Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AVG Fund: Backdoor Trojaner 27 Funde

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.09.2012, 01:29   #1
MeEvy
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



Hallo,

mein AVG Antivirenprogramm ist vorgestern aufgegangen mit der Meldung dass einem Backdoor-Trojaner der Zugriff verweigert wurde. (Zu diesem Zeitpunkt hatte ich nur Facebook und Excel offen). Wie gewohnt habe ich nach dieser Meldung einen vollständigen Systemscan durchgeführt.
Dabei hat AVG plötzlich 27 infizierte Dateien gefunden, von denen die meisten nicht entfernt werden konnten. Am häufigsten kam dabei der Dateiname:
C:\Users\***\AppData\Roaming\BAcroIEHelpe205.dll auf. Daneben noch der Firefox PlugIn Container sowie einige andere Dateien (OnenoteM.exe, acervcm.exe) usw...

Bin für jede Hilfe dankbar. Hoffe ich hab die Scans richtig gemacht...

Hier meine OTL Logs:
OTL.Txt:
OTL logfile created on: 20.09.2012 00:53:28 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,20% Memory free
7,93 Gb Paging File | 5,76 Gb Available in Paging File | 72,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 198,91 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3,69 Gb Total Space | 0,91 Gb Free Space | 24,74% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.20 00:51:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.05 09:09:08 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012.09.05 09:09:03 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.14 12:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.11.10 13:52:18 | 000,038,248 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
PRC - [2011.11.04 01:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011.08.03 22:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.14 10:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.09.24 14:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.05 09:09:10 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012.09.05 09:09:09 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012.09.05 09:09:03 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011.11.10 13:51:36 | 000,151,376 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
MOD - [2011.11.04 01:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011.11.04 01:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011.11.04 01:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.12.14 10:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.05 09:09:08 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.08.30 15:30:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.02.14 12:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.08.03 22:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.26 19:57:52 | 000,841,248 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.05 09:09:10 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.08.24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.07.26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.04.19 12:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 12:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.12.23 21:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 21:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 21:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.08.03 22:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.11.13 11:47:00 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.15 06:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.21 11:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.08.11 06:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.24 05:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360811x406l0423z1k5i58j1u843
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360811x406l0423z1k5i58j1u843
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360811x406l0423z1k5i58j1u843
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360811x406l0423z1k5i58j1u843
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360811x406l0423z1k5i58j1u843
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{303E72F5-8A1E-46AE-9FEC-70D9B9FC6F99}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE443DE443
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={CD719CA0-5C2F-4A8F-AEA0-8CA875E88001}&mid=eefe15d8c8ef47d0a80ab1a22f984ccb-07d5e0939286608322a2789535d4b911d61db5b3&lang=de&ds=AVG&pr=fr&d=2012-07-25 21:57:14&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7Bbeb60278-e50d-4e9b-85f4-d32fd4cd49a6%7D&mid=eefe15d8c8ef47d0a80ab1a22f984ccb-07d5e0939286608322a2789535d4b911d61db5b3&ds=AVG&v=12.2.5.32&lang=de&pr=fr&d=2012-07-25%2021%3A57%3A14&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.08.03 19:56:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.28 14:07:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 15:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.05 09:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 15:30:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.12 15:23:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\***\AppData\Roaming\15001.001 [2012.08.30 18:38:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 15:30:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.12 15:23:44 | 000,000,000 | ---D | M]

[2011.08.03 19:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.28 19:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2k7s4xs7.default\extensions
[2012.08.28 19:49:46 | 000,000,000 | ---D | M] (AF-HSS Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2k7s4xs7.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}
[2011.12.30 15:07:00 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\2k7s4xs7.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.04.13 02:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.13 02:24:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.28 14:07:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.09.05 09:10:09 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012.08.30 15:30:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.27 05:47:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 09:09:01 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.30 15:30:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.27 05:47:58 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 05:47:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 05:47:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 05:47:58 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_1\
CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Alamandi tray notifier] C:\Program Files (x86)\Intenium\Alamandi1\TaskBarNotifier.exe (Intenium)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4961886A-A1BF-4CDB-AEF1-3E4BFEDD4BBA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.20 00:51:39 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.20 00:40:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.09.20 00:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.20 00:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 00:40:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.20 00:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.13 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.09.13 14:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.09.13 14:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.09.13 14:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.09.12 15:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.11 09:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.08.30 18:38:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.001
[2012.08.30 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.019
[2012.08.29 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.018
[2012.08.29 10:12:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2012.08.29 09:51:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2012.08.29 09:51:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2012.08.24 15:43:16 | 000,384,352 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.20 00:51:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.20 00:40:33 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.20 00:31:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.20 00:11:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2497070198-2862634454-3708001446-1004UA.job
[2012.09.19 19:47:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 18:18:09 | 095,254,883 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.09.19 09:37:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 09:31:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2497070198-2862634454-3708001446-1004Core.job
[2012.09.18 12:02:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 12:02:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 02:06:20 | 000,123,603 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.09.17 12:09:23 | 001,089,701 | ---- | M] () -- C:\Users\***\Desktop\coupon.pdf
[2012.09.14 14:40:34 | 000,053,619 | ---- | M] () -- C:\Users\***\Desktop\Wohngemeinschaften in Nürnberg-Rosenau.pdf
[2012.09.14 14:28:34 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.13 14:12:17 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.13 14:12:17 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.13 14:12:17 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.13 14:12:17 | 000,153,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.13 14:12:17 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.13 14:03:38 | 000,001,237 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.09.11 09:42:28 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.09.09 15:49:34 | 000,092,972 | ---- | M] () -- C:\Users\***\Desktop\Flugrechnung.pdf
[2012.09.07 23:39:18 | 000,000,016 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.09.07 17:30:54 | 000,065,536 | ---- | M] () -- C:\Users\***\AppData\Roaming\2k7s4xs7.default.dat
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.05 09:12:43 | 000,002,457 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2012.09.05 09:09:10 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.09.04 12:42:26 | 010,196,575 | ---- | M] () -- C:\Users\***\Desktop\IMG_0003_NEW_0002.pdf
[2012.09.04 12:41:56 | 010,196,205 | ---- | M] () -- C:\Users\***\Desktop\IMG_0003_NEW_0001.pdf
[2012.09.04 12:39:26 | 003,850,747 | ---- | M] () -- C:\Users\***\Desktop\Bachelor.pdf
[2012.08.31 13:57:57 | 000,001,665 | ---- | M] () -- C:\Windows\wininit.ini
[2012.08.30 15:54:02 | 000,452,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.29 20:05:21 | 000,027,520 | ---- | M] () -- C:\Users\***\AppData\Local\dt.dat
[2012.08.29 08:49:27 | 000,438,661 | ---- | M] () -- C:\Users\***\Desktop\AnmeldungLotse***.pdf
[2012.08.29 08:37:26 | 000,038,025 | ---- | M] () -- C:\Users\***\Desktop\Studienkompass Anmeldungsbogen_VP_Lotsen_2012.pdf
[2012.08.24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.20 00:40:33 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.17 12:09:22 | 001,089,701 | ---- | C] () -- C:\Users\***\Desktop\coupon.pdf
[2012.09.14 14:40:34 | 000,053,619 | ---- | C] () -- C:\Users\***\Desktop\Wohngemeinschaften in Nürnberg-Rosenau.pdf
[2012.09.13 14:03:38 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.09.09 15:49:30 | 000,092,972 | ---- | C] () -- C:\Users\***\Desktop\Flugrechnung.pdf
[2012.09.04 12:42:20 | 010,196,575 | ---- | C] () -- C:\Users\***\Desktop\IMG_0003_NEW_0002.pdf
[2012.09.04 12:41:51 | 010,196,205 | ---- | C] () -- C:\Users\***\Desktop\IMG_0003_NEW_0001.pdf
[2012.09.04 12:39:21 | 003,850,747 | ---- | C] () -- C:\Users\***\Desktop\Bachelor.pdf
[2012.09.03 17:00:25 | 000,065,536 | ---- | C] () -- C:\Users\***\AppData\Roaming\2k7s4xs7.default.dat
[2012.08.29 20:05:21 | 000,027,520 | ---- | C] () -- C:\Users\***\AppData\Local\dt.dat
[2012.08.29 19:21:50 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.08.29 08:47:52 | 000,438,661 | ---- | C] () -- C:\Users\***\Desktop\AnmeldungLotse***.pdf
[2012.08.29 08:37:25 | 000,038,025 | ---- | C] () -- C:\Users\***\Desktop\Studienkompass Anmeldungsbogen_VP_Lotsen_2012.pdf
[2012.07.31 03:18:53 | 000,006,032 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.07.14 10:30:37 | 000,000,055 | ---- | C] () -- C:\Users\***\.gtk-bookmarks
[2012.02.07 00:22:25 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.02.06 21:07:51 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.01.03 16:50:05 | 000,001,665 | ---- | C] () -- C:\Windows\wininit.ini
[2011.12.28 16:09:25 | 000,187,328 | ---- | C] () -- C:\Users\***\Weibliche Pädagogik Jungs von heute - verweichlicht und verweiblicht - Nachrichten Debatte - Kommentare - WELT ONLINE.pdf
[2011.11.23 21:44:59 | 009,855,743 | ---- | C] () -- C:\Users\***\EchoWS1112-final.pdf
[2011.11.13 16:07:04 | 000,182,949 | ---- | C] () -- C:\Users\***\MP900402568.JPG
[2011.10.30 22:36:39 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.08.03 19:15:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.20 00:46:14 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 00:29:04 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010.10.20 00:29:04 | 000,206,072 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.20 00:29:04 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.10.20 00:29:04 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.04.08 16:53:55 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2008.12.09 17:23:13 | 000,050,640 | ---- | C] () -- C:\Users\***\AppData\Roaming\appConf32.exe

========== ZeroAccess Check ==========

[2012.09.05 09:10:07 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar
[2012.09.05 09:10:07 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\chrome
[2012.09.05 09:10:07 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\components
[2012.09.05 09:10:07 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\locale
[2012.09.05 09:10:08 | 000,000,000 | ---D | M] -- C:\Windows\Temp\avg@toolbar\modules
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012.08.29 19:21:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.018
[2012.08.30 13:17:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.019
[2012.08.30 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.001
[2012.01.28 19:27:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\A2 Entertainment
[2012.02.23 16:42:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alawar
[2012.01.04 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artifex Mundi
[2012.07.26 06:07:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG
[2012.07.26 06:01:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2011.11.09 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.01.03 20:28:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dekovir
[2012.09.14 14:30:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.10.31 18:05:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.09.13 14:04:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.08.04 23:35:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2011.11.23 00:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.07.14 10:30:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.02.21 17:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Happy Chef
[2011.10.30 22:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2012.08.29 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.08.18 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lonely Troops
[2011.08.19 01:58:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.09.15 00:21:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PathToSuccess_DE
[2011.12.15 16:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.01.28 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Playrix Entertainment
[2011.12.15 02:35:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland
[2012.03.21 02:54:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.02.09 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tracker Software
[2012.09.12 10:42:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012.09.12 10:42:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2012.03.23 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:3A4C8FE7
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:AEEC88F6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E9900C74
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BAFAD1DF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AE289451
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:908A8F22
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP0AB0B4A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:371A321E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:73B78E79
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F760FD47

< End of report >

Extras.Txt:

OTL Extras logfile created on: 20.09.2012 00:53:29 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,20% Memory free
7,93 Gb Paging File | 5,76 Gb Available in Paging File | 72,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 198,91 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3,69 Gb Total Space | 0,91 Gb Free Space | 24,74% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2563DA6F-7DDB-4451-9811-0AAE0AD69B4D}" = lport=138 | protocol=17 | dir=in | app=system |
"{2628DEE2-7955-4CB7-8659-2E1D498DB5EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35261E08-2BF7-4D58-B6C6-229ABBC8E95A}" = lport=137 | protocol=17 | dir=in | app=system |
"{43BC9087-DA15-4DA4-9A05-5A7153F62AD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EF580EE-B5C0-48EA-A4A5-F68EF90189EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FE22FDE-3019-4C80-BBFC-9A8E1FB3F075}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E1B14B0-5C69-4F3B-952E-DC38BEA0B879}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FFA782F-B134-4ACA-9316-00A7DF32D887}" = lport=139 | protocol=6 | dir=in | app=system |
"{67FB843D-4F7B-4C73-B3F3-2129E3093AFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AFEEFDB-0CBB-4C8A-950F-4F8BF7E8DEFA}" = rport=445 | protocol=6 | dir=out | app=system |
"{81B27111-ED2D-41AC-B846-17A421F2FE5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{899FFBF8-0837-4A08-9DA2-DFCA2A6AF1DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9009A199-81F6-4A49-8AAB-DB7F51910CD6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9671074C-29F1-4B23-8088-72C3334ADA39}" = rport=139 | protocol=6 | dir=out | app=system |
"{9EE2915C-5825-404C-B37B-6AA802F7FC91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FDA1403-0303-4CB9-8084-B43EFC8B190A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A90882DF-4CE6-4DB0-9BA2-E92263F308B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7CA323F-8042-4BD2-A2E7-AE58260E2D7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2C5155E-0893-4A68-B4E8-B3E0EEF4CDF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4E6364F-8B6D-4B35-8709-E96316A19B76}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3FA8259-8E22-42AF-9DDD-112FE2C9F1C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D83E2409-56F9-4AA6-87F6-908DE96146DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9686172-AC60-4DE8-8B4B-95DEB8E44E33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4152CCF-F6EC-430D-B297-2F762B65D5B2}" = rport=138 | protocol=17 | dir=out | app=system |
"{F889826C-6B74-4BB9-A4DC-8E91BDC9EABD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F9F191CD-0B5C-49A9-8B44-FE52547F96E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0021DE51-4BEB-4DAA-B4AC-67A77F4BD48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BA21CAE-E4F0-42C2-9D54-5DD0E85ED129}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1229183B-F616-4CFA-966E-73A38818748C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{220CAB31-3B9C-471F-91EA-115B100BE355}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2230E751-B13B-4C92-B7D6-E7547D811F14}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24C82472-6FA2-4B98-BC2D-8B1586B60AA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{273D7A9E-D8C6-489C-8406-3DC0219EB001}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3589D4D5-E90C-4ED8-8DC4-1A3CA796E35C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36557ABE-FD50-453A-AF41-60A6BD0E8F2B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A9BB397-5635-4E36-AFDF-ECE837C05FA9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{3D59876D-5E03-497C-8290-21741CEDA95D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4A9A1442-F52B-4ABC-BFC8-4F058A2D6365}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{4B7060CD-BD65-4F1A-A403-D6F838588878}" = protocol=6 | dir=out | app=system |
"{4D338015-77EC-4ABB-898C-27E7068424AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4ED4CABD-F0E2-482B-B07C-95939BA30E00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53588F42-FEA4-41A8-BBF1-FA066D70CFE4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{541AB5AE-C71F-4869-87D5-F62D9A9ABF1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56334F77-8772-4624-B3E9-A68621C972F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CE3B888-AFDF-4F56-8C4C-14398E2D8094}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{5E7BEB6D-E0B5-4AC8-B040-F2518E81F82C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{613210EA-A0C6-499F-9DA0-111335393EEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{706CB350-E8B3-43DC-9BFC-641D0A2340E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{732CCEE0-01E8-44D6-A576-1BED1883A330}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AB0D054-887B-40F7-8ABB-ED66847454CC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C62C77E-EF66-41D6-B2BD-71C8BA2FD81B}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{91AB0762-28C7-47C4-B1EE-F93B8817FCE2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9580D49B-324B-4D4E-A167-E55D5FAF8D2A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97C0EA2B-6CA8-4667-9AF6-547BEA6221EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{99B76965-748A-4A3C-A773-483C1D708BAF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9BE86343-E132-4986-A351-AD4CCD7BE3D3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A03DF832-9D94-440B-806A-0033E3B52DB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2D93CA7-3486-478A-BD32-3F8A64F84140}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A3FE14A3-E1EE-4D56-A5A4-6FC8A9BD02E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A63A570E-E1F8-4C34-B220-C9E993EC2E82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B003F4C2-113A-4379-BF09-DC9DFACEA80B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0910AB2-491D-4E95-877D-94E0514781F1}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B14B57E6-DCB7-4D4C-A940-FC934E064F4C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4970EBA-0F65-48DE-973B-A4C81492129F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B8FC499A-BA67-4BBC-ADB1-88338A682D40}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C318D83B-A668-40AC-B8DA-731C904D78DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA3CB06F-80B0-4F8B-AE76-02BB35BEC824}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D348FF61-2520-41BA-AE51-84BF2F4514AE}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{D947B45B-3417-4854-A079-3A592F109D80}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC44CB8E-C0E5-482B-9861-F71EFEF76DA8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DC75C6C3-F9B5-47AB-827E-642C6AA05F3A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DD970481-9DB5-4377-B1EA-24EBA017C62F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC075EFC-60A5-45A2-B1A0-B7B6F4FAEDB6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F0F38695-F5B7-4A30-AA3E-AC8071E14C16}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{F31C5257-C68F-441C-B07E-EA5937139B22}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"TCP Query User{3193826E-FFD0-4AD5-8323-83573A487639}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{AC3758AF-A87D-4F55-A16A-6EC6B3831275}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Drucken in PDF Annotator_is1" = Drucken in PDF Annotator (novaPDF OEM 7.4 printer)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{47CED407-95BF-4EF5-AD14-89F979480E1A}" = Secure Download Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{61A8696A-465C-45C7-94A5-312A64FC58C3}" = Mindjet MindManager 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alamandi" = Alamandi
"BFGC" = Big Fish Games: Game Manager
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"DivX Setup" = DivX-Setup
"DSGPlayer" = SAT1 GAME CENTER
"ElsterFormular" = ElsterFormular
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PDFAnnotator_is1" = PDF Annotator 3.0.0.331
"Security Task Manager" = Security Task Manager 1.8d
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19.09.2012 13:40:11 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2215

Error - 19.09.2012 13:40:12 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.09.2012 13:40:12 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3244

Error - 19.09.2012 13:40:12 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3244

Error - 19.09.2012 13:40:13 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.09.2012 13:40:13 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4243

Error - 19.09.2012 13:40:13 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4243

Error - 19.09.2012 13:47:31 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.09.2012 13:47:31 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 441560

Error - 19.09.2012 13:47:31 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 441560

[ Cisco AnyConnect VPN Client Events ]
Error - 19.09.2012 04:00:58 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr:eterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 19.09.2012 04:00:58 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 19.09.2012 04:00:58 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 19.09.2012 04:00:58 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 19.09.2012 06:29:35 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 19.09.2012 06:29:35 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 19.09.2012 06:29:35 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr:eterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 19.09.2012 06:29:35 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 19.09.2012 06:29:35 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 19.09.2012 06:29:35 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

[ System Events ]
Error - 06.09.2012 10:40:19 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =

Error - 06.09.2012 10:56:10 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 08.09.2012 03:34:39 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
2007 (KB2596764)

Error - 08.09.2012 21:01:24 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
2007 (KB2596764)

Error - 12.09.2012 04:42:51 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
2007 (KB2596764)

Error - 13.09.2012 05:28:02 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
2007 (KB2596764)

Error - 14.09.2012 02:05:57 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
2007 (KB2596764)

Error - 14.09.2012 08:28:38 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?09.?2012 um 13:35:36 unerwartet heruntergefahren.

Error - 16.09.2012 04:12:03 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
2007 (KB2596764)

Error - 16.09.2012 07:16:50 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


< End of report >

Alt 20.09.2012, 07:59   #2
Chris4You
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



Achtung: Pfade mit "***" durch den korrekten Pfad ersetzen, sonst läuft der Fix nicht richtig!


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
[2012.08.30 18:38:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.001
[2012.08.30 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.019
[2012.08.29 19:21:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.018
[2012.08.29 10:12:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2012.08.29 09:51:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2012.08.29 09:51:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2012.09.07 23:39:18 | 000,000,016 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2008.12.09 17:23:13 | 000,050,640 | ---- | C] () -- C:\Users\***\AppData\Roaming\appConf32.exe
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:3A4C8FE7
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:AEEC88F6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E9900C74
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BAFAD1DF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AE289451
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:908A8F22
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP0AB0B4A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:371A321E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:73B78E79
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F760FD47
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\***\AppData\Roaming\15001.001 [2012.08.30 18:38:35 | 000,000,000 | ---D | M]
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

AdwareCleaner (AdwCleaner)
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!
Poste die Logfiles in Code-Tags
Download über AdwCleaner by Xplode zum Desktop.

Starte AdwCleaner und klicke Search
Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

MAM updaten und Fullscan, Log posten!

chris
__________________

__________________

Alt 20.09.2012, 16:06   #3
MeEvy
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



Ok hier mal die OTL Results, alles weitere kommt gleich:

All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\15001.001\components folder moved successfully.
C:\Users\***\AppData\Roaming\15001.001 folder moved successfully.
C:\Users\***\AppData\Roaming\14001.019\components folder moved successfully.
C:\Users\***\AppData\Roaming\14001.019 folder moved successfully.
C:\Users\***\AppData\Roaming\14001.018\components folder moved successfully.
C:\Users\***\AppData\Roaming\14001.018 folder moved successfully.
C:\Users\***\AppData\Roaming\UAs folder moved successfully.
C:\Users\***\AppData\Roaming\xmldm folder moved successfully.
C:\Users\***\AppData\Roaming\kock folder moved successfully.
C:\Users\***\AppData\Roaming\blckdom.res moved successfully.
File C:\Users\***\AppData\Roaming\appConf32.exe not found.
C:\Windows\assembly\Desktop.ini moved successfully.
ADS C:\ProgramData\TEMP:3A4C8FE7 deleted successfully.
ADS C:\ProgramData\TEMP:AEEC88F6 deleted successfully.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
ADS C:\ProgramData\TEMP:E9900C74 deleted successfully.
ADS C:\ProgramData\TEMP:BAFAD1DF deleted successfully.
ADS C:\ProgramData\TEMP:AE289451 deleted successfully.
ADS C:\ProgramData\TEMP:908A8F22 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP0AB0B4A .
ADS C:\ProgramData\TEMP:371A321E deleted successfully.
ADS C:\ProgramData\TEMP:93EB7685 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:7E4E56EA deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:73B78E79 deleted successfully.
ADS C:\ProgramData\TEMP:1B3549F2 deleted successfully.
ADS C:\ProgramData\TEMP:F760FD47 deleted successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}\ not found.
File C:\Users\***\AppData\Roaming\15001.001 not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 1229683092 bytes
->Temporary Internet Files folder emptied: 54477954 bytes
->Java cache emptied: 1220353 bytes
->FireFox cache emptied: 214902423 bytes
->Google Chrome cache emptied: 7710143 bytes
->Flash cache emptied: 10659 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28210483 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36106586 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.500,00 mb


OTL by OldTimer - Version 3.2.64.0 log created on 09202012_155738

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hier das adwcleaner (das mein Virenprogramm auch als Bedrohung angesehen hat) File:
# AdwCleaner v2.002 - Datei am 09/20/2012 um 16:08:25 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : ***- ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\***\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\***\AppData\Local\Conduit
Ordner Gefunden : C:\Users\***\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2k7s4xs7.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKU\S-1-5-21-2497070198-2862634454-3708001446-1004\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKU\S-1-5-21-2497070198-2862634454-3708001446-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKU\S-1-5-21-2497070198-2862634454-3708001446-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-2497070198-2862634454-3708001446-1004\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2k7s4xs7.default\prefs.js

Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,avg@toolbar:12.2.5.32,{4ED1F[...]
Gefunden : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bbeb60278-e50d-4e9b-85f4-d32fd4cd49a6[...]

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8622 octets] - [20/09/2012 16:08:25]

########## EOF - C:\AdwCleaner[R1].txt - [8682 octets] ##########
__________________

Alt 20.09.2012, 16:16   #4
MeEvy
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



Das TDSS Programm hat bei mir ein paar weitere Einstellungsmöglichkeiten, kannst du mir kurz sagen was ich da alles anklicken soll?
Vorausgewählt waren die oberen drei wie im Bild...
Miniaturansicht angehängter Grafiken
AVG Fund:  Backdoor Trojaner 27 Funde-unbenannt.jpg  

Alt 21.09.2012, 17:15   #5
MeEvy
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



17:12:02.0385 4692 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:12:02.0588 4692 ============================================================
17:12:02.0588 4692 Current date / time: 2012/09/21 17:12:02.0588
17:12:02.0588 4692 SystemInfo:
17:12:02.0589 4692
17:12:02.0589 4692 OS Version: 6.1.7600 ServicePack: 0.0
17:12:02.0589 4692 Product type: Workstation
17:12:02.0589 4692 ComputerName: ***-PC
17:12:02.0589 4692 UserName: ***
17:12:02.0589 4692 Windows directory: C:\Windows
17:12:02.0589 4692 System windows directory: C:\Windows
17:12:02.0589 4692 Running under WOW64
17:12:02.0589 4692 Processor architecture: Intel x64
17:12:02.0589 4692 Number of processors: 2
17:12:02.0589 4692 Page size: 0x1000
17:12:02.0590 4692 Boot type: Normal boot
17:12:02.0590 4692 ============================================================
17:12:04.0271 4692 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:12:04.0278 4692 ============================================================
17:12:04.0278 4692 \Device\Harddisk0\DR0:
17:12:04.0278 4692 MBR partitions:
17:12:04.0279 4692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
17:12:04.0279 4692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
17:12:04.0279 4692 ============================================================
17:12:04.0303 4692 C: <-> \Device\Harddisk0\DR0\Partition2
17:12:04.0331 4692 ============================================================
17:12:04.0331 4692 Initialize success
17:12:04.0331 4692 ============================================================
17:12:28.0619 3036 ============================================================
17:12:28.0619 3036 Scan started
17:12:28.0619 3036 Mode: Manual; SigCheck; TDLFS;
17:12:28.0619 3036 ============================================================
17:12:29.0606 3036 ================ Scan services =============================
17:12:29.0801 3036 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:12:30.0085 3036 1394ohci - ok
17:12:30.0117 3036 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:12:30.0156 3036 ACPI - ok
17:12:30.0184 3036 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:12:30.0291 3036 AcpiPmi - ok
17:12:30.0334 3036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:12:30.0367 3036 adp94xx - ok
17:12:30.0430 3036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:12:30.0451 3036 adpahci - ok
17:12:30.0494 3036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:12:30.0512 3036 adpu320 - ok
17:12:30.0557 3036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:12:30.0711 3036 AeLookupSvc - ok
17:12:30.0780 3036 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
17:12:30.0925 3036 AFD - ok
17:12:30.0982 3036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:12:31.0009 3036 agp440 - ok
17:12:31.0063 3036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:12:31.0103 3036 ALG - ok
17:12:31.0150 3036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:12:31.0165 3036 aliide - ok
17:12:31.0205 3036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:12:31.0220 3036 amdide - ok
17:12:31.0260 3036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:12:31.0316 3036 AmdK8 - ok
17:12:31.0353 3036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:12:31.0389 3036 AmdPPM - ok
17:12:31.0425 3036 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:12:31.0442 3036 amdsata - ok
17:12:31.0499 3036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:12:31.0517 3036 amdsbs - ok
17:12:31.0540 3036 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:12:31.0554 3036 amdxata - ok
17:12:31.0599 3036 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:12:31.0652 3036 AppID - ok
17:12:31.0689 3036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:12:31.0758 3036 AppIDSvc - ok
17:12:31.0851 3036 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:12:31.0930 3036 Appinfo - ok
17:12:32.0064 3036 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:12:32.0088 3036 Apple Mobile Device - ok
17:12:32.0158 3036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:12:32.0186 3036 arc - ok
17:12:32.0208 3036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:12:32.0225 3036 arcsas - ok
17:12:32.0266 3036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:12:32.0320 3036 AsyncMac - ok
17:12:32.0379 3036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:12:32.0402 3036 atapi - ok
17:12:32.0487 3036 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:12:32.0586 3036 AudioEndpointBuilder - ok
17:12:32.0598 3036 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:12:32.0643 3036 AudioSrv - ok
17:12:32.0872 3036 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
17:12:32.0993 3036 AVGIDSAgent - ok
17:12:33.0042 3036 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:12:33.0112 3036 AVGIDSDriver - ok
17:12:33.0152 3036 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:12:33.0171 3036 AVGIDSFilter - ok
17:12:33.0197 3036 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
17:12:33.0209 3036 AVGIDSHA - ok
17:12:33.0281 3036 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
17:12:33.0311 3036 Avgldx64 - ok
17:12:33.0327 3036 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
17:12:33.0339 3036 Avgmfx64 - ok
17:12:33.0407 3036 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
17:12:33.0427 3036 Avgrkx64 - ok
17:12:33.0456 3036 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
17:12:33.0475 3036 Avgtdia - ok
17:12:33.0505 3036 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
17:12:33.0518 3036 avgtp - ok
17:12:33.0559 3036 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:12:33.0573 3036 avgwd - ok
17:12:33.0607 3036 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:12:33.0669 3036 AxInstSV - ok
17:12:33.0709 3036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:12:33.0745 3036 b06bdrv - ok
17:12:33.0782 3036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:12:33.0835 3036 b57nd60a - ok
17:12:33.0961 3036 [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:12:34.0093 3036 BCM43XX - ok
17:12:34.0162 3036 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:12:34.0188 3036 BcmSqlStartupSvc - ok
17:12:34.0233 3036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:12:34.0257 3036 BDESVC - ok
17:12:34.0294 3036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:12:34.0385 3036 Beep - ok
17:12:34.0447 3036 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
17:12:34.0564 3036 BFE - ok
17:12:34.0611 3036 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
17:12:34.0673 3036 BITS - ok
17:12:34.0711 3036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:12:34.0743 3036 blbdrive - ok
17:12:34.0865 3036 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:12:34.0892 3036 Bonjour Service - ok
17:12:34.0924 3036 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:12:34.0959 3036 bowser - ok
17:12:34.0979 3036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:12:35.0034 3036 BrFiltLo - ok
17:12:35.0056 3036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:12:35.0075 3036 BrFiltUp - ok
17:12:35.0140 3036 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
17:12:35.0185 3036 Browser - ok
17:12:35.0218 3036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:12:35.0263 3036 Brserid - ok
17:12:35.0274 3036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:12:35.0311 3036 BrSerWdm - ok
17:12:35.0355 3036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:12:35.0424 3036 BrUsbMdm - ok
17:12:35.0447 3036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:12:35.0480 3036 BrUsbSer - ok
17:12:35.0501 3036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:12:35.0530 3036 BTHMODEM - ok
17:12:35.0582 3036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:12:35.0679 3036 bthserv - ok
17:12:35.0729 3036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:12:35.0808 3036 cdfs - ok
17:12:35.0864 3036 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:12:35.0910 3036 cdrom - ok
17:12:35.0989 3036 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:12:36.0074 3036 CertPropSvc - ok
17:12:36.0136 3036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:12:36.0170 3036 circlass - ok
17:12:36.0220 3036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:12:36.0248 3036 CLFS - ok
17:12:36.0311 3036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:12:36.0336 3036 clr_optimization_v2.0.50727_32 - ok
17:12:36.0401 3036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:12:36.0434 3036 clr_optimization_v2.0.50727_64 - ok
17:12:36.0486 3036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:12:36.0510 3036 clr_optimization_v4.0.30319_32 - ok
17:12:36.0551 3036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:12:36.0565 3036 clr_optimization_v4.0.30319_64 - ok
17:12:36.0597 3036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:12:36.0628 3036 CmBatt - ok
17:12:36.0643 3036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:12:36.0658 3036 cmdide - ok
17:12:36.0709 3036 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
17:12:36.0756 3036 CNG - ok
17:12:36.0832 3036 [ 20F3F8674D7DEE5D90A352B775D5D5BA ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
17:12:36.0944 3036 CnxtHdAudService - ok
17:12:36.0990 3036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:12:37.0015 3036 Compbatt - ok
17:12:37.0050 3036 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:12:37.0082 3036 CompositeBus - ok
17:12:37.0093 3036 COMSysApp - ok
17:12:37.0109 3036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:12:37.0124 3036 crcdisk - ok
17:12:37.0175 3036 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:12:37.0228 3036 CryptSvc - ok
17:12:37.0268 3036 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:12:37.0338 3036 DcomLaunch - ok
17:12:37.0368 3036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:12:37.0423 3036 defragsvc - ok
17:12:37.0446 3036 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:12:37.0483 3036 DfsC - ok
17:12:37.0515 3036 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:12:37.0607 3036 Dhcp - ok
17:12:37.0648 3036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:12:37.0728 3036 discache - ok
17:12:37.0770 3036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:12:37.0785 3036 Disk - ok
17:12:37.0877 3036 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys
17:12:37.0898 3036 DKbFltr - ok
17:12:37.0934 3036 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:12:37.0970 3036 Dnscache - ok
17:12:38.0005 3036 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:12:38.0064 3036 dot3svc - ok
17:12:38.0081 3036 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:12:38.0130 3036 DPS - ok
17:12:38.0163 3036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:12:38.0203 3036 drmkaud - ok
17:12:38.0260 3036 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:12:38.0340 3036 DXGKrnl - ok
17:12:38.0367 3036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:12:38.0420 3036 EapHost - ok
17:12:38.0521 3036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:12:38.0658 3036 ebdrv - ok
17:12:38.0699 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
17:12:38.0747 3036 EFS - ok
17:12:38.0812 3036 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:12:38.0861 3036 ehRecvr - ok
17:12:38.0894 3036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:12:38.0952 3036 ehSched - ok
17:12:38.0998 3036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:12:39.0034 3036 elxstor - ok
17:12:39.0090 3036 [ D3FA244EF742B359093F8596011CB815 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
17:12:39.0118 3036 ePowerSvc - ok
17:12:39.0136 3036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:12:39.0180 3036 ErrDev - ok
17:12:39.0232 3036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:12:39.0286 3036 EventSystem - ok
17:12:39.0315 3036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:12:39.0363 3036 exfat - ok
17:12:39.0392 3036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:12:39.0442 3036 fastfat - ok
17:12:39.0491 3036 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:12:39.0533 3036 Fax - ok
17:12:39.0544 3036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:12:39.0561 3036 fdc - ok
17:12:39.0590 3036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:12:39.0648 3036 fdPHost - ok
17:12:39.0668 3036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:12:39.0722 3036 FDResPub - ok
17:12:39.0756 3036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:12:39.0771 3036 FileInfo - ok
17:12:39.0782 3036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:12:39.0822 3036 Filetrace - ok
17:12:39.0838 3036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:12:39.0863 3036 flpydisk - ok
17:12:39.0881 3036 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:12:39.0901 3036 FltMgr - ok
17:12:39.0973 3036 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
17:12:40.0047 3036 FontCache - ok
17:12:40.0097 3036 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:12:40.0119 3036 FontCache3.0.0.0 - ok
17:12:40.0135 3036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:12:40.0152 3036 FsDepends - ok
17:12:40.0187 3036 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:12:40.0202 3036 Fs_Rec - ok
17:12:40.0248 3036 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:12:40.0268 3036 fvevol - ok
17:12:40.0312 3036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:12:40.0327 3036 gagp30kx - ok
17:12:40.0385 3036 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:12:40.0406 3036 GEARAspiWDM - ok
17:12:40.0452 3036 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:12:40.0497 3036 gpsvc - ok
17:12:40.0558 3036 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
17:12:40.0577 3036 GREGService - ok
17:12:40.0678 3036 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:12:40.0700 3036 gupdate - ok
17:12:40.0733 3036 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:12:40.0745 3036 gupdatem - ok
17:12:40.0782 3036 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:12:40.0797 3036 gusvc - ok
17:12:40.0846 3036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:12:40.0886 3036 hcw85cir - ok
17:12:40.0951 3036 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:12:40.0999 3036 HdAudAddService - ok
17:12:41.0039 3036 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:12:41.0091 3036 HDAudBus - ok
17:12:41.0105 3036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:12:41.0141 3036 HidBatt - ok
17:12:41.0170 3036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:12:41.0205 3036 HidBth - ok
17:12:41.0230 3036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:12:41.0269 3036 HidIr - ok
17:12:41.0301 3036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:12:41.0349 3036 hidserv - ok
17:12:41.0387 3036 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:12:41.0422 3036 HidUsb - ok
17:12:41.0464 3036 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:12:41.0516 3036 hkmsvc - ok
17:12:41.0529 3036 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:12:41.0565 3036 HomeGroupListener - ok
17:12:41.0592 3036 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:12:41.0611 3036 HomeGroupProvider - ok
17:12:41.0641 3036 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:12:41.0658 3036 HpSAMD - ok
17:12:41.0702 3036 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:12:41.0764 3036 HTTP - ok
17:12:41.0792 3036 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:12:41.0807 3036 hwpolicy - ok
17:12:41.0833 3036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:12:41.0851 3036 i8042prt - ok
17:12:41.0922 3036 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:12:41.0950 3036 IAANTMON - ok
17:12:41.0980 3036 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:12:41.0996 3036 iaStor - ok
17:12:42.0063 3036 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:12:42.0096 3036 iaStorV - ok
17:12:42.0152 3036 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:12:42.0193 3036 idsvc - ok
17:12:42.0236 3036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:12:42.0251 3036 iirsp - ok
17:12:42.0297 3036 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:12:42.0366 3036 IKEEXT - ok
17:12:42.0382 3036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:12:42.0397 3036 intelide - ok
17:12:42.0424 3036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:12:42.0456 3036 intelppm - ok
17:12:42.0482 3036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:12:42.0533 3036 IPBusEnum - ok
17:12:42.0559 3036 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:12:42.0599 3036 IpFilterDriver - ok
17:12:42.0648 3036 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:12:42.0696 3036 iphlpsvc - ok
17:12:42.0720 3036 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:12:42.0749 3036 IPMIDRV - ok
17:12:42.0767 3036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:12:42.0819 3036 IPNAT - ok
17:12:42.0888 3036 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:12:42.0916 3036 iPod Service - ok
17:12:42.0946 3036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:12:42.0967 3036 IRENUM - ok
17:12:42.0981 3036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:12:42.0997 3036 isapnp - ok
17:12:43.0016 3036 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:12:43.0035 3036 iScsiPrt - ok
17:12:43.0098 3036 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:12:43.0112 3036 IviRegMgr - ok
17:12:43.0153 3036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:12:43.0168 3036 kbdclass - ok
17:12:43.0204 3036 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:12:43.0229 3036 kbdhid - ok
17:12:43.0244 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
17:12:43.0259 3036 KeyIso - ok
17:12:43.0342 3036 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:12:43.0370 3036 KSecDD - ok
17:12:43.0388 3036 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:12:43.0405 3036 KSecPkg - ok
17:12:43.0434 3036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:12:43.0487 3036 ksthunk - ok
17:12:43.0523 3036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:12:43.0580 3036 KtmRm - ok
17:12:43.0615 3036 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
17:12:43.0651 3036 L1C - ok
17:12:43.0678 3036 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:12:43.0713 3036 LanmanServer - ok
17:12:43.0745 3036 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:12:43.0798 3036 LanmanWorkstation - ok
17:12:43.0833 3036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:12:43.0889 3036 lltdio - ok
17:12:43.0912 3036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:12:43.0956 3036 lltdsvc - ok
17:12:44.0002 3036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:12:44.0040 3036 lmhosts - ok
17:12:44.0064 3036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:12:44.0081 3036 LSI_FC - ok
17:12:44.0099 3036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:12:44.0115 3036 LSI_SAS - ok
17:12:44.0129 3036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:12:44.0157 3036 LSI_SAS2 - ok
17:12:44.0176 3036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:12:44.0193 3036 LSI_SCSI - ok
17:12:44.0210 3036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:12:44.0262 3036 luafv - ok
17:12:44.0302 3036 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:12:44.0316 3036 MBAMProtector - ok
17:12:44.0360 3036 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:12:44.0379 3036 MBAMScheduler - ok
17:12:44.0413 3036 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:12:44.0437 3036 MBAMService - ok
17:12:44.0514 3036 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
17:12:44.0538 3036 McAfee SiteAdvisor Service - ok
17:12:44.0570 3036 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:12:44.0599 3036 Mcx2Svc - ok
17:12:44.0624 3036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:12:44.0640 3036 megasas - ok
17:12:44.0659 3036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:12:44.0679 3036 MegaSR - ok
17:12:44.0757 3036 Microsoft SharePoint Workspace Audit Service - ok
17:12:44.0808 3036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:12:44.0886 3036 MMCSS - ok
17:12:44.0915 3036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:12:44.0955 3036 Modem - ok
17:12:44.0979 3036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:12:45.0012 3036 monitor - ok
17:12:45.0038 3036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:12:45.0055 3036 mouclass - ok
17:12:45.0072 3036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:12:45.0104 3036 mouhid - ok
17:12:45.0139 3036 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:12:45.0155 3036 mountmgr - ok
17:12:45.0223 3036 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:12:45.0264 3036 MozillaMaintenance - ok
17:12:45.0288 3036 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:12:45.0308 3036 mpio - ok
17:12:45.0325 3036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:12:45.0365 3036 mpsdrv - ok
17:12:45.0399 3036 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:12:45.0469 3036 MpsSvc - ok
17:12:45.0490 3036 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:12:45.0513 3036 MRxDAV - ok
17:12:45.0537 3036 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:12:45.0571 3036 mrxsmb - ok
17:12:45.0612 3036 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:12:45.0643 3036 mrxsmb10 - ok
17:12:45.0666 3036 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:12:45.0698 3036 mrxsmb20 - ok
17:12:45.0719 3036 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:12:45.0734 3036 msahci - ok
17:12:45.0753 3036 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:12:45.0770 3036 msdsm - ok
17:12:45.0792 3036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:12:45.0827 3036 MSDTC - ok
17:12:45.0881 3036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:12:45.0924 3036 Msfs - ok
17:12:45.0936 3036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:12:45.0974 3036 mshidkmdf - ok
17:12:45.0988 3036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:12:46.0002 3036 msisadrv - ok
17:12:46.0056 3036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:12:46.0097 3036 MSiSCSI - ok
17:12:46.0102 3036 msiserver - ok
17:12:46.0139 3036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:12:46.0190 3036 MSKSSRV - ok
17:12:46.0205 3036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:12:46.0265 3036 MSPCLOCK - ok
17:12:46.0288 3036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:12:46.0340 3036 MSPQM - ok
17:12:46.0360 3036 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:12:46.0381 3036 MsRPC - ok
17:12:46.0397 3036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:12:46.0413 3036 mssmbios - ok
17:12:46.0488 3036 MSSQL$MSSMLBIZ - ok
17:12:46.0541 3036 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:12:46.0567 3036 MSSQLServerADHelper - ok
17:12:46.0596 3036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:12:46.0662 3036 MSTEE - ok
17:12:46.0693 3036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:12:46.0721 3036 MTConfig - ok
17:12:46.0742 3036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:12:46.0756 3036 Mup - ok
17:12:46.0795 3036 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:12:46.0854 3036 napagent - ok
17:12:46.0911 3036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:12:46.0963 3036 NativeWifiP - ok
17:12:46.0998 3036 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:12:47.0036 3036 NDIS - ok
17:12:47.0066 3036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:12:47.0118 3036 NdisCap - ok
17:12:47.0172 3036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:12:47.0226 3036 NdisTapi - ok
17:12:47.0256 3036 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:12:47.0302 3036 Ndisuio - ok
17:12:47.0324 3036 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:12:47.0366 3036 NdisWan - ok
17:12:47.0384 3036 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:12:47.0441 3036 NDProxy - ok
17:12:47.0465 3036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:12:47.0526 3036 NetBIOS - ok
17:12:47.0549 3036 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:12:47.0607 3036 NetBT - ok
17:12:47.0643 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
17:12:47.0661 3036 Netlogon - ok
17:12:47.0709 3036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:12:47.0767 3036 Netman - ok
17:12:47.0778 3036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:12:47.0832 3036 netprofm - ok
17:12:47.0873 3036 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:12:47.0888 3036 NetTcpPortSharing - ok
17:12:48.0134 3036 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
17:12:48.0339 3036 NETw5s64 - ok
17:12:48.0482 3036 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:12:48.0667 3036 netw5v64 - ok
17:12:48.0691 3036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:12:48.0707 3036 nfrd960 - ok
17:12:48.0745 3036 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:12:48.0806 3036 NlaSvc - ok
17:12:48.0836 3036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:12:48.0887 3036 Npfs - ok
17:12:48.0916 3036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:12:48.0975 3036 nsi - ok
17:12:48.0997 3036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:12:49.0050 3036 nsiproxy - ok
17:12:49.0118 3036 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:12:49.0193 3036 Ntfs - ok
17:12:49.0267 3036 [ 28C59F594044CBF8598B18C927097091 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:12:49.0291 3036 NTIBackupSvc - ok
17:12:49.0336 3036 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
17:12:49.0348 3036 NTIDrvr - ok
17:12:49.0368 3036 [ B8D903B2894FF9AFBD99CA51C35590D7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:12:49.0443 3036 NTISchedulerSvc - ok
17:12:49.0464 3036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:12:49.0519 3036 Null - ok
17:12:49.0772 3036 [ FD39B98FF1BB8ED3848781497E9D02E0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:12:50.0110 3036 nvlddmkm - ok
17:12:50.0150 3036 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:12:50.0167 3036 nvraid - ok
17:12:50.0204 3036 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:12:50.0222 3036 nvstor - ok
17:12:50.0342 3036 [ C1668D58547DD0C4A0FBD6AFA20D5890 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:12:50.0372 3036 nvsvc - ok
17:12:50.0386 3036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:12:50.0403 3036 nv_agp - ok
17:12:50.0430 3036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:12:50.0465 3036 ohci1394 - ok
17:12:50.0526 3036 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:12:50.0549 3036 ose - ok
17:12:50.0753 3036 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:12:50.0840 3036 osppsvc - ok
17:12:50.0894 3036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:12:50.0925 3036 p2pimsvc - ok
17:12:50.0947 3036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:12:50.0970 3036 p2psvc - ok
17:12:51.0014 3036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:12:51.0031 3036 Parport - ok
17:12:51.0071 3036 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:12:51.0086 3036 partmgr - ok
17:12:51.0103 3036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:12:51.0136 3036 PcaSvc - ok
17:12:51.0163 3036 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:12:51.0181 3036 pci - ok
17:12:51.0194 3036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:12:51.0209 3036 pciide - ok
17:12:51.0231 3036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:12:51.0251 3036 pcmcia - ok
17:12:51.0266 3036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:12:51.0280 3036 pcw - ok
17:12:51.0306 3036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:12:51.0364 3036 PEAUTH - ok
17:12:51.0454 3036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:12:51.0494 3036 PerfHost - ok
17:12:51.0558 3036 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:12:51.0653 3036 pla - ok
17:12:51.0701 3036 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:12:51.0747 3036 PlugPlay - ok
17:12:51.0777 3036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:12:51.0823 3036 PNRPAutoReg - ok
17:12:51.0856 3036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:12:51.0875 3036 PNRPsvc - ok
17:12:51.0913 3036 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:12:51.0973 3036 PolicyAgent - ok
17:12:52.0004 3036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:12:52.0061 3036 Power - ok
17:12:52.0105 3036 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:12:52.0154 3036 PptpMiniport - ok
17:12:52.0194 3036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:12:52.0252 3036 Processor - ok
17:12:52.0298 3036 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
17:12:52.0341 3036 ProfSvc - ok
17:12:52.0354 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:12:52.0370 3036 ProtectedStorage - ok
17:12:52.0396 3036 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:12:52.0438 3036 Psched - ok
17:12:52.0468 3036 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:12:52.0482 3036 PSI_SVC_2 - ok
17:12:52.0527 3036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:12:52.0607 3036 ql2300 - ok
17:12:52.0643 3036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:12:52.0661 3036 ql40xx - ok
17:12:52.0690 3036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:12:52.0725 3036 QWAVE - ok
17:12:52.0745 3036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:12:52.0785 3036 QWAVEdrv - ok
17:12:52.0806 3036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:12:52.0845 3036 RasAcd - ok
17:12:52.0885 3036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:12:52.0939 3036 RasAgileVpn - ok
17:12:52.0973 3036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:12:53.0051 3036 RasAuto - ok
17:12:53.0093 3036 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:12:53.0141 3036 Rasl2tp - ok
17:12:53.0200 3036 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:12:53.0312 3036 RasMan - ok
17:12:53.0344 3036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:12:53.0399 3036 RasPppoe - ok
17:12:53.0426 3036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:12:53.0481 3036 RasSstp - ok
17:12:53.0509 3036 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:12:53.0561 3036 rdbss - ok
17:12:53.0572 3036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:12:53.0592 3036 rdpbus - ok
17:12:53.0623 3036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:12:53.0662 3036 RDPCDD - ok
17:12:53.0686 3036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:12:53.0734 3036 RDPENCDD - ok
17:12:53.0760 3036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:12:53.0801 3036 RDPREFMP - ok
17:12:53.0840 3036 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:12:53.0868 3036 RDPWD - ok
17:12:53.0890 3036 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:12:53.0908 3036 rdyboost - ok
17:12:53.0942 3036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:12:53.0992 3036 RemoteAccess - ok
17:12:54.0009 3036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:12:54.0065 3036 RemoteRegistry - ok
17:12:54.0086 3036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:12:54.0141 3036 RpcEptMapper - ok
17:12:54.0182 3036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:12:54.0230 3036 RpcLocator - ok
17:12:54.0257 3036 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:12:54.0303 3036 RpcSs - ok
17:12:54.0351 3036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:12:54.0405 3036 rspndr - ok
17:12:54.0459 3036 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:12:54.0493 3036 RSUSBSTOR - ok
17:12:54.0553 3036 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
17:12:54.0580 3036 RS_Service - ok
17:12:54.0600 3036 RtsUIR - ok
17:12:54.0620 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
17:12:54.0640 3036 SamSs - ok
17:12:54.0662 3036 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:12:54.0678 3036 sbp2port - ok
17:12:54.0706 3036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:12:54.0766 3036 SCardSvr - ok
17:12:54.0807 3036 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:12:54.0863 3036 scfilter - ok
17:12:54.0911 3036 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
17:12:54.0980 3036 Schedule - ok
17:12:55.0010 3036 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:12:55.0050 3036 SCPolicySvc - ok
17:12:55.0088 3036 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:12:55.0116 3036 SDRSVC - ok
17:12:55.0162 3036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:12:55.0226 3036 secdrv - ok
17:12:55.0252 3036 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:12:55.0307 3036 seclogon - ok
17:12:55.0321 3036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:12:55.0375 3036 SENS - ok
17:12:55.0393 3036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:12:55.0421 3036 SensrSvc - ok
17:12:55.0439 3036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:12:55.0456 3036 Serenum - ok
17:12:55.0534 3036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:12:55.0580 3036 Serial - ok
17:12:55.0622 3036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:12:55.0639 3036 sermouse - ok
17:12:55.0676 3036 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:12:55.0717 3036 SessionEnv - ok
17:12:55.0752 3036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:12:55.0782 3036 sffdisk - ok
17:12:55.0787 3036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:12:55.0814 3036 sffp_mmc - ok
17:12:55.0820 3036 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:12:55.0855 3036 sffp_sd - ok
17:12:55.0860 3036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:12:55.0895 3036 sfloppy - ok
17:12:55.0940 3036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:12:56.0001 3036 SharedAccess - ok
17:12:56.0062 3036 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:12:56.0119 3036 ShellHWDetection - ok
17:12:56.0153 3036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:12:56.0180 3036 SiSRaid2 - ok
17:12:56.0195 3036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:12:56.0212 3036 SiSRaid4 - ok
17:12:56.0289 3036 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:12:56.0314 3036 SkypeUpdate - ok
17:12:56.0349 3036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:12:56.0414 3036 Smb - ok
17:12:56.0463 3036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:12:56.0493 3036 SNMPTRAP - ok
17:12:56.0514 3036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:12:56.0530 3036 spldr - ok
17:12:56.0568 3036 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
17:12:56.0594 3036 Spooler - ok
17:12:56.0677 3036 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:12:56.0809 3036 sppsvc - ok
17:12:56.0824 3036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:12:56.0875 3036 sppuinotify - ok
17:12:56.0918 3036 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:12:56.0935 3036 SQLBrowser - ok
17:12:56.0974 3036 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:12:56.0998 3036 SQLWriter - ok
17:12:57.0037 3036 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:12:57.0068 3036 srv - ok
17:12:57.0094 3036 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:12:57.0128 3036 srv2 - ok
17:12:57.0166 3036 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:12:57.0183 3036 srvnet - ok
17:12:57.0223 3036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:12:57.0278 3036 SSDPSRV - ok
17:12:57.0299 3036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:12:57.0352 3036 SstpSvc - ok
17:12:57.0413 3036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:12:57.0439 3036 stexstor - ok
17:12:57.0468 3036 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:12:57.0497 3036 stisvc - ok
17:12:57.0515 3036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:12:57.0530 3036 swenum - ok
17:12:57.0555 3036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:12:57.0614 3036 swprv - ok
17:12:57.0653 3036 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:12:57.0671 3036 SynTP - ok
17:12:57.0732 3036 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:12:57.0834 3036 SysMain - ok
17:12:57.0847 3036 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:12:57.0888 3036 TabletInputService - ok
17:12:57.0914 3036 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
17:12:57.0927 3036 taphss - ok
17:12:57.0949 3036 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:12:57.0993 3036 TapiSrv - ok
17:12:58.0004 3036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:12:58.0067 3036 TBS - ok
17:12:58.0147 3036 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:12:58.0246 3036 Tcpip - ok
17:12:58.0297 3036 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:12:58.0338 3036 TCPIP6 - ok
17:12:58.0374 3036 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:12:58.0414 3036 tcpipreg - ok
17:12:58.0429 3036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:12:58.0463 3036 TDPIPE - ok
17:12:58.0495 3036 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:12:58.0522 3036 TDTCP - ok
17:12:58.0555 3036 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:12:58.0612 3036 tdx - ok
17:12:58.0633 3036 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:12:58.0649 3036 TermDD - ok
17:12:58.0696 3036 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:12:58.0763 3036 TermService - ok
17:12:58.0786 3036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:12:58.0824 3036 Themes - ok
17:12:58.0863 3036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:12:58.0913 3036 THREADORDER - ok
17:12:58.0968 3036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:12:59.0060 3036 TrkWks - ok
17:12:59.0114 3036 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:12:59.0160 3036 TrustedInstaller - ok
17:12:59.0184 3036 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:12:59.0235 3036 tssecsrv - ok
17:12:59.0276 3036 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:12:59.0330 3036 tunnel - ok
17:12:59.0363 3036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:12:59.0379 3036 uagp35 - ok
17:12:59.0395 3036 [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
17:12:59.0406 3036 UBHelper - ok
17:12:59.0434 3036 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:12:59.0486 3036 udfs - ok
17:12:59.0538 3036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:12:59.0558 3036 UI0Detect - ok
17:12:59.0581 3036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:12:59.0597 3036 uliagpkx - ok
17:12:59.0612 3036 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:12:59.0640 3036 umbus - ok
17:12:59.0689 3036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:12:59.0719 3036 UmPass - ok
17:12:59.0798 3036 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:12:59.0823 3036 Updater Service - ok
17:12:59.0853 3036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:12:59.0898 3036 upnphost - ok
17:12:59.0953 3036 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:13:00.0015 3036 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
17:13:00.0015 3036 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
17:13:00.0045 3036 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:13:00.0087 3036 usbccgp - ok
17:13:00.0100 3036 USBCCID - ok
17:13:00.0145 3036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:13:00.0186 3036 usbcir - ok
17:13:00.0216 3036 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:13:00.0240 3036 usbehci - ok
17:13:00.0273 3036 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:13:00.0309 3036 usbhub - ok
17:13:00.0329 3036 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:13:00.0346 3036 usbohci - ok
17:13:00.0383 3036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:13:00.0408 3036 usbprint - ok
17:13:00.0441 3036 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:13:00.0462 3036 usbscan - ok
17:13:00.0495 3036 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:13:00.0531 3036 USBSTOR - ok
17:13:00.0555 3036 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:13:00.0588 3036 usbuhci - ok
17:13:00.0623 3036 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:13:00.0649 3036 usbvideo - ok
17:13:00.0675 3036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:13:00.0716 3036 UxSms - ok
17:13:00.0743 3036 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
17:13:00.0759 3036 VaultSvc - ok
17:13:00.0800 3036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:13:00.0815 3036 vdrvroot - ok
17:13:00.0855 3036 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:13:00.0896 3036 vds - ok
17:13:00.0913 3036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:13:00.0941 3036 vga - ok
17:13:00.0957 3036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:13:01.0012 3036 VgaSave - ok
17:13:01.0034 3036 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:13:01.0052 3036 vhdmp - ok
17:13:01.0070 3036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:13:01.0085 3036 viaide - ok
17:13:01.0105 3036 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:13:01.0131 3036 volmgr - ok
17:13:01.0158 3036 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:13:01.0180 3036 volmgrx - ok
17:13:01.0193 3036 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:13:01.0213 3036 volsnap - ok
17:13:01.0274 3036 [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:13:01.0302 3036 vpnagent - ok
17:13:01.0322 3036 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
17:13:01.0335 3036 vpnva - ok
17:13:01.0367 3036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:13:01.0385 3036 vsmraid - ok
17:13:01.0441 3036 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:13:01.0515 3036 VSS - ok
17:13:01.0578 3036 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
17:13:01.0620 3036 vToolbarUpdater12.2.6 - ok
17:13:01.0631 3036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:13:01.0663 3036 vwifibus - ok
17:13:01.0696 3036 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:13:01.0718 3036 vwififlt - ok
17:13:01.0747 3036 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:13:01.0780 3036 vwifimp - ok
17:13:01.0813 3036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:13:01.0859 3036 W32Time - ok
17:13:01.0881 3036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:13:01.0909 3036 WacomPen - ok
17:13:01.0950 3036 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:13:02.0007 3036 WANARP - ok
17:13:02.0034 3036 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:13:02.0076 3036 Wanarpv6 - ok
17:13:02.0141 3036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:13:02.0227 3036 WatAdminSvc - ok
17:13:02.0283 3036 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:13:02.0373 3036 wbengine - ok
17:13:02.0402 3036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:13:02.0426 3036 WbioSrvc - ok
17:13:02.0464 3036 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:13:02.0517 3036 wcncsvc - ok
17:13:02.0558 3036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:13:02.0575 3036 WcsPlugInService - ok
17:13:02.0611 3036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:13:02.0637 3036 Wd - ok
17:13:02.0662 3036 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:13:02.0689 3036 Wdf01000 - ok
17:13:02.0701 3036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:13:02.0737 3036 WdiServiceHost - ok
17:13:02.0742 3036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:13:02.0766 3036 WdiSystemHost - ok
17:13:02.0801 3036 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
17:13:02.0838 3036 WebClient - ok
17:13:02.0856 3036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:13:02.0900 3036 Wecsvc - ok
17:13:02.0916 3036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:13:02.0972 3036 wercplsupport - ok
17:13:03.0003 3036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:13:03.0044 3036 WerSvc - ok
17:13:03.0087 3036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:13:03.0125 3036 WfpLwf - ok
17:13:03.0137 3036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:13:03.0152 3036 WIMMount - ok
17:13:03.0179 3036 WinDefend - ok
17:13:03.0185 3036 WinHttpAutoProxySvc - ok
17:13:03.0260 3036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:13:03.0312 3036 Winmgmt - ok
17:13:03.0384 3036 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:13:03.0508 3036 WinRM - ok
17:13:03.0577 3036 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:13:03.0611 3036 WinUsb - ok
17:13:03.0648 3036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:13:03.0696 3036 Wlansvc - ok
17:13:03.0737 3036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:13:03.0767 3036 WmiAcpi - ok
17:13:03.0799 3036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:13:03.0832 3036 wmiApSrv - ok
17:13:03.0851 3036 WMPNetworkSvc - ok
17:13:03.0896 3036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:13:03.0926 3036 WPCSvc - ok
17:13:03.0936 3036 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:13:03.0986 3036 WPDBusEnum - ok
17:13:04.0014 3036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:13:04.0053 3036 ws2ifsl - ok
17:13:04.0089 3036 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
17:13:04.0115 3036 wscsvc - ok
17:13:04.0120 3036 WSearch - ok
17:13:04.0221 3036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:13:04.0338 3036 wuauserv - ok
17:13:04.0378 3036 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:13:04.0452 3036 WudfPf - ok
17:13:04.0490 3036 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:13:04.0530 3036 WUDFRd - ok
17:13:04.0564 3036 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:13:04.0615 3036 wudfsvc - ok
17:13:04.0633 3036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:13:04.0670 3036 WwanSvc - ok
17:13:04.0728 3036 ================ Scan global ===============================
17:13:04.0756 3036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:13:04.0792 3036 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:13:04.0803 3036 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:13:04.0829 3036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:13:04.0861 3036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:13:04.0866 3036 [Global] - ok
17:13:04.0867 3036 ================ Scan MBR ==================================
17:13:04.0892 3036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:13:05.0368 3036 \Device\Harddisk0\DR0 - ok
17:13:05.0369 3036 ================ Scan VBR ==================================
17:13:05.0406 3036 [ D1EA62D182F6EE5329547800F1D1EDAF ] \Device\Harddisk0\DR0\Partition1
17:13:05.0409 3036 \Device\Harddisk0\DR0\Partition1 - ok
17:13:05.0420 3036 [ 68438FE717ED8B15BAA5F508104F61B4 ] \Device\Harddisk0\DR0\Partition2
17:13:05.0422 3036 \Device\Harddisk0\DR0\Partition2 - ok
17:13:05.0423 3036 ============================================================
17:13:05.0423 3036 Scan finished
17:13:05.0423 3036 ============================================================
17:13:05.0472 4196 Detected object count: 1
17:13:05.0472 4196 Actual detected object count: 1
17:13:27.0411 4196 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:27.0411 4196 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.21.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
***:: ***-PC [Administrator]

Schutz: Aktiviert

21.09.2012 17:16:16
mbam-log-2012-09-21 (17-16-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410926
Laufzeit: 1 Stunde(n), 17 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 22.09.2012, 20:39   #6
Chris4You
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



Hi,

das sieht alles sehr gut aus, nur ein nicht signierter Treiber von Apple..

Wie verhält sich der Rechner?

chris
__________________
--> AVG Fund: Backdoor Trojaner 27 Funde

Alt 23.09.2012, 01:05   #7
MeEvy
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



Alles gut momentan, keine Probleme oder Programmabstürze..
Wars das dann schon?

Danke auf jeden Fall bis hierhin

Alt 24.09.2012, 07:22   #8
Chris4You
 
AVG Fund:  Backdoor Trojaner 27 Funde - Standard

AVG Fund: Backdoor Trojaner 27 Funde



Hi,

Aufräumen:
Backups von OTL, Avenger&Co (falls vorhanden) löschen:
Falls der Rechner einwandfrei läuft, können die Backups der
Bereinigungstools gelöscht werden (soweit vorhanden):
  • OLT und das Verzeichnis C:\_OTL löschen...
  • C:\Qoobox - loeschen und Papierkorb leeren (ComboFix Backups)
(Das Log der Killbox findest Du unter C:\!KillBox\Logs\kb.log)

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu AVG Fund: Backdoor Trojaner 27 Funde
application/pdf:, avg secure search, avg security toolbar, backdoor, bho, bonjour, cid, document, error, excel, failed, firefox, flash player, home, infizierte dateien, install.exe, launch, logfile, microsoft office 2003, office 2007, programm, realtek, registry, secure search, security, senden, server, siteadvisor, svchost.exe, symantec, tracker, trojaner, updates, usb 2.0, visual studio, vtoolbarupdater, windows, zugriff verweigert



Ähnliche Themen: AVG Fund: Backdoor Trojaner 27 Funde


  1. Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (17)
  2. Windows 7: AVAST 3 Funde, Malwarebytes 8 Funde
    Log-Analyse und Auswertung - 16.12.2014 (13)
  3. Windows 7: 30 Funde mbam, 2 Funde avira
    Log-Analyse und Auswertung - 30.08.2014 (12)
  4. Win7: Avira Fund: Java/Dldr.Obfshlp.JC, Malwarbytes Funde: Hijack.SearchPage in Quarantäne - 35 Funde insgesamt
    Log-Analyse und Auswertung - 06.10.2013 (5)
  5. Windows 7: Avira hat 172 Viren gefunden, davor mehrer Funde einzel Funde bei Malwarebytes bzw. Avira
    Log-Analyse und Auswertung - 15.09.2013 (13)
  6. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  7. Verschiedene Trojaner-Funde
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (21)
  8. GVU Trojaner - Funde geloescht - was nun?
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (9)
  9. GUV Virus weiterhin auf dem Rechner? Malewarebytes = keine Funde/ Antivir = 2 Funde
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  10. Malwarebytes Fund Backdoor.Agent / Avira mehrere Funde
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (3)
  11. Immer wieder Funde: BDS/Maxplus.B [backdoor] in C:\Users\***\AppData\Local\94ad51d2\U\800000cf.@
    Log-Analyse und Auswertung - 18.04.2012 (13)
  12. Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (23)
  13. dnschanger, fakealert, kein Fund mit G data, Fund mit antimalwarebytes
    Log-Analyse und Auswertung - 07.06.2010 (11)
  14. 1. AntiVIR - 1 Fund TR/Spy.Gen 2. Malwarebytes - 51 Funde
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (1)
  15. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
  16. Mehrere Trojaner Funde
    Log-Analyse und Auswertung - 13.09.2009 (3)
  17. Trojaner-Funde von Endpoint-Protection
    Antiviren-, Firewall- und andere Schutzprogramme - 25.03.2009 (6)

Zum Thema AVG Fund: Backdoor Trojaner 27 Funde - Hallo, mein AVG Antivirenprogramm ist vorgestern aufgegangen mit der Meldung dass einem Backdoor-Trojaner der Zugriff verweigert wurde. (Zu diesem Zeitpunkt hatte ich nur Facebook und Excel offen). Wie gewohnt habe - AVG Fund: Backdoor Trojaner 27 Funde...
Archiv
Du betrachtest: AVG Fund: Backdoor Trojaner 27 Funde auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.