Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.06.2012, 01:49   #1
PerfectOcean
 
Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Standard

Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt



Hallo liebe Leute,

seit einiger Zeit öffnet sich beim Starten von Windows jedesmal kurzzeitig die cmd.exe und führt irgendetwas aus. Da ich in diesem Forum gelesen habe, dass dies eventuell ein Wurm/Würmer sein kann, ersuche ich nun bei euch um Hilfe. Seitdem dieses "Problem" besteht, wird der Desktop auch um einiges langsamer als vorher geladen. Ein Scan mit Avast ergab nichts und auch eine Systemwiederherstellung hat nicht geholfen. Ich habe nach den Ergebnissen der anderen Threads im Logfile von HJT gesucht, allerdings nichts dergleichen gefunden. Ich hoffe Ihr könnt mir meine OTL logs auswerten und ggf. Rat geben.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 23.06.2012 02:00:05 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,87 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 76,85% Memory free
11,73 Gb Paging File | 10,13 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 69,06 Gb Free Space | 15,15% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 183,50 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.23 00:27:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.03.15 22:42:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.22 20:11:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.19 12:05:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.16 23:00:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.03.15 22:42:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0)
SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 19:51:07 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.10.29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE471
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.http: "157.181.228.181"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.16 16:56:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.25 03:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 23:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 13:59:33 | 000,000,000 | ---D | M]
 
[2012.02.14 19:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.15 19:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fy5wpy12.default\extensions
[2012.03.16 22:36:00 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\11-suche.xml
[2012.03.16 22:36:00 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\englische-ergebnisse.xml
[2012.03.16 22:36:00 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\gmx-suche.xml
[2012.03.16 22:36:00 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\lastminute.xml
[2012.03.16 22:36:00 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\webde-suche.xml
[2012.06.13 12:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.13 12:47:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.02.25 03:41:17 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.02.25 03:39:12 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FY5WPY12.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.06.15 19:30:57 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FY5WPY12.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.16 23:00:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53F9B157-4FFE-4027-AA83-3BB5E8F64FC8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF47CFB1-341A-429E-9B4F-E7CF6D8ACFE5}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.16 21:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Island DELUXE EDITION
[2012.06.16 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Tunngle
[2012.06.16 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Tunngle
[2012.06.16 16:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2012.06.16 16:49:27 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2012.06.16 16:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2012.06.16 16:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2012.06.15 14:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QfG
[2012.06.15 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wolfenstein
[2012.06.13 12:26:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.13 12:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 19:57:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Activision
[2012.06.12 17:58:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\globalip
[2012.06.12 17:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalip
[2012.06.10 19:37:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ArmA 2 Free
[2012.06.10 19:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.06.10 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.06.10 19:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012.06.05 21:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\d. gray-man
[2012.06.04 21:03:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mashiro
[2012.05.27 14:08:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\fltk.org
[2012.05.27 14:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012.05.27 14:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012.05.27 14:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2012.05.27 00:51:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Amnesia
[2012.05.27 00:44:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OnLive App
[2012.05.27 00:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OnLive App
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.23 01:58:42 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.23 01:23:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.22 19:58:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 19:58:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 19:50:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.22 19:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.22 19:50:14 | 429,178,879 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 13:52:57 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012.06.17 16:13:56 | 004,916,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.16 21:34:52 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Dead Island DELUXE EDITION.lnk
[2012.06.16 17:56:23 | 000,001,084 | ---- | M] () -- C:\Users\***\Desktop\save_0.sav
[2012.06.16 16:49:28 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2012.06.14 23:58:08 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 23:58:08 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 23:58:08 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 23:58:08 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 23:58:08 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 20:52:35 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.06.13 13:11:18 | 000,000,221 | ---- | M] () -- C:\Users\***\Desktop\Call of Duty Black Ops - Multiplayer.url
[2012.06.13 12:39:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.06.07 12:01:00 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.07 12:01:00 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.07 12:00:40 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.05 20:24:56 | 000,000,559 | ---- | M] () -- C:\Users\***\Desktop\antrag.rtf
[2012.05.31 20:31:10 | 002,212,458 | ---- | M] () -- C:\Users\***\Desktop\The Qemists - Dem na Like me.mp3
[2012.05.27 14:04:29 | 000,002,184 | ---- | M] () -- C:\Users\***\Desktop\Amnesia.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.23 01:58:42 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.16 21:34:52 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Dead Island DELUXE EDITION.lnk
[2012.06.16 20:54:55 | 000,001,084 | ---- | C] () -- C:\Users\***\Desktop\save_0.sav
[2012.06.16 16:49:28 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2012.06.13 13:11:18 | 000,000,221 | ---- | C] () -- C:\Users\***\Desktop\Call of Duty Black Ops - Multiplayer.url
[2012.06.05 18:47:53 | 000,000,559 | ---- | C] () -- C:\Users\***\Desktop\antrag.rtf
[2012.05.31 20:30:45 | 002,212,458 | ---- | C] () -- C:\Users\***\Desktop\The Qemists - Dem na Like me.mp3
[2012.05.27 14:04:29 | 000,002,184 | ---- | C] () -- C:\Users\***\Desktop\Amnesia.lnk
[2012.04.10 19:32:14 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.15 22:22:30 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.15 22:22:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.05 21:34:09 | 000,000,154 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2012.02.29 16:14:47 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.02.20 18:09:18 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 15:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.23 17:03:34 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.04.30 23:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.03.08 18:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCOMP Software
[2012.03.26 18:43:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.05.27 14:08:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org
[2012.06.13 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\globalip
[2012.03.22 01:23:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.05.09 15:31:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mael
[2012.05.09 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MW3 FoV Changer
[2012.05.27 00:47:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OnLive App
[2012.03.05 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.02.14 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2012.03.30 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2012.04.30 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.03.30 11:29:56 | 000,000,000 | ---D | M] -- C:\Users\***n\AppData\Roaming\SoftDMA
[2012.04.30 22:33:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.03.03 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.05 21:34:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.06.13 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.06.16 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2012.03.08 19:03:14 | 000,000,000 | ---D | M] -- C:\Users\***n\AppData\Roaming\Wise Registry Cleaner
[2012.04.15 13:18:36 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 23.06.2012 02:00:05 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,87 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 76,85% Memory free
11,73 Gb Paging File | 10,13 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 69,06 Gb Free Space | 15,15% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 183,50 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EF506B-DF88-450D-B422-B1C71096B4F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1038A522-47C0-4660-B143-FFA54A528876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FA35470-7A50-4097-ADFB-BC821B843D4D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{307BAA43-01A7-43D9-9352-6E1EFEE9F576}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31BC85C4-43D5-478A-BE0E-1B75E3927A53}" = rport=137 | protocol=17 | dir=out | app=system | 
"{33403FDD-DA43-49E9-8CC6-BF0C8DE4FD7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{38501532-D4C4-4C02-9A3A-398504D11F7E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4CE80C5C-F70B-4EED-A611-4E612BE6BB36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{53297CF0-DDBC-4E45-A9D6-4A4CA1F45F82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5516BB99-B707-4521-9FB4-157586FB8896}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{559BFC83-1B1B-4477-A706-F1BA36FC7BC9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62FFD21D-58AF-420A-BC20-9ACA5C808466}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72209B9A-9CAF-4743-80A5-A06BE932276B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7220EE75-0BBE-440C-942B-BF7C138A8D2B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{775307A0-F97D-434F-A280-3E23432689BD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{868E96EF-E07B-4939-9D2A-347664BD596E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{87819732-A47C-4FD6-BC97-A831C171F803}" = lport=445 | protocol=6 | dir=in | app=system | 
"{949FF077-1389-410B-9A79-5557995D2999}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A13C82C5-2E8E-4AAE-984B-4C76419E451A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B0336BAD-535B-411C-A37C-045639A8D000}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E2ADDA45-8656-41FD-8428-7E7080395D52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4331275-778A-4F1F-9076-F7477AEF4F5D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E82D1537-D7C3-4450-B6DD-F48C451E0E58}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FC1B1E1B-456C-4D0B-B5B9-4F37B10F048D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FDF0CAAF-F370-47DD-8A83-268D84EBA070}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0030FFD1-C2C1-428D-B7E7-E0650BB982BD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{02307528-C86E-4BBF-9428-B7E302B7B847}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{07592086-AE5E-46F1-86B6-CC952DF71454}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1314A1F4-1C7D-4769-8D3D-BF1990FBA198}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{17D53AE8-8002-430E-B9D4-3F87F18BF71A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{1EAF0413-F111-436A-BF0C-FE151622C258}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{227B00D3-CDCA-48DD-ABF1-857DD9670B64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2509EF46-E39E-4FDC-AC78-4DD1CD179926}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{267EFA48-D0F4-4618-B6A5-6DD21BA1E453}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{26C6B5C8-DFE2-47EE-88D0-4B0D4072C6EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{2B318966-23A7-4108-A8E7-208812DEF442}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F41FFB7-5360-4260-90B6-808E46B85A58}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{30516F0B-B53E-470D-B54B-271940B81098}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3827585B-73FB-4577-8EEB-3F4D21765A46}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{39F540B0-5CF2-4835-827E-8743E9E9B39C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{3B275AD1-A760-4BFA-AD7C-989F5AC96671}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3E41E247-7512-4A4B-96BC-22033ECC7959}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4115E656-23E8-43DF-B6FA-711FB52F77D4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{42E9E4CA-642F-468B-AD6C-DC8D8C4CFC8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{43E6463F-FCE7-4498-8875-37CB84430E5C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{47EF368B-962D-45DB-BA64-27AED065C7FA}" = protocol=6 | dir=out | app=system | 
"{4B3B0491-FE6A-46D9-85D8-A8B53FBF6C93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe | 
"{50F0997F-B736-4231-B493-223D2B9F2905}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{5697E0FF-84B9-4EB9-8099-135517167BA9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5A80DD47-12F1-4966-856D-E9191A03B273}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{5AA9E154-1625-49B5-AE80-322E62727762}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{611B35EF-D5A8-4579-A0AE-EA3849C6E304}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{66B1B88B-0253-4135-865A-42FB137E72EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7023E179-E0D3-424A-B7C4-7CE2DBC97B1A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7D89419D-3FCF-4423-A6B3-873F63448FEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7F0E2CB4-CF9A-4C0D-8026-B55D63379ADD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F308D97-F2EE-46F6-95FC-76BEB9B8B9E2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{86D16B43-00D1-460A-9FAD-E46995FEAB3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{87A3675E-25F8-422D-8E69-FFD89CD571DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8EAB2D98-F229-429E-9DCC-45383AEE121E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{8FBDEF5C-DA95-43EF-AA27-E1ADBB296B92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{94A8A306-72B3-42D4-9954-CF52BCCA39BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99DF18B9-BB8C-4983-AD5E-E23BFBC714B0}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{9C56900A-FC46-4007-BCD8-19A969771C05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{9F05DDE3-4FF2-4868-86ED-54FF0A2533E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{A1287D72-2DE5-4C1B-AD64-37BBD00050D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{A1EFC2CF-947C-4185-A4D5-9B560E2E419F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{A6D8DB87-C3A0-425E-98D6-89E86EC40475}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AE173EA2-1F37-4AA9-BCC6-449310FF4814}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B244B413-95CF-408D-B776-6EA1D25B8376}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2C5CA90-2B8F-42FB-A186-EC1AB5D4E9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{B43CDBDB-58F2-482E-8390-8D49A88FBD8B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B5254CB1-E7BE-4770-8431-1FFC50F94765}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B818D5A1-6A65-4C89-A1E8-2B1A13305AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{B85700D3-8997-49A5-B6EF-EE6AC9CD4C76}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA9A2103-9B1B-4354-8299-F21265D913FE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{BBA025FD-FE80-485E-B45E-9039657B0636}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{BCFEBAD6-9D02-4269-8337-55BB0512111E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{BDF94F4D-04BB-407F-86C1-05B5FAFAC7EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{C04946C9-08AF-4061-9D11-15DFBFCBCFF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C854823C-7BEA-4A39-A96E-FFE9A5B03294}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{D341923F-18CF-49FD-8F6E-94379E0EA8BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe | 
"{D387E81E-1828-424F-990C-05CA6EB2B0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{D7442AE3-FA8A-4D53-9625-6BE66FF11753}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DC15BAE0-DDA6-40BF-8DA4-4EBA6255D464}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{DD45F759-4207-4B88-B375-3ABF4B502362}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E227429D-2291-40FB-A079-443FEA93EFE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{EB17209B-FB7F-4B28-8560-831EBCBBCA06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7DB5436-9107-4A66-81D3-F8CFADF6A61E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F9A1E60B-F7E7-457F-933E-A485CF25F623}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{FC9E3685-FED5-42F7-AD39-7830346598FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{151A1421-8E98-4EF8-8379-35983FF90876}C:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe | 
"TCP Query User{4E680FB4-91A4-4C0E-BF04-771DEFBE1E4E}C:\program files (x86)\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gw2.exe | 
"TCP Query User{5E93F293-CBD0-4A32-8E6D-C2D386DD2EA7}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{72A64A11-406F-48F3-AE8C-81B03B596F38}C:\users\***\downloads\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\gw2\gw2.exe | 
"TCP Query User{81B970B2-17FA-45C4-80CF-8C76E65F60FB}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
"TCP Query User{B3747FA3-B031-41B4-83B4-199AA085591D}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe | 
"TCP Query User{B5F40F7A-AE96-46E6-8103-48DB9ED46735}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{C0D901F7-F50F-4B16-878F-863E41BCB7BB}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{C2B43A0A-1BD2-45AC-8946-77ADB6956730}C:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe | 
"TCP Query User{D26D5176-76B1-4E91-B07A-E99C15F6E940}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe | 
"TCP Query User{F7618B9B-FC27-40E5-9091-FA4BA34C9DAF}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{154DA2F1-61E8-49BF-89B8-6FCA7A47358C}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe | 
"UDP Query User{2203C30C-3D13-4170-881C-2725C07917F5}C:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe | 
"UDP Query User{3BD8F64E-0148-4D73-838A-E9C7E958DDE7}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{44D34652-A22B-475D-94E2-0C33376C856F}C:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe | 
"UDP Query User{67E0FFB9-8E6C-4CCC-8921-1F18940F8123}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{70C4ED04-0306-4C54-AF45-C55CD79F90EE}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{9CC42FD5-2802-433E-B399-A90AD2A1D4F3}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe | 
"UDP Query User{C1EDC0D9-1FFF-4482-A827-1BF59F69B195}C:\program files (x86)\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gw2.exe | 
"UDP Query User{CF148325-8EAE-4AFF-B61A-1ECFE2E83CEC}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{D076B9D3-A58C-41D6-9F8D-4713DD66CFF1}C:\users\***\downloads\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\gw2\gw2.exe | 
"UDP Query User{E65923A6-A34C-4503-B8E3-8CC7CB386701}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D1611C7-0381-4748-8218-9EE6616F1DD4}_is1" = Dead Island DELUXE EDITION
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4815231-577B-4383-9F4B-AB17DFCC36C0}" = Just Aion Launcher
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f174fe50-f02d-4952-a49d-bae9bf7d488a}" = Nero 9 Essentials
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"5513-1208-7298-9440" = JDownloader 0.9
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17505" = Zombie Panic Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 42670" = Singularity
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TeamViewer 7" = TeamViewer 7
"Tunngle beta_is1" = Tunngle beta
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2012 20:06:29 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.06.2012 22:44:57 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.06.2012 22:45:57 | Computer Name = *** | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.06.2012 11:59:14 | Computer Name =*** | Source = RasClient | ID = 20227
Description = 
 
Error - 12.06.2012 15:04:32 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\SoftonicDownloader_fuer_dr-divx.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 13.06.2012 06:26:37 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.59, Zeitstempel:
 0x4ef23d40  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, 
Zeitstempel: 0x4e58702a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001604c  ID des fehlerhaften
 Prozesses: 0x500  Startzeit der fehlerhaften Anwendung: 0x01cd494efd6278f8  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\OLEAUT32.dll  Berichtskennung: 4100ec1a-b542-11e1-b603-90fba6863bc5
 
[ System Events ]
Error - 28.05.2012 07:02:36 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 29.05.2012 06:36:37 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 30.05.2012 10:28:15 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 31.05.2012 07:35:46 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 01.06.2012 07:49:15 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 01.06.2012 09:14:44 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 02.06.2012 03:53:26 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 02.06.2012 14:53:11 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 03.06.2012 04:34:28 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
Error - 03.06.2012 09:30:00 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform 
handshake with the Firmware.
 
 
< End of report >
         

Geändert von PerfectOcean (23.06.2012 um 02:02 Uhr)

Alt 26.06.2012, 09:56   #2
Psychotic
/// Malwareteam
 
Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Standard

Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Schritt 1: Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Schritt 2: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 27.06.2012, 10:45   #3
PerfectOcean
 
Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Standard

Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt



Hallo,

erstmal schonmal danke für die Hilfe. Die angeforderten Log-files habe ich hier:

TDSSKILLER:

Code:
ATTFilter
11:24:27.0238 3412	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
11:24:27.0457 3412	============================================================
11:24:27.0457 3412	Current date / time: 2012/06/27 11:24:27.0457
11:24:27.0457 3412	SystemInfo:
11:24:27.0457 3412	
11:24:27.0457 3412	OS Version: 6.1.7601 ServicePack: 1.0
11:24:27.0457 3412	Product type: Workstation
11:24:27.0457 3412	ComputerName: ***
11:24:27.0457 3412	UserName: ***
11:24:27.0457 3412	Windows directory: C:\Windows
11:24:27.0457 3412	System windows directory: C:\Windows
11:24:27.0457 3412	Running under WOW64
11:24:27.0457 3412	Processor architecture: Intel x64
11:24:27.0457 3412	Number of processors: 4
11:24:27.0457 3412	Page size: 0x1000
11:24:27.0457 3412	Boot type: Normal boot
11:24:27.0457 3412	============================================================
11:24:27.0784 3412	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:24:27.0831 3412	============================================================
11:24:27.0831 3412	\Device\Harddisk0\DR0:
11:24:27.0831 3412	MBR partitions:
11:24:27.0831 3412	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
11:24:27.0831 3412	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
11:24:27.0831 3412	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
11:24:27.0831 3412	============================================================
11:24:27.0862 3412	C: <-> \Device\Harddisk0\DR0\Partition1
11:24:27.0893 3412	D: <-> \Device\Harddisk0\DR0\Partition2
11:24:27.0893 3412	============================================================
11:24:27.0893 3412	Initialize success
11:24:27.0893 3412	============================================================
11:24:32.0589 4452	============================================================
11:24:32.0589 4452	Scan started
11:24:32.0589 4452	Mode: Manual; TDLFS; 
11:24:32.0589 4452	============================================================
11:24:33.0088 4452	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:24:33.0088 4452	1394ohci - ok
11:24:33.0151 4452	AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
11:24:33.0166 4452	AAV UpdateService - ok
11:24:33.0229 4452	ABBYY.Licensing.PDFTransformer.Site License.3.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
11:24:33.0244 4452	ABBYY.Licensing.PDFTransformer.Site License.3.0 - ok
11:24:33.0400 4452	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:24:33.0400 4452	ACPI - ok
11:24:33.0463 4452	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:24:33.0463 4452	AcpiPmi - ok
11:24:33.0572 4452	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:24:33.0587 4452	AdobeARMservice - ok
11:24:33.0650 4452	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:24:33.0650 4452	adp94xx - ok
11:24:33.0728 4452	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:24:33.0728 4452	adpahci - ok
11:24:33.0743 4452	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:24:33.0743 4452	adpu320 - ok
11:24:33.0790 4452	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:24:33.0790 4452	AeLookupSvc - ok
11:24:33.0868 4452	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:24:33.0868 4452	AFD - ok
11:24:33.0931 4452	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:24:33.0931 4452	agp440 - ok
11:24:33.0946 4452	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:24:33.0946 4452	ALG - ok
11:24:33.0962 4452	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:24:33.0962 4452	aliide - ok
11:24:34.0040 4452	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
11:24:34.0040 4452	AMD External Events Utility - ok
11:24:34.0055 4452	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:24:34.0055 4452	amdide - ok
11:24:34.0087 4452	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:24:34.0087 4452	AmdK8 - ok
11:24:34.0477 4452	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:24:34.0523 4452	amdkmdag - ok
11:24:34.0633 4452	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:24:34.0633 4452	amdkmdap - ok
11:24:34.0664 4452	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:24:34.0664 4452	AmdPPM - ok
11:24:34.0679 4452	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:24:34.0679 4452	amdsata - ok
11:24:34.0711 4452	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:24:34.0726 4452	amdsbs - ok
11:24:34.0742 4452	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:24:34.0742 4452	amdxata - ok
11:24:34.0789 4452	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:24:34.0804 4452	AppID - ok
11:24:34.0820 4452	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:24:34.0820 4452	AppIDSvc - ok
11:24:34.0867 4452	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:24:34.0882 4452	Appinfo - ok
11:24:34.0913 4452	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:24:34.0913 4452	arc - ok
11:24:34.0929 4452	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:24:34.0929 4452	arcsas - ok
11:24:35.0069 4452	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:24:35.0069 4452	aspnet_state - ok
11:24:35.0101 4452	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
11:24:35.0101 4452	aswFsBlk - ok
11:24:35.0132 4452	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
11:24:35.0132 4452	aswMonFlt - ok
11:24:35.0163 4452	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
11:24:35.0163 4452	aswRdr - ok
11:24:35.0225 4452	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
11:24:35.0225 4452	aswSnx - ok
11:24:35.0257 4452	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
11:24:35.0257 4452	aswSP - ok
11:24:35.0288 4452	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
11:24:35.0288 4452	aswTdi - ok
11:24:35.0319 4452	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:24:35.0319 4452	AsyncMac - ok
11:24:35.0366 4452	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:24:35.0366 4452	atapi - ok
11:24:35.0413 4452	AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
11:24:35.0413 4452	AtiHdmiService - ok
11:24:35.0475 4452	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:24:35.0491 4452	AudioEndpointBuilder - ok
11:24:35.0491 4452	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:24:35.0506 4452	AudioSrv - ok
11:24:35.0584 4452	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:24:35.0584 4452	avast! Antivirus - ok
11:24:35.0631 4452	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:24:35.0631 4452	AxInstSV - ok
11:24:35.0693 4452	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:24:35.0693 4452	b06bdrv - ok
11:24:35.0740 4452	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:24:35.0740 4452	b57nd60a - ok
11:24:35.0787 4452	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:24:35.0787 4452	BDESVC - ok
11:24:35.0803 4452	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:24:35.0803 4452	Beep - ok
11:24:35.0881 4452	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:24:35.0896 4452	BFE - ok
11:24:36.0005 4452	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:24:36.0021 4452	BITS - ok
11:24:36.0083 4452	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:24:36.0083 4452	blbdrive - ok
11:24:36.0130 4452	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:24:36.0130 4452	bowser - ok
11:24:36.0130 4452	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:24:36.0130 4452	BrFiltLo - ok
11:24:36.0161 4452	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:24:36.0161 4452	BrFiltUp - ok
11:24:36.0193 4452	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:24:36.0193 4452	Browser - ok
11:24:36.0224 4452	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:24:36.0224 4452	Brserid - ok
11:24:36.0239 4452	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:24:36.0239 4452	BrSerWdm - ok
11:24:36.0239 4452	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:24:36.0255 4452	BrUsbMdm - ok
11:24:36.0255 4452	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:24:36.0255 4452	BrUsbSer - ok
11:24:36.0271 4452	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:24:36.0271 4452	BTHMODEM - ok
11:24:36.0302 4452	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:24:36.0317 4452	bthserv - ok
11:24:36.0333 4452	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:24:36.0333 4452	cdfs - ok
11:24:36.0380 4452	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:24:36.0380 4452	cdrom - ok
11:24:36.0427 4452	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:24:36.0427 4452	CertPropSvc - ok
11:24:36.0442 4452	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:24:36.0442 4452	circlass - ok
11:24:36.0489 4452	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:24:36.0505 4452	CLFS - ok
11:24:36.0707 4452	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:36.0707 4452	clr_optimization_v2.0.50727_32 - ok
11:24:36.0957 4452	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:24:36.0957 4452	clr_optimization_v2.0.50727_64 - ok
11:24:37.0051 4452	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:24:37.0051 4452	clr_optimization_v4.0.30319_32 - ok
11:24:37.0191 4452	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:24:37.0191 4452	clr_optimization_v4.0.30319_64 - ok
11:24:37.0238 4452	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:24:37.0238 4452	CmBatt - ok
11:24:37.0363 4452	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:24:37.0363 4452	cmdide - ok
11:24:37.0456 4452	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:24:37.0456 4452	CNG - ok
11:24:37.0503 4452	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:24:37.0503 4452	Compbatt - ok
11:24:37.0534 4452	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:24:37.0534 4452	CompositeBus - ok
11:24:37.0550 4452	COMSysApp - ok
11:24:37.0565 4452	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:24:37.0565 4452	crcdisk - ok
11:24:37.0597 4452	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:24:37.0612 4452	CryptSvc - ok
11:24:37.0675 4452	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:24:37.0675 4452	DcomLaunch - ok
11:24:37.0846 4452	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:24:37.0862 4452	defragsvc - ok
11:24:37.0909 4452	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:24:37.0909 4452	DfsC - ok
11:24:37.0971 4452	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:24:37.0987 4452	Dhcp - ok
11:24:38.0018 4452	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:24:38.0018 4452	discache - ok
11:24:38.0049 4452	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:24:38.0049 4452	Disk - ok
11:24:38.0080 4452	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:24:38.0096 4452	Dnscache - ok
11:24:38.0143 4452	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:24:38.0143 4452	dot3svc - ok
11:24:38.0174 4452	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:24:38.0174 4452	DPS - ok
11:24:38.0205 4452	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:24:38.0205 4452	drmkaud - ok
11:24:38.0299 4452	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:24:38.0299 4452	dtsoftbus01 - ok
11:24:38.0891 4452	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:24:38.0907 4452	DXGKrnl - ok
11:24:38.0954 4452	e1kexpress      (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
11:24:38.0954 4452	e1kexpress - ok
11:24:39.0001 4452	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:24:39.0001 4452	EapHost - ok
11:24:39.0344 4452	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:24:39.0375 4452	ebdrv - ok
11:24:39.0547 4452	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:24:39.0562 4452	EFS - ok
11:24:39.0718 4452	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:24:39.0718 4452	ehRecvr - ok
11:24:39.0765 4452	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:24:39.0765 4452	ehSched - ok
11:24:39.0843 4452	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:24:39.0843 4452	elxstor - ok
11:24:39.0874 4452	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:24:39.0874 4452	ErrDev - ok
11:24:39.0921 4452	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:24:39.0937 4452	EventSystem - ok
11:24:39.0968 4452	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:24:39.0968 4452	exfat - ok
11:24:39.0999 4452	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:24:39.0999 4452	fastfat - ok
11:24:40.0093 4452	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:24:40.0108 4452	Fax - ok
11:24:40.0124 4452	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:24:40.0124 4452	fdc - ok
11:24:40.0139 4452	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:24:40.0139 4452	fdPHost - ok
11:24:40.0155 4452	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:24:40.0155 4452	FDResPub - ok
11:24:40.0171 4452	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:24:40.0171 4452	FileInfo - ok
11:24:40.0171 4452	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:24:40.0186 4452	Filetrace - ok
11:24:40.0186 4452	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:24:40.0186 4452	flpydisk - ok
11:24:40.0249 4452	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:24:40.0249 4452	FltMgr - ok
11:24:40.0670 4452	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:24:40.0685 4452	FontCache - ok
11:24:40.0779 4452	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:24:40.0779 4452	FontCache3.0.0.0 - ok
11:24:40.0935 4452	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:24:40.0935 4452	FsDepends - ok
11:24:40.0951 4452	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:24:40.0951 4452	Fs_Rec - ok
11:24:41.0044 4452	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:24:41.0044 4452	fvevol - ok
11:24:41.0075 4452	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:24:41.0075 4452	gagp30kx - ok
11:24:41.0153 4452	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:24:41.0169 4452	gpsvc - ok
11:24:41.0294 4452	Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
11:24:41.0294 4452	Greg_Service - ok
11:24:41.0372 4452	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:41.0372 4452	gupdate - ok
11:24:41.0387 4452	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:41.0387 4452	gupdatem - ok
11:24:41.0419 4452	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:24:41.0434 4452	gusvc - ok
11:24:41.0559 4452	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:24:41.0559 4452	hamachi - ok
11:24:42.0698 4452	Hamachi2Svc     (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:24:42.0713 4452	Hamachi2Svc - ok
11:24:42.0963 4452	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:24:42.0963 4452	hcw85cir - ok
11:24:43.0041 4452	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:24:43.0057 4452	HdAudAddService - ok
11:24:43.0072 4452	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:24:43.0072 4452	HDAudBus - ok
11:24:43.0119 4452	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:24:43.0119 4452	HECIx64 - ok
11:24:43.0135 4452	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:24:43.0150 4452	HidBatt - ok
11:24:43.0166 4452	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:24:43.0166 4452	HidBth - ok
11:24:43.0181 4452	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:24:43.0181 4452	HidIr - ok
11:24:43.0213 4452	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:24:43.0213 4452	hidserv - ok
11:24:43.0244 4452	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:24:43.0244 4452	HidUsb - ok
11:24:43.0275 4452	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:24:43.0275 4452	hkmsvc - ok
11:24:43.0337 4452	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:24:43.0337 4452	HomeGroupListener - ok
11:24:43.0384 4452	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:24:43.0384 4452	HomeGroupProvider - ok
11:24:43.0415 4452	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:24:43.0415 4452	HpSAMD - ok
11:24:43.0493 4452	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:24:43.0493 4452	HTTP - ok
11:24:43.0540 4452	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:24:43.0540 4452	hwpolicy - ok
11:24:43.0603 4452	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:24:43.0603 4452	i8042prt - ok
11:24:43.0712 4452	IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:24:43.0712 4452	IAANTMON - ok
11:24:43.0743 4452	iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
11:24:43.0743 4452	iaStor - ok
11:24:43.0805 4452	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:24:43.0821 4452	iaStorV - ok
11:24:44.0975 4452	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:24:44.0975 4452	idsvc - ok
11:24:45.0038 4452	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:24:45.0038 4452	iirsp - ok
11:24:45.0116 4452	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:24:45.0131 4452	IKEEXT - ok
11:24:45.0272 4452	IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
11:24:45.0287 4452	IntcAzAudAddService - ok
11:24:45.0802 4452	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:24:45.0802 4452	intelide - ok
11:24:45.0849 4452	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:24:45.0849 4452	intelppm - ok
11:24:45.0896 4452	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:24:45.0911 4452	IPBusEnum - ok
11:24:45.0943 4452	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:24:45.0943 4452	IpFilterDriver - ok
11:24:46.0021 4452	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:24:46.0021 4452	iphlpsvc - ok
11:24:46.0286 4452	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:24:46.0286 4452	IPMIDRV - ok
11:24:46.0348 4452	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:24:46.0348 4452	IPNAT - ok
11:24:46.0395 4452	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:24:46.0395 4452	IRENUM - ok
11:24:46.0442 4452	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:24:46.0442 4452	isapnp - ok
11:24:46.0957 4452	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:24:46.0957 4452	iScsiPrt - ok
11:24:47.0003 4452	JRAID           (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
11:24:47.0003 4452	JRAID - ok
11:24:47.0066 4452	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:24:47.0066 4452	kbdclass - ok
11:24:47.0128 4452	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:24:47.0128 4452	kbdhid - ok
11:24:47.0175 4452	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:47.0175 4452	KeyIso - ok
11:24:47.0191 4452	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:24:47.0191 4452	KSecDD - ok
11:24:47.0222 4452	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:24:47.0222 4452	KSecPkg - ok
11:24:47.0253 4452	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:24:47.0253 4452	ksthunk - ok
11:24:47.0534 4452	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:24:47.0549 4452	KtmRm - ok
11:24:47.0612 4452	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:24:47.0612 4452	LanmanServer - ok
11:24:47.0659 4452	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:24:47.0659 4452	LanmanWorkstation - ok
11:24:47.0705 4452	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:24:47.0705 4452	lltdio - ok
11:24:47.0752 4452	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:24:47.0752 4452	lltdsvc - ok
11:24:47.0783 4452	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:24:47.0783 4452	lmhosts - ok
11:24:47.0908 4452	LMS             (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:24:47.0908 4452	LMS - ok
11:24:47.0971 4452	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:24:47.0971 4452	LSI_FC - ok
11:24:47.0986 4452	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:24:48.0002 4452	LSI_SAS - ok
11:24:48.0017 4452	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:24:48.0017 4452	LSI_SAS2 - ok
11:24:48.0033 4452	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:24:48.0033 4452	LSI_SCSI - ok
11:24:48.0049 4452	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:24:48.0049 4452	luafv - ok
11:24:48.0376 4452	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:24:48.0376 4452	Mcx2Svc - ok
11:24:48.0407 4452	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:24:48.0407 4452	megasas - ok
11:24:48.0517 4452	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:24:48.0517 4452	MegaSR - ok
11:24:48.0548 4452	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:24:48.0548 4452	MMCSS - ok
11:24:48.0563 4452	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:24:48.0563 4452	Modem - ok
11:24:48.0595 4452	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:24:48.0595 4452	monitor - ok
11:24:48.0641 4452	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:24:48.0641 4452	mouclass - ok
11:24:48.0673 4452	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:24:48.0673 4452	mouhid - ok
11:24:48.0719 4452	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:24:48.0719 4452	mountmgr - ok
11:24:48.0922 4452	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:24:48.0922 4452	MozillaMaintenance - ok
11:24:48.0969 4452	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:24:48.0969 4452	mpio - ok
11:24:49.0078 4452	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:24:49.0078 4452	mpsdrv - ok
11:24:49.0359 4452	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:24:49.0375 4452	MpsSvc - ok
11:24:49.0499 4452	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:24:49.0499 4452	MRxDAV - ok
11:24:49.0562 4452	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:24:49.0562 4452	mrxsmb - ok
11:24:49.0609 4452	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:24:49.0624 4452	mrxsmb10 - ok
11:24:49.0718 4452	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:24:49.0718 4452	mrxsmb20 - ok
11:24:49.0796 4452	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:24:49.0796 4452	msahci - ok
11:24:49.0999 4452	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:24:49.0999 4452	msdsm - ok
11:24:50.0139 4452	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:24:50.0139 4452	MSDTC - ok
11:24:50.0217 4452	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:24:50.0217 4452	Msfs - ok
11:24:50.0217 4452	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:24:50.0217 4452	mshidkmdf - ok
11:24:50.0295 4452	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:24:50.0295 4452	msisadrv - ok
11:24:50.0373 4452	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:24:50.0373 4452	MSiSCSI - ok
11:24:50.0373 4452	msiserver - ok
11:24:50.0404 4452	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:24:50.0404 4452	MSKSSRV - ok
11:24:50.0420 4452	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:24:50.0435 4452	MSPCLOCK - ok
11:24:50.0435 4452	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:24:50.0435 4452	MSPQM - ok
11:24:50.0498 4452	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:24:50.0513 4452	MsRPC - ok
11:24:50.0560 4452	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:24:50.0560 4452	mssmbios - ok
11:24:50.0576 4452	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:24:50.0576 4452	MSTEE - ok
11:24:50.0591 4452	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:24:50.0591 4452	MTConfig - ok
11:24:50.0607 4452	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:24:50.0607 4452	Mup - ok
11:24:50.0654 4452	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:24:50.0654 4452	mwlPSDFilter - ok
11:24:50.0732 4452	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:24:50.0732 4452	mwlPSDNServ - ok
11:24:50.0747 4452	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:24:50.0763 4452	mwlPSDVDisk - ok
11:24:50.0950 4452	MWLService      (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
11:24:50.0950 4452	MWLService - ok
11:24:51.0044 4452	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:24:51.0044 4452	napagent - ok
11:24:51.0122 4452	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:24:51.0122 4452	NativeWifiP - ok
11:24:51.0215 4452	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:24:51.0231 4452	NDIS - ok
11:24:51.0247 4452	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:24:51.0247 4452	NdisCap - ok
11:24:51.0278 4452	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:24:51.0278 4452	NdisTapi - ok
11:24:51.0325 4452	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:24:51.0325 4452	Ndisuio - ok
11:24:51.0371 4452	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:24:51.0387 4452	NdisWan - ok
11:24:51.0481 4452	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:24:51.0481 4452	NDProxy - ok
11:24:52.0978 4452	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:24:52.0978 4452	Nero BackItUp Scheduler 4.0 - ok
11:24:53.0041 4452	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:24:53.0041 4452	NetBIOS - ok
11:24:53.0150 4452	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:24:53.0150 4452	NetBT - ok
11:24:53.0197 4452	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:53.0212 4452	Netlogon - ok
11:24:53.0275 4452	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:24:53.0275 4452	Netman - ok
11:24:53.0368 4452	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0368 4452	NetMsmqActivator - ok
11:24:53.0384 4452	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0384 4452	NetPipeActivator - ok
11:24:53.0431 4452	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:24:53.0446 4452	netprofm - ok
11:24:53.0446 4452	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0446 4452	NetTcpActivator - ok
11:24:53.0462 4452	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0462 4452	NetTcpPortSharing - ok
11:24:53.0524 4452	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:24:53.0524 4452	nfrd960 - ok
11:24:53.0571 4452	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:24:53.0587 4452	NlaSvc - ok
11:24:53.0587 4452	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:24:53.0602 4452	Npfs - ok
11:24:53.0618 4452	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:24:53.0618 4452	nsi - ok
11:24:53.0633 4452	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:24:53.0633 4452	nsiproxy - ok
11:24:53.0977 4452	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:24:53.0992 4452	Ntfs - ok
11:24:54.0179 4452	NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
11:24:54.0195 4452	NTI IScheduleSvc - ok
11:24:54.0429 4452	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
11:24:54.0445 4452	NTIDrvr - ok
11:24:54.0445 4452	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:24:54.0445 4452	Null - ok
11:24:54.0491 4452	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:24:54.0491 4452	nvraid - ok
11:24:54.0538 4452	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:24:54.0554 4452	nvstor - ok
11:24:54.0616 4452	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:24:54.0616 4452	nv_agp - ok
11:24:54.0647 4452	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:24:54.0647 4452	ohci1394 - ok
11:24:54.0694 4452	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:24:54.0694 4452	p2pimsvc - ok
11:24:54.0757 4452	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:24:54.0757 4452	p2psvc - ok
11:24:54.0803 4452	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:24:54.0803 4452	Parport - ok
11:24:54.0835 4452	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:24:54.0850 4452	partmgr - ok
11:24:54.0897 4452	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:24:54.0913 4452	PcaSvc - ok
11:24:54.0944 4452	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:24:54.0944 4452	pci - ok
11:24:55.0006 4452	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:24:55.0006 4452	pciide - ok
11:24:55.0115 4452	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:24:55.0115 4452	pcmcia - ok
11:24:55.0147 4452	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:24:55.0147 4452	pcw - ok
11:24:55.0193 4452	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:24:55.0193 4452	PEAUTH - ok
11:24:55.0271 4452	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:24:55.0287 4452	PerfHost - ok
11:24:55.0427 4452	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:24:55.0443 4452	pla - ok
11:24:55.0505 4452	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:24:55.0521 4452	PlugPlay - ok
11:24:55.0568 4452	PnkBstrA - ok
11:24:55.0599 4452	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:24:55.0599 4452	PNRPAutoReg - ok
11:24:55.0646 4452	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:24:55.0646 4452	PNRPsvc - ok
11:24:55.0708 4452	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:24:55.0708 4452	PolicyAgent - ok
11:24:55.0755 4452	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:24:55.0771 4452	Power - ok
11:24:55.0817 4452	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:24:55.0817 4452	PptpMiniport - ok
11:24:55.0849 4452	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:24:55.0849 4452	Processor - ok
11:24:55.0911 4452	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:24:55.0911 4452	ProfSvc - ok
11:24:55.0942 4452	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:55.0942 4452	ProtectedStorage - ok
11:24:55.0989 4452	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:24:55.0989 4452	Psched - ok
11:24:56.0067 4452	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:24:56.0083 4452	ql2300 - ok
11:24:56.0207 4452	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:24:56.0207 4452	ql40xx - ok
11:24:56.0239 4452	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:24:56.0239 4452	QWAVE - ok
11:24:56.0254 4452	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:24:56.0254 4452	QWAVEdrv - ok
11:24:56.0270 4452	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:24:56.0270 4452	RasAcd - ok
11:24:56.0317 4452	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:24:56.0317 4452	RasAgileVpn - ok
11:24:56.0332 4452	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:24:56.0332 4452	RasAuto - ok
11:24:56.0379 4452	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:24:56.0379 4452	Rasl2tp - ok
11:24:56.0441 4452	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:24:56.0457 4452	RasMan - ok
11:24:56.0473 4452	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:24:56.0473 4452	RasPppoe - ok
11:24:56.0488 4452	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:24:56.0504 4452	RasSstp - ok
11:24:56.0535 4452	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:24:56.0551 4452	rdbss - ok
11:24:56.0566 4452	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:24:56.0566 4452	rdpbus - ok
11:24:56.0582 4452	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:24:56.0582 4452	RDPCDD - ok
11:24:56.0597 4452	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:24:56.0597 4452	RDPENCDD - ok
11:24:56.0629 4452	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:24:56.0629 4452	RDPREFMP - ok
11:24:56.0675 4452	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:24:56.0675 4452	RDPWD - ok
11:24:56.0738 4452	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:24:56.0738 4452	rdyboost - ok
11:24:56.0769 4452	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:24:56.0769 4452	RemoteAccess - ok
11:24:56.0816 4452	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:24:56.0816 4452	RemoteRegistry - ok
11:24:56.0831 4452	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:24:56.0847 4452	RpcEptMapper - ok
11:24:56.0863 4452	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:24:56.0863 4452	RpcLocator - ok
11:24:56.0909 4452	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:24:56.0909 4452	RpcSs - ok
11:24:56.0941 4452	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:24:56.0941 4452	rspndr - ok
11:24:56.0972 4452	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:56.0972 4452	SamSs - ok
11:24:57.0019 4452	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:24:57.0019 4452	sbp2port - ok
11:24:57.0112 4452	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:24:57.0112 4452	SCardSvr - ok
11:24:57.0128 4452	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:24:57.0128 4452	scfilter - ok
11:24:57.0253 4452	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:24:57.0268 4452	Schedule - ok
11:24:57.0299 4452	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:24:57.0299 4452	SCPolicySvc - ok
11:24:57.0362 4452	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:24:57.0362 4452	SDRSVC - ok
11:24:57.0424 4452	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:24:57.0424 4452	secdrv - ok
11:24:57.0471 4452	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:24:57.0471 4452	seclogon - ok
11:24:57.0502 4452	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:24:57.0502 4452	SENS - ok
11:24:57.0533 4452	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:24:57.0533 4452	SensrSvc - ok
11:24:57.0580 4452	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:24:57.0580 4452	Serenum - ok
11:24:57.0596 4452	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:24:57.0596 4452	Serial - ok
11:24:57.0643 4452	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:24:57.0643 4452	sermouse - ok
11:24:57.0689 4452	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:24:57.0689 4452	SessionEnv - ok
11:24:57.0721 4452	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:24:57.0736 4452	sffdisk - ok
11:24:57.0752 4452	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:24:57.0752 4452	sffp_mmc - ok
11:24:57.0767 4452	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:24:57.0767 4452	sffp_sd - ok
11:24:57.0783 4452	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:24:57.0783 4452	sfloppy - ok
11:24:57.0830 4452	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:24:57.0845 4452	SharedAccess - ok
11:24:57.0908 4452	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:24:57.0923 4452	ShellHWDetection - ok
11:24:57.0939 4452	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:24:57.0939 4452	SiSRaid2 - ok
11:24:57.0970 4452	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:24:57.0970 4452	SiSRaid4 - ok
11:24:58.0189 4452	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:24:58.0189 4452	SkypeUpdate - ok
11:24:58.0220 4452	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:24:58.0220 4452	Smb - ok
11:24:58.0267 4452	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:24:58.0282 4452	SNMPTRAP - ok
11:24:58.0282 4452	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:24:58.0298 4452	spldr - ok
11:24:58.0360 4452	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:24:58.0376 4452	Spooler - ok
11:24:58.0844 4452	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:24:58.0875 4452	sppsvc - ok
11:24:59.0062 4452	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:24:59.0062 4452	sppuinotify - ok
11:24:59.0203 4452	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:24:59.0203 4452	srv - ok
11:24:59.0296 4452	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:24:59.0296 4452	srv2 - ok
11:24:59.0733 4452	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:24:59.0733 4452	srvnet - ok
11:24:59.0780 4452	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:24:59.0780 4452	SSDPSRV - ok
11:24:59.0795 4452	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:24:59.0811 4452	SstpSvc - ok
11:24:59.0873 4452	Steam Client Service - ok
11:25:00.0029 4452	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:25:00.0029 4452	stexstor - ok
11:25:00.0107 4452	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:25:00.0123 4452	stisvc - ok
11:25:00.0170 4452	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:25:00.0170 4452	swenum - ok
11:25:00.0295 4452	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:25:00.0295 4452	SwitchBoard - ok
11:25:00.0357 4452	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:25:00.0357 4452	swprv - ok
11:25:00.0638 4452	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:25:00.0653 4452	SysMain - ok
11:25:00.0841 4452	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:25:00.0856 4452	TabletInputService - ok
11:25:00.0919 4452	tap0901t        (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
11:25:00.0919 4452	tap0901t - ok
11:25:00.0965 4452	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:25:00.0981 4452	TapiSrv - ok
11:25:01.0012 4452	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:25:01.0012 4452	TBS - ok
11:25:01.0137 4452	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:25:01.0153 4452	Tcpip - ok
11:25:01.0418 4452	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:25:01.0433 4452	TCPIP6 - ok
11:25:01.0683 4452	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:25:01.0683 4452	tcpipreg - ok
11:25:01.0730 4452	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:25:01.0730 4452	TDPIPE - ok
11:25:01.0917 4452	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:25:01.0917 4452	TDTCP - ok
11:25:01.0995 4452	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:25:01.0995 4452	tdx - ok
11:25:02.0978 4452	TeamViewer7     (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:25:03.0009 4452	TeamViewer7 - ok
11:25:03.0617 4452	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:25:03.0617 4452	TermDD - ok
11:25:03.0680 4452	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:25:03.0680 4452	TermService - ok
11:25:03.0711 4452	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:25:03.0711 4452	Themes - ok
11:25:03.0742 4452	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:25:03.0742 4452	THREADORDER - ok
11:25:03.0789 4452	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:25:03.0789 4452	TrkWks - ok
11:25:03.0851 4452	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:25:03.0851 4452	TrustedInstaller - ok
11:25:03.0898 4452	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:25:03.0898 4452	tssecsrv - ok
11:25:03.0945 4452	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:25:03.0945 4452	TsUsbFlt - ok
11:25:03.0992 4452	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:25:04.0007 4452	tunnel - ok
11:25:04.0085 4452	TunngleService  (f8302e3e534af5e3f2588a974bea80df) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
11:25:04.0085 4452	TunngleService - ok
11:25:04.0148 4452	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:25:04.0148 4452	uagp35 - ok
11:25:04.0163 4452	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
11:25:04.0163 4452	UBHelper - ok
11:25:04.0210 4452	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:25:04.0226 4452	udfs - ok
11:25:04.0273 4452	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:25:04.0273 4452	UI0Detect - ok
11:25:04.0319 4452	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:25:04.0319 4452	uliagpkx - ok
11:25:04.0366 4452	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:25:04.0366 4452	umbus - ok
11:25:04.0413 4452	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:25:04.0413 4452	UmPass - ok
11:25:05.0053 4452	UNS             (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:25:05.0068 4452	UNS - ok
11:25:05.0162 4452	Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:25:05.0162 4452	Updater Service - ok
11:25:05.0365 4452	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:25:05.0380 4452	upnphost - ok
11:25:05.0474 4452	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:25:05.0489 4452	usbccgp - ok
11:25:05.0521 4452	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:25:05.0521 4452	usbcir - ok
11:25:05.0552 4452	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:25:05.0552 4452	usbehci - ok
11:25:05.0614 4452	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:25:05.0614 4452	usbhub - ok
11:25:05.0630 4452	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:25:05.0645 4452	usbohci - ok
11:25:05.0677 4452	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:25:05.0677 4452	usbprint - ok
11:25:05.0723 4452	USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
11:25:05.0723 4452	USBS3S4Detection - ok
11:25:05.0770 4452	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:25:05.0770 4452	USBSTOR - ok
11:25:05.0770 4452	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:25:05.0770 4452	usbuhci - ok
11:25:05.0817 4452	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:25:05.0817 4452	UxSms - ok
11:25:05.0864 4452	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:25:05.0879 4452	VaultSvc - ok
11:25:05.0895 4452	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:25:05.0895 4452	vdrvroot - ok
11:25:05.0973 4452	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:25:05.0973 4452	vds - ok
11:25:06.0020 4452	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:25:06.0020 4452	vga - ok
11:25:06.0051 4452	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:25:06.0051 4452	VgaSave - ok
11:25:06.0113 4452	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:25:06.0113 4452	vhdmp - ok
11:25:06.0145 4452	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:25:06.0145 4452	viaide - ok
11:25:06.0191 4452	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:25:06.0191 4452	volmgr - ok
11:25:06.0269 4452	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:25:06.0269 4452	volmgrx - ok
11:25:06.0394 4452	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:25:06.0410 4452	volsnap - ok
11:25:06.0457 4452	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:25:06.0457 4452	vsmraid - ok
11:25:06.0722 4452	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:25:06.0737 4452	VSS - ok
11:25:06.0909 4452	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:25:06.0909 4452	vwifibus - ok
11:25:06.0956 4452	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:25:06.0971 4452	W32Time - ok
11:25:07.0018 4452	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:25:07.0018 4452	WacomPen - ok
11:25:07.0065 4452	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:25:07.0065 4452	WANARP - ok
11:25:07.0065 4452	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:25:07.0065 4452	Wanarpv6 - ok
11:25:07.0205 4452	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:25:07.0221 4452	wbengine - ok
11:25:07.0393 4452	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:25:07.0393 4452	WbioSrvc - ok
11:25:07.0455 4452	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:25:07.0471 4452	wcncsvc - ok
11:25:07.0486 4452	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:25:07.0486 4452	WcsPlugInService - ok
11:25:07.0564 4452	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:25:07.0564 4452	Wd - ok
11:25:07.0658 4452	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:25:07.0673 4452	Wdf01000 - ok
11:25:07.0689 4452	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:25:07.0689 4452	WdiServiceHost - ok
11:25:07.0705 4452	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:25:07.0705 4452	WdiSystemHost - ok
11:25:07.0783 4452	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:25:07.0783 4452	WebClient - ok
11:25:07.0829 4452	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:25:07.0829 4452	Wecsvc - ok
11:25:07.0907 4452	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:25:07.0907 4452	wercplsupport - ok
11:25:07.0954 4452	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:25:07.0954 4452	WerSvc - ok
11:25:08.0032 4452	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:25:08.0032 4452	WfpLwf - ok
11:25:08.0063 4452	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:25:08.0063 4452	WIMMount - ok
11:25:08.0173 4452	WinDefend - ok
11:25:08.0188 4452	WinHttpAutoProxySvc - ok
11:25:08.0282 4452	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:25:08.0282 4452	Winmgmt - ok
11:25:08.0875 4452	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:25:08.0890 4452	WinRM - ok
11:25:09.0046 4452	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:25:09.0062 4452	Wlansvc - ok
11:25:09.0187 4452	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:25:09.0187 4452	WmiAcpi - ok
11:25:09.0483 4452	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:25:09.0499 4452	wmiApSrv - ok
11:25:09.0577 4452	WMPNetworkSvc - ok
11:25:09.0592 4452	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:25:09.0592 4452	WPCSvc - ok
11:25:09.0670 4452	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:25:09.0670 4452	WPDBusEnum - ok
11:25:09.0717 4452	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:25:09.0717 4452	ws2ifsl - ok
11:25:09.0748 4452	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:25:09.0764 4452	wscsvc - ok
11:25:09.0764 4452	WSearch - ok
11:25:09.0935 4452	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:25:09.0951 4452	wuauserv - ok
11:25:10.0060 4452	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:25:10.0060 4452	WudfPf - ok
11:25:10.0091 4452	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:25:10.0091 4452	WUDFRd - ok
11:25:10.0138 4452	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:25:10.0138 4452	wudfsvc - ok
11:25:10.0169 4452	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:25:10.0169 4452	WwanSvc - ok
11:25:10.0216 4452	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:25:10.0481 4452	\Device\Harddisk0\DR0 - ok
11:25:10.0481 4452	Boot (0x1200)   (ee3a95752d5ceb6260a355551ddad892) \Device\Harddisk0\DR0\Partition0
11:25:10.0497 4452	\Device\Harddisk0\DR0\Partition0 - ok
11:25:10.0497 4452	Boot (0x1200)   (f436aa0c75adfd5e33c61420c8b3fbb5) \Device\Harddisk0\DR0\Partition1
11:25:10.0497 4452	\Device\Harddisk0\DR0\Partition1 - ok
11:25:10.0513 4452	Boot (0x1200)   (8c7c62ec2cba5e6a4f9b9276e3f87def) \Device\Harddisk0\DR0\Partition2
11:25:10.0528 4452	\Device\Harddisk0\DR0\Partition2 - ok
11:25:10.0528 4452	============================================================
11:25:10.0528 4452	Scan finished
11:25:10.0528 4452	============================================================
11:25:10.0528 2648	Detected object count: 0
11:25:10.0528 2648	Actual detected object count: 0
11:25:16.0550 3512	Deinitialize success
         
ASWMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 11:29:18
-----------------------------
11:29:18.311    OS Version: Windows x64 6.1.7601 Service Pack 1
11:29:18.311    Number of processors: 4 586 0x2502
11:29:18.311    ComputerName: ***  UserName: ***
11:29:18.904    Initialize success
11:29:19.013    AVAST engine defs: 12062700
11:29:23.490    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:29:23.490    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
11:29:23.521    Disk 0 MBR read successfully
11:29:23.521    Disk 0 MBR scan
11:29:23.521    Disk 0 Windows 7 default MBR code
11:29:23.521    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        19456 MB offset 2048
11:29:23.553    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 39847936
11:29:23.553    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       466894 MB offset 40052736
11:29:23.584    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       467417 MB offset 996251648
11:29:23.599    Disk 0 scanning C:\Windows\system32\drivers
11:29:30.089    Service scanning
11:29:44.285    Modules scanning
11:29:44.285    Disk 0 trace - called modules:
11:29:44.316    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
11:29:44.316    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064ff060]
11:29:44.332    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800620b050]
11:29:45.143    AVAST engine scan C:\Windows
11:29:47.296    AVAST engine scan C:\Windows\system32
11:31:31.176    AVAST engine scan C:\Windows\system32\drivers
11:31:39.616    AVAST engine scan C:\Users\***
11:34:53.899    File: C:\Users\***\AppData\Local\Temp\Rar$EXa0.780\Windows Loader\Cracked Steam BuNDl3.exe  **INFECTED** Win32:Malware-gen
11:36:59.151    AVAST engine scan C:\ProgramData
11:38:11.738    Scan finished successfully
11:40:55.866    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
11:40:55.882    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
__________________

Alt 27.06.2012, 10:51   #4
Psychotic
/// Malwareteam
 
Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Standard

Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt



Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 28.06.2012, 09:20   #5
PerfectOcean
 
Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Standard

Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt



Hallo,

die angeforderte Malwarebytes Log-file hier:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.27.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

28.06.2012 00:25:18
mbam-log-2012-06-28 (00-25-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 486582
Laufzeit: 1 Stunde(n), 18 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\$Recycle.Bin\S-1-5-21-2258752154-2290191259-1351797830-1001\$RH11YBL\Windows Loader\Cracked Steam BuNDl3.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-2258752154-2290191259-1351797830-1001\$RSBI70S\Windows Loader\Cracked Steam BuNDl3.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\Rar$EXa0.780\Windows Loader\Cracked Steam BuNDl3.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SoftonicDownloader_fuer_dr-divx.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\Adobe.After.Effects.CS5.v10.0.Incl\keygen.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\Adobe.After.Effects.CS5.v10.0.Incl\keygen_plugin.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SVComplete\Sony Vegas\SonyVegasPro Patch.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und ESET hier:

Code:
ATTFilter
C:\$Recycle.Bin\S-1-5-21-2258752154-2290191259-1351797830-1001\$RO25U9N.zip	a variant of MSIL/Agent.NLB trojan
C:\Users\***\AppData\Local\Temp\jar_cache2823953106057161226.tmp	a variant of Java/Exploit.CVE-2012-0507.AH trojan
C:\Users\***\AppData\Local\Temp\is1070216317\MyBabylonTB.exe	Win32/Toolbar.Babylon application
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\23fd3c66-1253a9c8	Java/Exploit.Agent.NBH trojan
C:\Users\***\Downloads\Patch.rar	probably a variant of Win32/Agent.BCOVDCM trojan
C:\Users\***\Downloads\SVComplete.rar	probably a variant of Win32/Agent.BCOVDCM trojan
D:\Users\***\Downloads\Risen.GERMAN-OLDSCHOOLiS\Crack\dvm.dll	probably a variant of Win32/Obfuscated.ISZPTDH trojan
D:\Users\***\Isos + Emulator\The.Witcher.2.Assassins.of.Kings-SKIDROW\DVD2\sr-tw2b.iso	a variant of Win32/Packed.VMProtect.AAA trojan
         


Alt 28.06.2012, 09:46   #6
Psychotic
/// Malwareteam
 
Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Standard

Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt



Zitat:
C:\Users\***\Downloads\Adobe.After.Effects.CS5.v10.0.Incl\keygen.exe
C:\Users\***\Downloads\Adobe.After.Effects.CS5.v10.0.Incl\keygen_plugin.exe
C:\Users\***\Downloads\SVComplete\Sony Vegas\SonyVegasPro Patch.exe



Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien )
Dies ist einer der Hauptursachen für Infektionen.

Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden.
Darum haben wir uns darauf geeinigt:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________
--> Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt

Alt 28.06.2012, 12:46   #7
PerfectOcean
 
Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Standard

Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt



Danke trotzdem für deine Hilfe.

Antwort

Themen zu Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt
adobe after effects, alternate, antivirus, auswerten, autorun, bho, black, call of duty, cmd.exe, desktop, error, failed, fehler, firefox, firefox 13.0.1, flash player, hijack, hijackthis, home, install.exe, jdownloader, launch, locker, logfile, mozilla, mywinlocker, problem, realtek, registry, richtlinie, scan, searchscopes, security, software, start von windows, starten, svchost.exe, teamspeak, virus, windows, würmer



Ähnliche Themen: Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt


  1. Windows 7 meldet beim Start 'RegSvr32 Fehler beim Laden des Moduls "". ' seit mit Avira Malware entfernt wurde
    Log-Analyse und Auswertung - 10.10.2014 (22)
  2. Nach Windows Start soll "msbblqt.exe" ausgeführt werden
    Plagegeister aller Art und deren Bekämpfung - 10.10.2014 (10)
  3. Windows wird nach unerwartetem Herunterfahren wieder ausgeführt.
    Alles rund um Windows - 30.07.2014 (13)
  4. Computer wird beim Start von Google Chrome extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 13.06.2014 (11)
  5. Windows 7: Updates für Treiber und Antivieren Programm wird nicht ausgeführt
    Log-Analyse und Auswertung - 27.05.2014 (18)
  6. cscript.exe wird ausgeführt/poppt auf bei Browserbenutzung oder beim Hochfahren
    Log-Analyse und Auswertung - 11.03.2014 (9)
  7. Laptop wird langsamer beim programm start und im internet
    Log-Analyse und Auswertung - 27.05.2013 (8)
  8. Windows XP Updates nicht mehr möglich /Windows Firewall ist immer beim Start deaktiviert
    Antiviren-, Firewall- und andere Schutzprogramme - 26.05.2013 (82)
  9. GFilterSvc.exe in C/Windows/System 32 - Javascript wird nicht richtig ausgeführt - PC läuft langsam - MBAM meldet Datenausfuhr ins Netz
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (17)
  10. Windows Fehlermeldung beim Start
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (19)
  11. "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt
    Log-Analyse und Auswertung - 19.12.2012 (11)
  12. Java wird automatisch ausgeführt Virus wird geladen
    Log-Analyse und Auswertung - 05.07.2010 (5)
  13. Meldung beim Start von Windows
    Plagegeister aller Art und deren Bekämpfung - 23.03.2009 (4)
  14. Beim Start wird eine Meldung von Windows angezeigt! Virus?!
    Plagegeister aller Art und deren Bekämpfung - 18.03.2009 (0)
  15. vermute trojaner o.ä. - beim start von windows wird cmd automatisch ausgeführt
    Mülltonne - 12.11.2008 (0)
  16. PC läuft viel langsamer und Bildschirm wird beim Start kurz schwarz!
    Mülltonne - 05.10.2008 (1)
  17. Windows Media Player startet beim Start von Windows XP
    Log-Analyse und Auswertung - 19.02.2005 (13)

Zum Thema Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt - Hallo liebe Leute, seit einiger Zeit öffnet sich beim Starten von Windows jedesmal kurzzeitig die cmd.exe und führt irgendetwas aus. Da ich in diesem Forum gelesen habe, dass dies eventuell - Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt...
Archiv
Du betrachtest: Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.