
20:53:58.0495 3016  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:53:58.0616 3016  1394ohci - ok
20:53:58.0651 3016  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:53:58.0671 3016  ACPI - ok
20:53:58.0694 3016  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:53:58.0730 3016  AcpiPmi - ok
20:53:58.0802 3016  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:53:58.0827 3016  AdobeARMservice - ok
20:53:58.0881 3016  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:53:58.0911 3016  adp94xx - ok
20:53:58.0960 3016  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:53:58.0980 3016  adpahci - ok
20:53:59.0013 3016  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:53:59.0030 3016  adpu320 - ok
20:53:59.0066 3016  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:53:59.0111 3016  AeLookupSvc - ok
20:53:59.0155 3016  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:53:59.0202 3016  AFD - ok
20:53:59.0265 3016  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
20:53:59.0305 3016  AgereModemAudio - ok
20:53:59.0353 3016  [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
20:53:59.0409 3016  AgereSoftModem - ok
20:53:59.0454 3016  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:53:59.0469 3016  agp440 - ok
20:53:59.0492 3016  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:53:59.0522 3016  ALG - ok
20:53:59.0564 3016  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:53:59.0579 3016  aliide - ok
20:53:59.0598 3016  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:53:59.0612 3016  amdide - ok
20:53:59.0641 3016  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:53:59.0674 3016  AmdK8 - ok
20:53:59.0693 3016  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:53:59.0728 3016  AmdPPM - ok
20:53:59.0772 3016  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:53:59.0788 3016  amdsata - ok
20:53:59.0827 3016  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:53:59.0844 3016  amdsbs - ok
20:53:59.0863 3016  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:53:59.0877 3016  amdxata - ok
20:53:59.0956 3016  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:53:59.0975 3016  AntiVirSchedulerService - ok
20:54:00.0012 3016  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:54:00.0033 3016  AntiVirService - ok
20:54:00.0080 3016  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:54:00.0149 3016  AppID - ok
20:54:00.0177 3016  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:54:00.0244 3016  AppIDSvc - ok
20:54:00.0283 3016  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:54:00.0320 3016  Appinfo - ok
20:54:00.0357 3016  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:54:00.0382 3016  arc - ok
20:54:00.0399 3016  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:54:00.0424 3016  arcsas - ok
20:54:00.0528 3016  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:54:00.0549 3016  aspnet_state - ok
20:54:00.0582 3016  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:00.0637 3016  AsyncMac - ok
20:54:00.0685 3016  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:54:00.0699 3016  atapi - ok
20:54:00.0773 3016  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:54:00.0833 3016  athr - ok
20:54:00.0891 3016  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:54:00.0964 3016  AudioEndpointBuilder - ok
20:54:00.0976 3016  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:54:01.0020 3016  AudioSrv - ok
20:54:01.0067 3016  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:54:01.0086 3016  avgntflt - ok
20:54:01.0130 3016  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:54:01.0144 3016  avipbb - ok
20:54:01.0180 3016  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:54:01.0192 3016  avkmgr - ok
20:54:01.0250 3016  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:54:01.0295 3016  AxInstSV - ok
20:54:01.0343 3016  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:54:01.0381 3016  b06bdrv - ok
20:54:01.0415 3016  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:54:01.0444 3016  b57nd60a - ok
20:54:01.0496 3016  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
20:54:01.0549 3016  BCM43XX - ok
20:54:01.0579 3016  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:54:01.0609 3016  BDESVC - ok
20:54:01.0628 3016  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:54:01.0686 3016  Beep - ok
20:54:01.0750 3016  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:54:01.0797 3016  BFE - ok
20:54:01.0837 3016  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:54:01.0901 3016  BITS - ok
20:54:01.0931 3016  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:54:01.0954 3016  blbdrive - ok
20:54:01.0999 3016  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:54:02.0038 3016  bowser - ok
20:54:02.0060 3016  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:54:02.0091 3016  BrFiltLo - ok
20:54:02.0118 3016  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:54:02.0135 3016  BrFiltUp - ok
20:54:02.0181 3016  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:54:02.0219 3016  Browser - ok
20:54:02.0242 3016  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:54:02.0276 3016  Brserid - ok
20:54:02.0293 3016  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:54:02.0317 3016  BrSerWdm - ok
20:54:02.0338 3016  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:54:02.0370 3016  BrUsbMdm - ok
20:54:02.0397 3016  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:54:02.0423 3016  BrUsbSer - ok
20:54:02.0473 3016  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:54:02.0528 3016  BthEnum - ok
20:54:02.0554 3016  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:54:02.0598 3016  BTHMODEM - ok
20:54:02.0625 3016  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:54:02.0665 3016  BthPan - ok
20:54:02.0726 3016  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:54:02.0770 3016  BTHPORT - ok
20:54:02.0798 3016  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:54:02.0852 3016  bthserv - ok
20:54:02.0892 3016  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:54:02.0926 3016  BTHUSB - ok
20:54:02.0970 3016  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:54:03.0026 3016  cdfs - ok
20:54:03.0080 3016  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:54:03.0112 3016  cdrom - ok
20:54:03.0151 3016  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:54:03.0199 3016  CertPropSvc - ok
20:54:03.0226 3016  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:54:03.0256 3016  circlass - ok
20:54:03.0277 3016  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:54:03.0296 3016  CLFS - ok
20:54:03.0337 3016  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:54:03.0357 3016  clr_optimization_v2.0.50727_32 - ok
20:54:03.0394 3016  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:54:03.0406 3016  clr_optimization_v2.0.50727_64 - ok
20:54:03.0455 3016  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:54:03.0467 3016  clr_optimization_v4.0.30319_32 - ok
20:54:03.0485 3016  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:54:03.0498 3016  clr_optimization_v4.0.30319_64 - ok
20:54:03.0528 3016  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:54:03.0551 3016  CmBatt - ok
20:54:03.0563 3016  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:54:03.0577 3016  cmdide - ok
20:54:03.0619 3016  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:54:03.0662 3016  CNG - ok
20:54:03.0686 3016  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:54:03.0701 3016  Compbatt - ok
20:54:03.0748 3016  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:54:03.0771 3016  CompositeBus - ok
20:54:03.0777 3016  COMSysApp - ok
20:54:03.0792 3016  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:54:03.0806 3016  crcdisk - ok
20:54:03.0850 3016  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:54:03.0886 3016  CryptSvc - ok
20:54:03.0941 3016  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:54:03.0991 3016  DcomLaunch - ok
20:54:04.0035 3016  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:54:04.0089 3016  defragsvc - ok
20:54:04.0119 3016  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:54:04.0175 3016  DfsC - ok
20:54:04.0231 3016  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:54:04.0263 3016  Dhcp - ok
20:54:04.0286 3016  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:54:04.0325 3016  discache - ok
20:54:04.0363 3016  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:54:04.0379 3016  Disk - ok
20:54:04.0451 3016  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
20:54:04.0463 3016  DKbFltr - ok
20:54:04.0502 3016  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:54:04.0532 3016  Dnscache - ok
20:54:04.0589 3016  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:54:04.0649 3016  dot3svc - ok
20:54:04.0692 3016  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:54:04.0720 3016  Dot4 - ok
20:54:04.0776 3016  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:54:04.0818 3016  Dot4Print - ok
20:54:04.0832 3016  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:54:04.0866 3016  dot4usb - ok
20:54:04.0909 3016  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:54:04.0973 3016  DPS - ok
20:54:05.0002 3016  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:54:05.0019 3016  drmkaud - ok
20:54:05.0067 3016  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:54:05.0096 3016  DXGKrnl - ok
20:54:05.0134 3016  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:54:05.0182 3016  EapHost - ok
20:54:05.0284 3016  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:54:05.0429 3016  ebdrv - ok
20:54:05.0466 3016  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:54:05.0492 3016  EFS - ok
20:54:05.0563 3016  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:54:05.0623 3016  ehRecvr - ok
20:54:05.0642 3016  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:54:05.0664 3016  ehSched - ok
20:54:05.0704 3016  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:54:05.0728 3016  elxstor - ok
20:54:05.0816 3016  [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:54:05.0847 3016  ePowerSvc - ok
20:54:05.0877 3016  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:54:05.0909 3016  ErrDev - ok
20:54:05.0966 3016  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:54:06.0022 3016  EventSystem - ok
20:54:06.0033 3016  ewusbnet - ok
20:54:06.0051 3016  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:54:06.0102 3016  exfat - ok
20:54:06.0137 3016  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:54:06.0186 3016  fastfat - ok
20:54:06.0237 3016  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:54:06.0273 3016  Fax - ok
20:54:06.0284 3016  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:54:06.0299 3016  fdc - ok
20:54:06.0326 3016  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:54:06.0365 3016  fdPHost - ok
20:54:06.0383 3016  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:54:06.0434 3016  FDResPub - ok
20:54:06.0465 3016  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:54:06.0480 3016  FileInfo - ok
20:54:06.0499 3016  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:54:06.0550 3016  Filetrace - ok
20:54:06.0569 3016  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:54:06.0599 3016  flpydisk - ok
20:54:06.0633 3016  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:54:06.0652 3016  FltMgr - ok
20:54:06.0742 3016  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:54:06.0779 3016  FontCache - ok
20:54:06.0831 3016  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:54:06.0842 3016  FontCache3.0.0.0 - ok
20:54:06.0868 3016  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:54:06.0883 3016  FsDepends - ok
20:54:06.0899 3016  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:54:06.0912 3016  Fs_Rec - ok
20:54:06.0956 3016  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:54:06.0976 3016  fvevol - ok
20:54:07.0005 3016  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:54:07.0020 3016  gagp30kx - ok
20:54:07.0064 3016  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:54:07.0143 3016  gpsvc - ok
20:54:07.0219 3016  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
20:54:07.0254 3016  Greg_Service - ok
20:54:07.0277 3016  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:54:07.0306 3016  hcw85cir - ok
20:54:07.0359 3016  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:54:07.0393 3016  HdAudAddService - ok
20:54:07.0424 3016  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:54:07.0451 3016  HDAudBus - ok
20:54:07.0469 3016  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:54:07.0492 3016  HidBatt - ok
20:54:07.0512 3016  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:54:07.0538 3016  HidBth - ok
20:54:07.0554 3016  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:54:07.0577 3016  HidIr - ok
20:54:07.0598 3016  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:54:07.0642 3016  hidserv - ok
20:54:07.0706 3016  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:54:07.0721 3016  HidUsb - ok
20:54:07.0766 3016  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:54:07.0803 3016  hkmsvc - ok
20:54:07.0847 3016  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:54:07.0883 3016  HomeGroupListener - ok
20:54:07.0919 3016  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:54:07.0950 3016  HomeGroupProvider - ok
20:54:08.0033 3016  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:54:08.0054 3016  hpqcxs08 - ok
20:54:08.0105 3016  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:54:08.0115 3016  hpqddsvc - ok
20:54:08.0156 3016  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:54:08.0173 3016  HpSAMD - ok
20:54:08.0233 3016  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:54:08.0287 3016  HTTP - ok
20:54:08.0314 3016  hwdatacard - ok
20:54:08.0348 3016  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:54:08.0361 3016  hwpolicy - ok
20:54:08.0387 3016  hwusbdev - ok
20:54:08.0452 3016  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:54:08.0468 3016  i8042prt - ok
20:54:08.0552 3016  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:54:08.0579 3016  IAANTMON - ok
20:54:08.0600 3016  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:54:08.0617 3016  iaStor - ok
20:54:08.0664 3016  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:54:08.0686 3016  iaStorV - ok
20:54:08.0750 3016  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:54:08.0793 3016  idsvc - ok
20:54:08.0953 3016  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:54:09.0152 3016  igfx - ok
20:54:09.0181 3016  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:54:09.0196 3016  iirsp - ok
20:54:09.0259 3016  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:54:09.0322 3016  IKEEXT - ok
20:54:09.0411 3016  [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:54:09.0453 3016  IntcAzAudAddService - ok
20:54:09.0495 3016  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:54:09.0517 3016  intelide - ok
20:54:09.0548 3016  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:54:09.0580 3016  intelppm - ok
20:54:09.0600 3016  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:54:09.0654 3016  IPBusEnum - ok
20:54:09.0694 3016  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:54:09.0745 3016  IpFilterDriver - ok
20:54:09.0805 3016  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:54:09.0841 3016  iphlpsvc - ok
20:54:09.0882 3016  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:54:09.0907 3016  IPMIDRV - ok
20:54:09.0937 3016  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:54:09.0986 3016  IPNAT - ok
20:54:10.0001 3016  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:54:10.0027 3016  IRENUM - ok
20:54:10.0038 3016  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:54:10.0053 3016  isapnp - ok
20:54:10.0075 3016  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:54:10.0094 3016  iScsiPrt - ok
20:54:10.0134 3016  [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:54:10.0150 3016  k57nd60a - ok
20:54:10.0198 3016  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:54:10.0213 3016  kbdclass - ok
20:54:10.0244 3016  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:54:10.0270 3016  kbdhid - ok
20:54:10.0289 3016  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:54:10.0303 3016  KeyIso - ok
20:54:10.0344 3016  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:54:10.0365 3016  KSecDD - ok
20:54:10.0403 3016  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:54:10.0419 3016  KSecPkg - ok
20:54:10.0454 3016  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:54:10.0499 3016  ksthunk - ok
20:54:10.0540 3016  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:54:10.0617 3016  KtmRm - ok
20:54:10.0644 3016  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
20:54:10.0672 3016  L1E - ok
20:54:10.0716 3016  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:54:10.0763 3016  LanmanServer - ok
20:54:10.0802 3016  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:54:10.0848 3016  LanmanWorkstation - ok
20:54:10.0901 3016  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:54:10.0954 3016  lltdio - ok
20:54:10.0989 3016  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:54:11.0059 3016  lltdsvc - ok
20:54:11.0070 3016  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:54:11.0110 3016  lmhosts - ok
20:54:11.0144 3016  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:54:11.0160 3016  LSI_FC - ok
20:54:11.0192 3016  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:54:11.0208 3016  LSI_SAS - ok
20:54:11.0227 3016  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:54:11.0242 3016  LSI_SAS2 - ok
20:54:11.0265 3016  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:54:11.0281 3016  LSI_SCSI - ok
20:54:11.0304 3016  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:54:11.0357 3016  luafv - ok
20:54:11.0393 3016  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:54:11.0430 3016  Mcx2Svc - ok
20:54:11.0481 3016  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:54:11.0498 3016  MDM - ok
20:54:11.0520 3016  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:54:11.0534 3016  megasas - ok
20:54:11.0558 3016  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:54:11.0577 3016  MegaSR - ok
20:54:11.0610 3016  [ 1C049B43538887334CC27450BFD05DBF ] MHIKEY10        C:\Windows\system32\Drivers\MHIKEY10x64.sys
20:54:11.0633 3016  MHIKEY10 - ok
20:54:11.0670 3016  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:54:11.0719 3016  MMCSS - ok
20:54:11.0738 3016  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:54:11.0791 3016  Modem - ok
20:54:11.0820 3016  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:54:11.0843 3016  monitor - ok
20:54:11.0860 3016  motmodem - ok
20:54:11.0891 3016  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:54:11.0905 3016  mouclass - ok
20:54:11.0941 3016  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:54:11.0956 3016  mouhid - ok
20:54:11.0983 3016  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:54:11.0997 3016  mountmgr - ok
20:54:12.0034 3016  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:54:12.0050 3016  mpio - ok
20:54:12.0066 3016  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:54:12.0106 3016  mpsdrv - ok
20:54:12.0153 3016  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:54:12.0202 3016  MpsSvc - ok
20:54:12.0249 3016  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:54:12.0286 3016  MRxDAV - ok
20:54:12.0318 3016  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:54:12.0346 3016  mrxsmb - ok
20:54:12.0386 3016  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:54:12.0418 3016  mrxsmb10 - ok
20:54:12.0426 3016  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:54:12.0447 3016  mrxsmb20 - ok
20:54:12.0476 3016  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:54:12.0490 3016  msahci - ok
20:54:12.0503 3016  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:54:12.0518 3016  msdsm - ok
20:54:12.0551 3016  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:54:12.0576 3016  MSDTC - ok
20:54:12.0609 3016  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:54:12.0648 3016  Msfs - ok
20:54:12.0661 3016  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:54:12.0715 3016  mshidkmdf - ok
20:54:12.0732 3016  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:54:12.0746 3016  msisadrv - ok
20:54:12.0795 3016  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:54:12.0844 3016  MSiSCSI - ok
20:54:12.0849 3016  msiserver - ok
20:54:12.0887 3016  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:54:12.0937 3016  MSKSSRV - ok
20:54:12.0958 3016  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:54:13.0014 3016  MSPCLOCK - ok
20:54:13.0025 3016  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:54:13.0069 3016  MSPQM - ok
20:54:13.0119 3016  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:54:13.0151 3016  MsRPC - ok
20:54:13.0197 3016  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:54:13.0210 3016  mssmbios - ok
20:54:13.0234 3016  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:54:13.0287 3016  MSTEE - ok
20:54:13.0300 3016  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:54:13.0319 3016  MTConfig - ok
20:54:13.0342 3016  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:54:13.0357 3016  Mup - ok
20:54:13.0376 3016  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:54:13.0387 3016  mwlPSDFilter - ok
20:54:13.0407 3016  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:54:13.0418 3016  mwlPSDNServ - ok
20:54:13.0429 3016  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:54:13.0441 3016  mwlPSDVDisk - ok
20:54:13.0480 3016  [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
20:54:13.0495 3016  MWLService - ok
20:54:13.0539 3016  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:54:13.0613 3016  napagent - ok
20:54:13.0661 3016  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:54:13.0698 3016  NativeWifiP - ok
20:54:13.0753 3016  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:54:13.0784 3016  NDIS - ok
20:54:13.0815 3016  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:54:13.0868 3016  NdisCap - ok
20:54:13.0883 3016  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:54:13.0935 3016  NdisTapi - ok
20:54:13.0971 3016  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:54:14.0021 3016  Ndisuio - ok
20:54:14.0049 3016  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:54:14.0105 3016  NdisWan - ok
20:54:14.0149 3016  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:54:14.0194 3016  NDProxy - ok
20:54:14.0293 3016  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:54:14.0306 3016  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:54:14.0306 3016  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:54:14.0344 3016  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:54:14.0424 3016  NetBIOS - ok
20:54:14.0470 3016  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:54:14.0521 3016  NetBT - ok
20:54:14.0533 3016  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:54:14.0550 3016  Netlogon - ok
20:54:14.0594 3016  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:54:14.0654 3016  Netman - ok
20:54:14.0748 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:54:14.0763 3016  NetMsmqActivator - ok
20:54:14.0794 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:54:14.0809 3016  NetPipeActivator - ok
20:54:14.0840 3016  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:54:14.0913 3016  netprofm - ok
20:54:14.0959 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:54:14.0974 3016  NetTcpActivator - ok
20:54:14.0980 3016  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:54:14.0993 3016  NetTcpPortSharing - ok
20:54:15.0041 3016  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:54:15.0057 3016  nfrd960 - ok
20:54:15.0103 3016  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:54:15.0144 3016  NlaSvc - ok
20:54:15.0184 3016  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
20:54:15.0247 3016  nmwcd - ok
20:54:15.0284 3016  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
20:54:15.0330 3016  nmwcdc - ok
20:54:15.0344 3016  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:54:15.0387 3016  Npfs - ok
20:54:15.0409 3016  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:54:15.0476 3016  nsi - ok
20:54:15.0495 3016  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:54:15.0544 3016  nsiproxy - ok
20:54:15.0605 3016  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:54:15.0657 3016  Ntfs - ok
20:54:15.0717 3016  [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
20:54:15.0728 3016  NTI IScheduleSvc - ok
20:54:15.0763 3016  [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:54:15.0774 3016  NTIBackupSvc - ok
20:54:15.0802 3016  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
20:54:15.0813 3016  NTIDrvr - ok
20:54:15.0829 3016  [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:54:15.0846 3016  NTISchedulerSvc - ok
20:54:15.0873 3016  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:54:15.0923 3016  Null - ok
20:54:15.0968 3016  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:54:15.0992 3016  NVHDA - ok
20:54:16.0247 3016  [ 24F526274353FF7BB93D99D238E582DA ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:54:16.0447 3016  nvlddmkm - ok
20:54:16.0528 3016  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:54:16.0544 3016  nvraid - ok
20:54:16.0566 3016  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:54:16.0583 3016  nvstor - ok
20:54:16.0623 3016  [ AAD3B6F3E5B9FE1D29BF627904F6120F ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:54:16.0640 3016  nvsvc - ok
20:54:16.0688 3016  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:54:16.0713 3016  nv_agp - ok
20:54:16.0736 3016  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:54:16.0771 3016  ohci1394 - ok
20:54:16.0815 3016  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:54:16.0834 3016  ose - ok
20:54:16.0873 3016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:54:16.0900 3016  p2pimsvc - ok
20:54:16.0923 3016  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:54:16.0944 3016  p2psvc - ok
20:54:16.0969 3016  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:54:16.0986 3016  Parport - ok
20:54:17.0022 3016  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:54:17.0037 3016  partmgr - ok
20:54:17.0093 3016  [ 5EACB8A19CAD7057806FBBF9550165E1 ] PcaSp60         C:\Windows\system32\DRIVERS\PcaSp60.sys
20:54:17.0121 3016  PcaSp60 - ok
20:54:17.0144 3016  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:54:17.0192 3016  PcaSvc - ok
20:54:17.0252 3016  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:54:17.0264 3016  pccsmcfd - ok
20:54:17.0302 3016  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:54:17.0319 3016  pci - ok
20:54:17.0336 3016  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:54:17.0350 3016  pciide - ok
20:54:17.0382 3016  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:54:17.0400 3016  pcmcia - ok
20:54:17.0406 3016  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:54:17.0421 3016  pcw - ok
20:54:17.0460 3016  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:54:17.0518 3016  PEAUTH - ok
20:54:17.0585 3016  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:54:17.0609 3016  PerfHost - ok
20:54:17.0685 3016  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:54:17.0772 3016  pla - ok
20:54:17.0815 3016  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:54:17.0841 3016  PlugPlay - ok
20:54:17.0959 3016  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:54:17.0978 3016  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:54:17.0978 3016  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:54:18.0004 3016  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:54:18.0036 3016  PNRPAutoReg - ok
20:54:18.0051 3016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:54:18.0069 3016  PNRPsvc - ok
20:54:18.0114 3016  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:54:18.0163 3016  PolicyAgent - ok
20:54:18.0187 3016  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:54:18.0240 3016  Power - ok
20:54:18.0290 3016  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:54:18.0329 3016  PptpMiniport - ok
20:54:18.0354 3016  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:54:18.0393 3016  Processor - ok
20:54:18.0437 3016  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:54:18.0458 3016  ProfSvc - ok
20:54:18.0467 3016  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:54:18.0482 3016  ProtectedStorage - ok
20:54:18.0527 3016  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:54:18.0573 3016  Psched - ok
20:54:18.0641 3016  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:54:18.0684 3016  ql2300 - ok
20:54:18.0706 3016  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:54:18.0723 3016  ql40xx - ok
20:54:18.0745 3016  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:54:18.0774 3016  QWAVE - ok
20:54:18.0794 3016  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:54:18.0815 3016  QWAVEdrv - ok
20:54:18.0843 3016  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:54:18.0898 3016  RasAcd - ok
20:54:18.0928 3016  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:54:18.0967 3016  RasAgileVpn - ok
20:54:18.0998 3016  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:54:19.0041 3016  RasAuto - ok
20:54:19.0064 3016  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:54:19.0122 3016  Rasl2tp - ok
20:54:19.0154 3016  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:54:19.0201 3016  RasMan - ok
20:54:19.0232 3016  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:54:19.0285 3016  RasPppoe - ok
20:54:19.0291 3016  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:54:19.0334 3016  RasSstp - ok
20:54:19.0378 3016  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:54:19.0434 3016  rdbss - ok
20:54:19.0453 3016  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:54:19.0483 3016  rdpbus - ok
20:54:19.0500 3016  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:54:19.0542 3016  RDPCDD - ok
20:54:19.0554 3016  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:54:19.0605 3016  RDPENCDD - ok
20:54:19.0615 3016  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:54:19.0654 3016  RDPREFMP - ok
20:54:19.0722 3016  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:54:19.0757 3016  RdpVideoMiniport - ok
20:54:19.0795 3016  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:54:19.0837 3016  RDPWD - ok
20:54:19.0860 3016  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:54:19.0878 3016  rdyboost - ok
20:54:19.0903 3016  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:54:19.0949 3016  RemoteAccess - ok
20:54:19.0967 3016  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:54:20.0022 3016  RemoteRegistry - ok
20:54:20.0066 3016  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:54:20.0095 3016  RFCOMM - ok
20:54:20.0115 3016  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:54:20.0155 3016  RpcEptMapper - ok
20:54:20.0184 3016  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:54:20.0220 3016  RpcLocator - ok
20:54:20.0277 3016  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:54:20.0326 3016  RpcSs - ok
20:54:20.0355 3016  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:54:20.0408 3016  rspndr - ok
20:54:20.0445 3016  [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:54:20.0460 3016  RSUSBSTOR - ok
20:54:20.0485 3016  RtsUIR - ok
20:54:20.0501 3016  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:54:20.0516 3016  SamSs - ok
20:54:20.0550 3016  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:54:20.0566 3016  sbp2port - ok
20:54:20.0592 3016  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:54:20.0641 3016  SCardSvr - ok
20:54:20.0681 3016  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:54:20.0748 3016  scfilter - ok
20:54:20.0811 3016  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:54:20.0871 3016  Schedule - ok
20:54:20.0908 3016  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:54:20.0946 3016  SCPolicySvc - ok
20:54:20.0964 3016  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:54:20.0991 3016  SDRSVC - ok
20:54:21.0024 3016  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:54:21.0075 3016  secdrv - ok
20:54:21.0108 3016  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:54:21.0173 3016  seclogon - ok
20:54:21.0192 3016  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:54:21.0249 3016  SENS - ok
20:54:21.0273 3016  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:54:21.0289 3016  SensrSvc - ok
20:54:21.0311 3016  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:54:21.0326 3016  Serenum - ok
20:54:21.0359 3016  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:54:21.0381 3016  Serial - ok
20:54:21.0426 3016  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:54:21.0453 3016  sermouse - ok
20:54:21.0529 3016  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:54:21.0559 3016  ServiceLayer - ok
20:54:21.0605 3016  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:54:21.0655 3016  SessionEnv - ok
20:54:21.0689 3016  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:54:21.0717 3016  sffdisk - ok
20:54:21.0730 3016  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:54:21.0752 3016  sffp_mmc - ok
20:54:21.0770 3016  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:54:21.0814 3016  sffp_sd - ok
20:54:21.0833 3016  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:54:21.0848 3016  sfloppy - ok
20:54:21.0885 3016  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:54:21.0934 3016  SharedAccess - ok
20:54:21.0971 3016  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:54:22.0044 3016  ShellHWDetection - ok
20:54:22.0063 3016  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:54:22.0077 3016  SiSRaid2 - ok
20:54:22.0101 3016  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:54:22.0117 3016  SiSRaid4 - ok
20:54:22.0138 3016  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:54:22.0179 3016  Smb - ok
20:54:22.0223 3016  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:54:22.0241 3016  SNMPTRAP - ok
20:54:22.0260 3016  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:54:22.0276 3016  spldr - ok
20:54:22.0323 3016  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:54:22.0350 3016  Spooler - ok
20:54:22.0461 3016  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:54:22.0598 3016  sppsvc - ok
20:54:22.0629 3016  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:54:22.0673 3016  sppuinotify - ok
20:54:22.0713 3016  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:54:22.0745 3016  srv - ok
20:54:22.0785 3016  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:54:22.0821 3016  srv2 - ok
20:54:22.0835 3016  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:54:22.0861 3016  srvnet - ok
20:54:22.0901 3016  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:54:22.0944 3016  SSDPSRV - ok
20:54:22.0957 3016  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:54:22.0998 3016  SstpSvc - ok
20:54:23.0016 3016  StarOpen - ok
20:54:23.0050 3016  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:54:23.0064 3016  stexstor - ok
20:54:23.0117 3016  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:54:23.0173 3016  stisvc - ok
20:54:23.0213 3016  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:54:23.0230 3016  swenum - ok
20:54:23.0259 3016  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:54:23.0307 3016  swprv - ok
20:54:23.0348 3016  [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:54:23.0363 3016  SynTP - ok
20:54:23.0442 3016  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:54:23.0499 3016  SysMain - ok
20:54:23.0547 3016  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:54:23.0584 3016  TabletInputService - ok
20:54:23.0607 3016  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:54:23.0663 3016  TapiSrv - ok
20:54:23.0681 3016  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:54:23.0722 3016  TBS - ok
20:54:23.0804 3016  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:54:23.0860 3016  Tcpip - ok
20:54:23.0894 3016  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:54:23.0937 3016  TCPIP6 - ok
20:54:23.0980 3016  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:54:24.0008 3016  tcpipreg - ok
20:54:24.0039 3016  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:54:24.0071 3016  TDPIPE - ok
20:54:24.0115 3016  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:54:24.0147 3016  TDTCP - ok
20:54:24.0203 3016  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:54:24.0262 3016  tdx - ok
20:54:24.0296 3016  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:54:24.0311 3016  TermDD - ok
20:54:24.0337 3016  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:54:24.0397 3016  TermService - ok
20:54:24.0416 3016  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:54:24.0447 3016  Themes - ok
20:54:24.0471 3016  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:54:24.0511 3016  THREADORDER - ok
20:54:24.0550 3016  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:54:24.0602 3016  TrkWks - ok
20:54:24.0654 3016  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:54:24.0717 3016  TrustedInstaller - ok
20:54:24.0770 3016  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:54:24.0816 3016  tssecsrv - ok
20:54:24.0872 3016  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:54:24.0906 3016  TsUsbFlt - ok
20:54:25.0043 3016  [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
20:54:25.0096 3016  TuneUp.UtilitiesSvc - ok
20:54:25.0152 3016  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
20:54:25.0170 3016  TuneUpUtilitiesDrv - ok
20:54:25.0211 3016  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:54:25.0264 3016  tunnel - ok
20:54:25.0293 3016  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:54:25.0308 3016  uagp35 - ok
20:54:25.0337 3016  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
20:54:25.0353 3016  UBHelper - ok
20:54:25.0393 3016  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:54:25.0467 3016  udfs - ok
20:54:25.0506 3016  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:54:25.0523 3016  UI0Detect - ok
20:54:25.0551 3016  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:54:25.0566 3016  uliagpkx - ok
20:54:25.0617 3016  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:54:25.0654 3016  umbus - ok
20:54:25.0677 3016  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:54:25.0698 3016  UmPass - ok
20:54:25.0769 3016  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:54:25.0794 3016  Updater Service - ok
20:54:25.0823 3016  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:54:25.0877 3016  upnphost - ok
20:54:25.0902 3016  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:54:25.0945 3016  upperdev - ok
20:54:25.0985 3016  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:54:26.0000 3016  usbccgp - ok
20:54:26.0005 3016  USBCCID - ok
20:54:26.0064 3016  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:54:26.0083 3016  usbcir - ok
20:54:26.0108 3016  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:54:26.0134 3016  usbehci - ok
20:54:26.0181 3016  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:54:26.0209 3016  usbhub - ok
20:54:26.0228 3016  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:54:26.0244 3016  usbohci - ok
20:54:26.0280 3016  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:54:26.0310 3016  usbprint - ok
20:54:26.0348 3016  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:54:26.0379 3016  usbscan - ok
20:54:26.0415 3016  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
20:54:26.0437 3016  usbser - ok
20:54:26.0468 3016  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:54:26.0497 3016  UsbserFilt - ok
20:54:26.0530 3016  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:54:26.0556 3016  USBSTOR - ok
20:54:26.0603 3016  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:54:26.0629 3016  usbuhci - ok
20:54:26.0689 3016  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:54:26.0717 3016  usbvideo - ok
20:54:26.0762 3016  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:54:26.0791 3016  usb_rndisx - ok
20:54:26.0821 3016  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:54:26.0875 3016  UxSms - ok
20:54:26.0890 3016  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:54:26.0904 3016  VaultSvc - ok
20:54:26.0944 3016  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:54:26.0958 3016  vdrvroot - ok
20:54:26.0993 3016  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:54:27.0040 3016  vds - ok
20:54:27.0073 3016  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:54:27.0090 3016  vga - ok
20:54:27.0108 3016  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:54:27.0157 3016  VgaSave - ok
20:54:27.0190 3016  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:54:27.0207 3016  vhdmp - ok
20:54:27.0235 3016  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:54:27.0249 3016  viaide - ok
20:54:27.0268 3016  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:54:27.0283 3016  volmgr - ok
20:54:27.0313 3016  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:54:27.0333 3016  volmgrx - ok
20:54:27.0355 3016  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:54:27.0374 3016  volsnap - ok
20:54:27.0414 3016  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:54:27.0430 3016  vsmraid - ok
20:54:27.0493 3016  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:54:27.0568 3016  VSS - ok
20:54:27.0584 3016  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:54:27.0614 3016  vwifibus - ok
20:54:27.0628 3016  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:54:27.0665 3016  vwififlt - ok
20:54:27.0692 3016  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:54:27.0737 3016  W32Time - ok
20:54:27.0768 3016  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:54:27.0795 3016  WacomPen - ok
20:54:27.0840 3016  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:54:27.0913 3016  WANARP - ok
20:54:27.0917 3016  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:54:27.0956 3016  Wanarpv6 - ok
20:54:28.0028 3016  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:54:28.0066 3016  WatAdminSvc - ok
20:54:28.0129 3016  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:54:28.0172 3016  wbengine - ok
20:54:28.0216 3016  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:54:28.0242 3016  WbioSrvc - ok
20:54:28.0286 3016  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:54:28.0324 3016  wcncsvc - ok
20:54:28.0343 3016  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:54:28.0359 3016  WcsPlugInService - ok
20:54:28.0376 3016  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:54:28.0390 3016  Wd - ok
20:54:28.0433 3016  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:54:28.0464 3016  Wdf01000 - ok
20:54:28.0479 3016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:54:28.0508 3016  WdiServiceHost - ok
20:54:28.0513 3016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:54:28.0536 3016  WdiSystemHost - ok
20:54:28.0573 3016  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:54:28.0628 3016  WebClient - ok
20:54:28.0673 3016  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:54:28.0702 3016  Wecsvc - ok
20:54:28.0723 3016  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:54:28.0764 3016  wercplsupport - ok
20:54:28.0792 3016  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:54:28.0846 3016  WerSvc - ok
20:54:28.0881 3016  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:54:28.0921 3016  WfpLwf - ok
20:54:28.0936 3016  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:54:28.0952 3016  WIMMount - ok
20:54:28.0983 3016  WinDefend - ok
20:54:28.0997 3016  WinHttpAutoProxySvc - ok
20:54:29.0055 3016  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:54:29.0092 3016  Winmgmt - ok
20:54:29.0198 3016  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:54:29.0312 3016  WinRM - ok
20:54:29.0360 3016  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:54:29.0385 3016  WinUsb - ok
20:54:29.0426 3016  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:54:29.0467 3016  Wlansvc - ok
20:54:29.0515 3016  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:54:29.0550 3016  WmiAcpi - ok
20:54:29.0595 3016  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:54:29.0622 3016  wmiApSrv - ok
20:54:29.0656 3016  WMPNetworkSvc - ok
20:54:29.0672 3016  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:54:29.0688 3016  WPCSvc - ok
20:54:29.0725 3016  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:54:29.0743 3016  WPDBusEnum - ok
20:54:29.0767 3016  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:54:29.0816 3016  ws2ifsl - ok
20:54:29.0833 3016  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:54:29.0865 3016  wscsvc - ok
20:54:29.0870 3016  WSearch - ok
20:54:29.0973 3016  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:54:30.0038 3016  wuauserv - ok
20:54:30.0075 3016  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:54:30.0097 3016  WudfPf - ok
20:54:30.0138 3016  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:54:30.0164 3016  WUDFRd - ok
20:54:30.0211 3016  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:54:30.0245 3016  wudfsvc - ok
20:54:30.0283 3016  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:54:30.0310 3016  WwanSvc - ok
20:54:30.0353 3016  ================ Scan global ===============================
20:54:30.0380 3016  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:54:30.0426 3016  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:54:30.0438 3016  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:54:30.0468 3016  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:54:30.0498 3016  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:54:30.0504 3016  [Global] - ok
20:54:30.0505 3016  ================ Scan MBR ==================================
20:54:30.0522 3016  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:54:30.0788 3016  \Device\Harddisk0\DR0 - ok
20:54:30.0795 3016  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR2
20:54:33.0550 3016  \Device\Harddisk1\DR2 - ok
20:54:33.0551 3016  ================ Scan VBR ==================================
20:54:33.0556 3016  [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
20:54:33.0558 3016  \Device\Harddisk0\DR0\Partition1 - ok
20:54:33.0591 3016  [ B9742F881541E81711E83824EA527C2B ] \Device\Harddisk0\DR0\Partition2
20:54:33.0592 3016  \Device\Harddisk0\DR0\Partition2 - ok
20:54:33.0615 3016  [ 647B86BB350F305F4AF580EF408DD463 ] \Device\Harddisk0\DR0\Partition3
20:54:33.0617 3016  \Device\Harddisk0\DR0\Partition3 - ok
20:54:33.0622 3016  [ 39D277FA20ECDD6C9C7C7B8C7E272A31 ] \Device\Harddisk1\DR2\Partition1
20:54:33.0623 3016  \Device\Harddisk1\DR2\Partition1 - ok
20:54:33.0624 3016  ============================================================
20:54:33.0624 3016  Scan finished
20:54:33.0624 3016  ============================================================
20:54:33.0640 4948  Detected object count: 2
20:54:33.0640 4948  Actual detected object count: 2
20:54:59.0037 4948  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:54:59.0037 4948  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:54:59.0038 4948  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:54:59.0038 4948  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Und auch hier sage ich

LG TiRoFiOs
Geändert von TiRoFiOs (09.06.2013 um 19:59 Uhr)

Alt 09.06.2013, 20:07   #8
markusg
/// Malware-holic
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 20:45   #9
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hi,

Avira hatte gemeckert wg. Registry, obwohl deaktiviert war.

Ansonsten hatte nichts gemeckert.

Hier ist der Logfile

Code:
ATTFilter
ComboFix 13-06-08.02 - josef 09.06.2013  21:30:34.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2580 [GMT 2:00]
ausgeführt von:: c:\users\josef\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\32otof.pad
c:\programdata\lz6gj.bat
c:\users\josef\AppData\Roaming\.#
c:\users\josef\AppData\Roaming\.#\MBX@EA0@6B2770.###
c:\users\josef\AppData\Roaming\.#\MBX@EA0@6B27A0.###
c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-09 bis 2013-06-09  ))))))))))))))))))))))))))))))
.
.
2013-06-09 19:37 . 2013-06-09 19:37	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-06-09 19:37 . 2013-06-09 19:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-14 20:23 . 2013-04-05 04:43	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-14 20:21 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-13 08:16 . 2013-05-13 08:16	--------	d-----w-	c:\users\josef\AppData\Roaming\Ashampoo
2013-05-13 08:15 . 2013-05-13 08:15	--------	d-----w-	c:\users\josef\AppData\Local\ashampoo
2013-05-13 08:15 . 2013-05-13 08:15	--------	d-----w-	c:\programdata\Ashampoo
2013-05-13 08:15 . 2013-05-13 08:15	--------	d-----w-	c:\program files (x86)\Ashampoo
2013-05-13 08:15 . 2013-05-13 08:15	--------	d-----w-	c:\users\josef\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 20:32 . 2009-11-30 07:43	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-07 20:29 . 2013-05-07 20:29	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2009-11-19 18:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:21	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:21	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:21	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:21	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:21	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:21	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 19:11	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 03:46 . 2013-05-07 20:13	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A8C033C-C737-4D55-A7E3-24FD4FE4E58F}\mpengine.dll
2013-03-19 06:04 . 2013-04-10 09:26	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 09:25	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 09:25	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:25	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 09:25	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 09:25	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-14 20:24 . 2013-03-14 20:24	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-14 20:24 . 2013-03-14 20:24	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-14 20:24 . 2013-03-14 20:24	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-14 20:24 . 2013-03-14 20:24	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-14 20:24 . 2013-03-14 20:24	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-14 20:24 . 2013-03-14 20:24	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-14 20:24 . 2013-03-14 20:24	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-14 20:24 . 2013-03-14 20:24	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-14 20:24 . 2013-03-14 20:24	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-14 20:24 . 2013-03-14 20:24	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-14 20:24 . 2013-03-14 20:24	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-14 20:24 . 2013-03-14 20:24	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-14 20:24 . 2013-03-14 20:24	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-14 20:24 . 2013-03-14 20:24	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-14 20:24 . 2013-03-14 20:24	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-14 20:24 . 2013-03-14 20:24	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-14 20:24 . 2013-03-14 20:24	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-14 20:24 . 2013-03-14 20:24	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-14 20:24 . 2013-03-14 20:24	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-14 20:24 . 2013-03-14 20:24	441856	----a-w-	c:\windows\system32\html.iec
2013-03-14 20:24 . 2013-03-14 20:24	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-14 20:24 . 2013-03-14 20:24	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-14 20:24 . 2013-03-14 20:24	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-14 20:24 . 2013-03-14 20:24	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-14 20:24 . 2013-03-14 20:24	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-14 20:24 . 2013-03-14 20:24	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-14 20:24 . 2013-03-14 20:24	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-14 20:24 . 2013-03-14 20:24	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-14 20:24 . 2013-03-14 20:24	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-14 20:24 . 2013-03-14 20:24	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-14 20:24 . 2013-03-14 20:24	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-14 20:24 . 2013-03-14 20:24	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-14 20:24 . 2013-03-14 20:24	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-14 20:24 . 2013-03-14 20:24	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-14 20:24 . 2013-03-14 20:24	235008	----a-w-	c:\windows\system32\url.dll
2013-03-14 20:24 . 2013-03-14 20:24	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-14 20:24 . 2013-03-14 20:24	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-14 20:24 . 2013-03-14 20:24	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-14 20:24 . 2013-03-14 20:24	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-14 20:24 . 2013-03-14 20:24	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-14 20:24 . 2013-03-14 20:24	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-14 20:24 . 2013-03-14 20:24	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-14 20:24 . 2013-03-14 20:24	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-14 20:24 . 2013-03-14 20:24	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-14 20:24 . 2013-03-14 20:24	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-14 20:24 . 2013-03-14 20:24	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-14 20:24 . 2013-03-14 20:24	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-14 20:24 . 2013-03-14 20:24	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-14 20:24 . 2013-03-14 20:24	12800	----a-w-	c:\windows\system32\msfeedssync.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\Winload\prxtbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	281760	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
c:\users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	342176	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\josef\AppData\Roaming\Mozilla\Firefox\Profiles\31fc6rsa.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
URLSearchHooks-{88d776b4-c426-402a-961c-db0e25e2317b} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0˜*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-09  21:39:56
ComboFix-quarantined-files.txt  2013-06-09 19:39
.
Vor Suchlauf: 14 Verzeichnis(se), 85.675.728.896 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 85.174.067.200 Bytes frei
.
- - End Of File - - 7F391200F46FBCAB62D2754DC092DA25
5C616939100B85E558DA92B899A0FC36
Auch an dieser Stelle wieder

LG TiRoFiOs

Alt 09.06.2013, 21:36   #10
markusg
/// Malware-holic
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 21:40   #11
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Melde mich morgen früh zurück, da mein Bett nach mir ruft.

Ich sage vorab schon einmal Danke und eine gute Nacht.

Alt 09.06.2013, 21:41   #12
markusg
/// Malware-holic
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


ok bis morgen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.06.2013, 11:21   #13
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hallo,

hier ist das Logfile von Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.10.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
josef :: JOSEF-PC [Administrator]

Schutz: Aktiviert

10.06.2013 10:47:34
mbam-log-2013-06-10 (10-47-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 390140
Laufzeit: 1 Stunde(n), 26 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und auch an dieser Stelle mal ein dickes

Alt 10.06.2013, 11:26   #14
markusg
/// Malware-holic
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.06.2013, 12:07   #15
TiRoFiOs
 
GUV Trojaner Windows 7 - Standard

GUV Trojaner Windows 7


Huhu,

hier ist die gewünschte Liste

Code:
ATTFilter
Acer Arcade Deluxe	CyberLink Corp.	03.10.2009	96,4MB	3.0.6731 unbekannt
Acer Backup Manager	NewTech Infosystems	22.08.2009	23,1MB	2.0.0.22 unbekannt
Acer Crystal Eye webcam Ver:1.1.74.216	Chicony Electronics Co.,Ltd.	03.10.2009		1.1.74.216 unbekannt
Acer ePower Management	Acer Incorporated	03.10.2009		4.05.3002 unbekannt
Acer eRecovery Management	Acer Incorporated	03.10.2009		4.05.3003 unbekannt
Acer GameZone Console	Oberon Media, Inc.	22.08.2009		5.1.0.2 unbekannt
Acer GridVista	Acer Inc.	03.10.2009		3.01.0730 unbekannt
Acer Registration	Acer Incorporated	03.10.2009		1.02.3004 unbekannt
Acer ScreenSaver	Acer Incorporated	03.10.2009		1.7.0715 unbekannt
Acer Updater	Acer Incorporated	21.08.2009		1.01.3014 unbekannt
Acrobat.com	Adobe Systems Incorporated	21.08.2009	1,60MB	1.6.65 unbekannt
Adobe AIR	Adobe Systems Inc.	30.05.2010		1.5.3.9130 unbekannt
Adobe Reader X (10.1.7) - Deutsch	Adobe Systems Incorporated	16.05.2013	169MB	10.1.7 notwendig
Adobe Shockwave Player 12.0	Adobe Systems, Inc.	17.03.2013		12.0.0.112 unbekannt
Ashampoo Burning Studio 6 FREE v.6.83	Ashampoo GmbH & Co. KG	13.05.2013	34,2MB	6.8.3 unnotig
ASUS RT-AC66U Wireless Router Utilities	ASUS	04.01.2013		4.2.6.0 notwendig
Avira Free Antivirus	Avira	07.05.2013	130MB	13.0.0.3640 notwendig
Broadcom Gigabit NetLink Controller	Broadcom Corporation	21.08.2009	460KB	12.26.02 unbekannt
CCleaner	Piriform	24.05.2013		4.02 notwendig
Compatibility Pack for the 2007 Office system	Microsoft Corporation	09.01.2013	192MB	12.0.6612.1000 unnötig
Compatibility Pack für 2007 Office System	Microsoft Corporation	09.01.2013	236MB	12.0.6612.1000 notwendig
EtikettenAssistent 4.2	HERMA	16.11.2012	14,0MB	4.2.1 unnötig
Foxit Creator	Foxit Corporation	30.11.2010		3,0,2,0506 unbekannt
Foxit Reader	Foxit Software Company	20.11.2009		3.1.3.1030 unbekannt
Free YouTube Download version 3.2.0.128	DVDVideoSoft Ltd.	17.02.2013	67,7MB	3.2.0.128 unnötig
HP Customer Participation Program 14.0	HP	30.05.2012		14.0 notwendig
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät	Hewlett-Packard Co.	08.03.2012	69,2MB	20.0.771.0 notwendig
HP Deskjet 1050 J410 series Hilfe	Hewlett Packard	08.03.2012	12,1MB	140.0.56.56 notwendig
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6	HP	30.05.2012		14.0 notwendig
HP Imaging Device Functions 14.0	HP	30.05.2012		14.0 notwendig
HP Print Projects 1.0	HP	01.03.2010		1.0 notwendig
HP Smart Web Printing 4.60	HP	31.05.2010		4.60 notwendig
HP Solution Center 14.0	HP	30.05.2012		14.0 notwendig
HP Update	Hewlett-Packard	05.02.2012	3,98MB	5.003.001.001 notwendig
Identity Card	Acer Incorporated	03.10.2009		1.00.3001unbekannt
Image Plugin	Snap-on Business Solutions	30.01.2013	1,39MB	3.05.0001 unbekannt
Intel® Matrix Storage Manager	Intel Corporation	03.10.2009 unbekannt		
Java 7 Update 9	Oracle	06.09.2012	128MB	7.0.90 unbekannt
Launch Manager	Acer Inc.	03.10.2009		3.0.03 unbekannt
Lexware Info Service	Lexware GmbH & Co. KG	11.04.2010	10,4MB	2.61.00.0033 unbekannt
LSI HDA Modem	LSI Corporation	03.10.2009	16,0KB	2.1.94 unbekannt
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	10.06.2013	19,2MB	1.75.0.1300 unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.08.2010	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.08.2010	2,93MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended	Microsoft Corporation	08.06.2011	51,9MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	08.06.2011	10,6MB	4.0.30319 unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	17.09.2011	7,95MB	14.0.5130.5003 unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	27.05.2010	508KB	2.0.4024.1 unbekannt
Microsoft Office Professional Edition 2003	Microsoft Corporation	14.05.2013	1,85GB	11.0.8173.0 unbekannt
Microsoft Office Suite Activation Assistant	Microsoft Corporation	22.08.2009	8,36MB	2.9 unbekannt
Microsoft Office Word Viewer 2003	Microsoft Corporation	14.05.2013	64,9MB	11.0.8173.0 unbekannt
Microsoft Silverlight	Microsoft Corporation	13.03.2013	100MB	5.1.20125.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	19.11.2009	250KB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.01.2013	2,37MB	8.0.59193 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	30.04.2011	614KB	8.0.61000 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	04.05.2011	580KB	8.0.51011 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	17.11.2010	212KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	22.12.2009	200KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	27.04.2011	790KB	9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	27.04.2011	598KB	9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	14.11.2010	2,52MB	9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	17.06.2011	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	28.12.2010	234KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	20.11.2009	596KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.03.2010	594KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	18.10.2011	16,5MB	10.0.40219 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 - ENU	Microsoft Corporation	17.06.2011	211MB	9.0.30729 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU	Microsoft Corporation	30.11.2010	96,0MB	9.0.30729 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 Runtime	Microsoft Corporation	30.11.2010	158KB	9.0.30729 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU	Microsoft Corporation	30.11.2010	226KB	9.0.30729 unbekannt
Microsoft Works	Microsoft Corporation	10.10.2012	1,34GB	9.7.0621 unbekannt
Mozilla Firefox 21.0 (x86 de)	Mozilla	09.06.2013	44,5MB	21.0 notwendig
Mozilla Maintenance Service	Mozilla	09.06.2013	219KB	21.0 unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.11.2009	1,27MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	30.11.2009	1,33MB	4.20.9876.0 unbekannt
MyWinLocker	Egis Technology Inc.	22.08.2009	47,9MB	3.1.72.0 unbekannt
Nokia Connectivity Cable Driver	Nokia	30.06.2012	3,95MB	7.1.78.0 unnötig
Nokia Suite	Nokia	04.10.2012		3.5.34.0 unnötig
NTI Backup Now 5	NewTech Infosystems	21.08.2009	465MB	5.1.2.627 unbekannt
NTI Media Maker 8	NewTech Infosystems	21.08.2009	768MB	8.0.12.6619 unbekannt
NVIDIA Drivers	NVIDIA Corporation	03.10.2009		1.5 unbekannt
NVIDIA HD-Audiotreiber 1.3.18.0	NVIDIA Corporation	14.03.2013		1.3.18.0 unbekannt
NVIDIA PhysX	NVIDIA Corporation	03.10.2009	119MB	9.09.0203 unbekannt
OpenOffice.org 3.4.1	Apache Software Foundation	04.02.2013	331MB	3.41.9593 unbekannt
PC Connectivity Solution	Nokia	04.10.2012	21,2MB	12.0.32.0 unnötig
QuickTime	Apple Inc.	20.11.2012	73,1MB	7.73.80.64 unnötig
RAF	FUJIFILM Corporation	10.06.2012		1.00.0001 unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	03.10.2009		6.0.1.5911 unbekannt
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	21.08.2009		6.1.7100.30093 unbekannt
SAMSUNG Mobile Composite Device Software		25.09.2012 unnötig		
SAMSUNG Mobile Modem Driver Set		25.09.2012 unnötig		
Samsung Mobile phone USB driver Drive Software		25.09.2012 unnötig		
SAMSUNG Mobile USB Modem 1.0 Software		25.09.2012 unnötig		
SAMSUNG Mobile USB Modem Software		25.09.2012 unnötig		
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)	Microsoft	22.09.2012	288KB	1.0.0 unbekannt
Synaptics Pointing Device Driver	Synaptics Incorporated	03.10.2009		13.2.2.0 unbekannt
TuneUp Utilities 2012	TuneUp Software	17.12.2012		12.0.3600.73 unnötig 
Visitenkarten in 2 Minuten		27.09.2012 unnötig		
VLC media player 1.0.3	VideoLAN Team	22.11.2009		1.0.3 unbekannt
Welcome Center	Acer Incorporated	03.10.2009		1.00.3005 unbekannt
Windows Live-Uploadtool	Microsoft Corporation	03.10.2009	224KB	14.0.8014.1029 unbekannt
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)	Nokia	04.10.2012		05/31/2012 7.1.2.0 unnötig
WinRAR		20.03.2010 unbekannt	
WinZip 16.5	WinZip Computing, S.L. 	25.09.2012	94,6MB	16.5.10095 unbekannt
Zattoo4 4.0.5	Zattoo Inc.	25.06.2010		4.0.5 unnötig
ZooEasy v10	Reudink Software	26.01.2011		10.02 unnötig


LG TiRoFiOs

Antwort
Seite 1 von 3 1 23

Themen zu GUV Trojaner Windows 7
abgesicherte, abgesicherten, aufforderung, eventuellen, gestartet, gesuch, gesucht, hallo zusammen, inter, interne, internetseite, liebe, lieben, lösungen, modus, nichts, offen, rechner, schei, seite, troja, trojaner, windows, windows 7, zusammen


« Pc Langsam bei Genuss von Spielen /HD Videos | Coin Miner,msdcsc entfernen »


Ähnliche Themen: GUV Trojaner Windows 7


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  5. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  8. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  10. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GUV Trojaner Windows 7 - Hallo zusammen, mein Schwiegervater hat sich anscheinend den sogenannten GUV Trojaner eingehandelt. Sah nur das eine Internetseite von der GUV offen ist mit der Aufforderung 100€ zuzahlen - Merkwürdigkeit: Seit - GUV Trojaner Windows 7...
Archiv
Du betrachtest: GUV Trojaner Windows 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129