Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner gefunden, was tun ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.12.2012, 17:15   #1
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Hallo ihr,
bevor ich versuche mein Problem zu erklären gebe ich kurz ein paar wichtigen Details meines Laptops an:
Es handelt sich hier um einen Acer ASPIRE V3-771G auf dem Windows 7 installiert ist.

Ich habe vor ein paar Tagen gemerkt, dass mein Laptop ziemlich langsam läuft, obwohl dieser erst 2 Monate alt ist. Deshalb habe ich verschieden Virenscanner und andere Programme durchlaufen lassen AVG, Malwarebytes Anti-malware , hier aber nur den schnellen Scan, und zum Schluss den ESET Online Scanner. Dieser hat nun angezeigt, dass ich 3 Bedrohungen habe.
Im Folgenden steht die Logfile, die das Programm ausgespuckt hat :


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=05eab44c0c3874488a3ac7076d3f9081
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-09 03:56:49
# local_time=2012-12-09 04:56:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 5014207 106698459 0 0
# scanned=263620
# found=3
# cleaned=0
# scan_time=11946
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\6ae855ed-1777cec0	Java/Exploit.CVE-2012-5076.A trojan (unable to clean)	0600091082F9C32B2A9CF07BC5C795935D1D740C	I
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\576f1132-78cd4000	a variant of Java/Exploit.CVE-2012-4681.CD trojan (unable to clean)	444A5CD89721B974B1ECCE4126C4A06382F974C9	I
C:\Users\Lukas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\55245947-2c179294	a variant of Java/Exploit.CVE-2012-5076.Q trojan (unable to clean)	E33CEBF62F11ACEC27091ACE5EEBBAFB919F4BB1	I
         
Ich hoffe mir kann einer dabei helfen, diese Trojaner zu entfernen :-)
Bedanke mich schon mal im vorraus für eure Hilfe !
MfG Lukas

Alt 10.12.2012, 16:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Hallo und

Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 10.12.2012, 18:20   #3
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Nur das hier noch:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lukas :: JUGL_PC [Administrator]

09.12.2012 13:25:44
mbam-log-2012-12-09 (13-25-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228917
Laufzeit: 5 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 10.12.2012, 20:00   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.12.2012, 23:09   #5
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Okay hier ist der Logfile :

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.12.2012 22:55:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,84 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 74,61% Memory free
15,68 Gb Paging File | 13,53 Gb Available in Paging File | 86,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915,91 Gb Total Space | 459,73 Gb Free Space | 50,19% Space Free | Partition Type: NTFS
 
Computer Name: JUGL_PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.10 22:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Downloads\OTL.exe
PRC - [2012.11.08 18:35:29 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.11.08 18:35:29 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Lukas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 00:35:00 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.07 04:29:22 | 000,022,120 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012.04.07 04:29:20 | 000,040,552 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012.03.23 10:33:46 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012.03.23 10:33:44 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012.03.23 10:33:44 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012.03.23 10:33:42 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012.02.29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012.02.26 20:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.19 18:41:40 | 000,072,864 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
PRC - [2012.02.07 01:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2012.01.31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012.01.05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012.01.05 22:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.12.16 05:38:48 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.12.16 05:38:46 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.12.16 05:38:24 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.11.30 04:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 17:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011.05.12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.19 14:49:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.19 14:49:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.19 14:49:18 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.19 14:49:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.11.08 18:35:29 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.11.08 18:35:29 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012.11.08 18:35:29 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.04.07 04:29:22 | 000,022,120 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012.04.07 04:29:20 | 000,040,552 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012.01.05 22:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.08 18:35:29 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.11.07 16:59:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.28 23:05:29 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.24 19:45:07 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.08 10:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 00:35:00 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.26 13:20:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.03.23 10:33:44 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012.03.08 16:49:30 | 000,107,648 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.02.29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012.02.19 18:41:40 | 000,072,864 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012.02.19 13:18:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.10 01:41:36 | 000,111,776 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe -- (DCDhcpService)
SRV - [2012.02.07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2012.02.07 01:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2012.01.31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012.01.31 09:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV - [2012.01.20 15:15:14 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2012.01.05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.12.16 05:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.12.16 05:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.16 05:38:24 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011.12.08 15:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.11.30 04:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.08.31 14:11:40 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.06.21 20:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.06.07 11:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.03.29 05:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.08 18:35:29 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.08 10:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.04.20 11:54:53 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012.04.20 11:54:53 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012.04.20 11:54:53 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012.03.08 17:00:36 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.03.08 16:59:42 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.03.08 16:59:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.03.08 16:58:54 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.03.08 16:58:36 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.03.08 16:58:18 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.03.08 16:58:00 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.03.08 16:57:42 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.15 00:41:34 | 003,538,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.02.14 03:47:36 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.02.07 07:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012.02.07 07:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2012.01.20 15:14:34 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2011.12.05 20:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.09 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.14 06:49:22 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.09.21 11:08:10 | 000,376,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.09.02 04:46:28 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6F5245B1-0DBA-4250-811B-9058C5344750}&mid=9013d0973c6f47d097d59d3bffc9654d-b4a7374ba1597b2ce9463e7bf2da76eeb03a14c2&lang=de&ds=AVG&pr=fr&d=2012-09-29 18:50:52&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.8949
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.08 18:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.29 18:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 03:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.08 03:54:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 03:54:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.08 03:54:23 | 000,000,000 | ---D | M]
 
[2012.09.29 18:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.11.13 16:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1ktdi551.default\extensions
[2012.11.13 16:52:29 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1ktdi551.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012.11.13 16:52:34 | 000,002,533 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1ktdi551.default\searchplugins\aol-search.xml
[2012.12.08 03:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.29 18:54:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.08 03:54:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.08 18:35:30 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2940378791-2078065668-643256562-1001..\Run: [Akamai NetSession Interface] C:\Users\Lukas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2940378791-2078065668-643256562-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FB7768-163D-429E-9E8A-848F4EDF25BC}: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BEE3226-8D71-4E30-B024-7E821FADD76F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.28 11:12:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
MsConfig:64bit - StartUpFolder: C:^Users^Lukas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: ADSK DLMSession - hkey= - key= - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {386EBEA4-3F9A-C422-43CF-206CCA42BF62} - Internet Explorer
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {54E233DD-87C4-1A52-B91E-4BBC49F8004A} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {817CFE77-11E5-12CA-3B06-F7642C7E0701} - Microsoft Windows Media Player
ActiveX:64bit: {864770A7-EC55-5625-5912-7727B401BD83} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {AE5A1B39-9D44-FFF9-5D40-D4C18EBA09F3} - Offline Browsing Pack
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FDE01D8D-66C7-B6AB-4F0C-FF3FC6D8198E} - Browser Customizations
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 20:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.12.09 13:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.09 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2012.12.09 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.09 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.09 13:23:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.09 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.08 03:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.02 14:21:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Activision
[2012.12.01 15:30:42 | 000,226,304 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysWow64\binkw32.dll
[2012.11.28 18:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.11.28 12:02:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Autodesk,_Inc
[2012.11.28 12:01:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Granta Design
[2012.11.28 11:49:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Inventor
[2012.11.28 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Autodesk
[2012.11.28 11:40:31 | 000,000,000 | ---D | C] -- C:\Temp
[2012.11.28 11:40:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2012.11.28 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DWG TrueView 2013
[2012.11.28 11:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012.11.28 11:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012.11.28 10:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012.11.26 16:27:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Cyberlink
[2012.11.22 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\World in Conflict
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.10 22:54:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 22:54:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 22:47:10 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.12.10 22:47:08 | 2020,360,191 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 18:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.10 16:48:44 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.10 16:48:44 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.10 16:48:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.10 16:48:44 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.10 16:48:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.09 20:20:58 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.09 15:49:21 | 000,007,613 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2012.12.09 13:23:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.08 03:46:31 | 000,003,480 | ---- | M] () -- C:\bootsqm.dat
[2012.12.08 00:45:45 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.08 00:45:45 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.01 15:30:45 | 000,226,304 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysWow64\binkw32.dll
[2012.11.28 16:57:27 | 000,415,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.28 11:57:51 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Vault Basic 2013.lnk
[2012.11.28 11:54:46 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2012.11.28 11:47:09 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk
[2012.11.28 11:39:44 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\DWG TrueView 2013.lnk
[2012.11.28 11:35:58 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2012.11.26 16:26:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.13 21:51:51 | 000,014,200 | ---- | M] () -- C:\Users\Lukas\Documents\Ihre Retourenmarke.pdf
 
========== Files Created - No Company Name ==========
 
[2012.12.09 13:23:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.09 13:20:01 | 000,007,613 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2012.12.08 03:46:31 | 000,003,480 | ---- | C] () -- C:\bootsqm.dat
[2012.12.07 22:47:25 | 000,215,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.11.28 11:57:51 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Vault Basic 2013.lnk
[2012.11.28 11:54:46 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2012.11.28 11:47:09 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk
[2012.11.28 11:39:44 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\DWG TrueView 2013.lnk
[2012.11.28 11:35:58 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2012.11.26 16:26:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.18 22:29:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.18 22:22:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 21:51:51 | 000,014,200 | ---- | C] () -- C:\Users\Lukas\Documents\Ihre Retourenmarke.pdf
[2012.11.02 14:00:31 | 000,215,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.24 19:45:32 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.24 19:34:18 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.04 18:20:23 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2012.10.02 00:35:00 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.20 11:40:15 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.04.20 11:40:03 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.04.20 11:40:01 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 11:40:01 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.13 12:04:21 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012.10.13 12:04:21 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.11.30 16:14:28 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Autodesk
[2012.09.29 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\AVG2013
[2012.12.09 12:49:05 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Dropbox
[2012.10.01 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mount&Blade Warband
[2012.09.29 18:49:48 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenCandy
[2012.09.29 22:59:37 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org
[2012.10.10 18:01:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\pdfforge
[2012.09.29 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Screensaver
[2012.09.29 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TuneUp Software
[2012.11.09 14:06:40 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Ubisoft
[2012.09.30 13:16:07 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.29 17:49:05 | 000,000,000 | -H-D | M] -- C:\$AVG
[2012.09.29 17:10:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.28 11:12:31 | 000,000,000 | ---D | M] -- C:\Autodesk
[2012.06.26 12:54:04 | 000,000,000 | -H-D | M] -- C:\book
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.09.29 17:08:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.26 13:29:48 | 000,000,000 | ---D | M] -- C:\Dolby PCEE4
[2012.06.26 12:50:02 | 000,000,000 | -H-D | M] -- C:\Intel
[2012.11.28 17:06:04 | 000,000,000 | R--D | M] -- C:\Lukas Dateien
[2012.09.29 17:10:13 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.24 19:43:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.09 13:32:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.09 13:23:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.09.29 17:08:29 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.09.29 17:08:29 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.10 22:57:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.28 11:40:31 | 000,000,000 | ---D | M] -- C:\Temp
[2012.09.29 17:08:33 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.09 21:14:42 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.29 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Adobe
[2012.09.29 17:10:44 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Atheros
[2012.11.30 16:14:28 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Autodesk
[2012.09.29 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\AVG2013
[2012.09.29 21:03:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DivX
[2012.12.09 12:49:05 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Dropbox
[2012.09.29 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Identities
[2012.04.20 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Macromedia
[2012.12.09 13:24:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2010.11.21 08:16:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Media Center Programs
[2012.11.28 11:37:16 | 000,000,000 | --SD | M] -- C:\Users\Lukas\AppData\Roaming\Microsoft
[2012.10.01 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mount&Blade Warband
[2012.09.29 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mozilla
[2012.10.04 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\NVIDIA
[2012.09.29 18:49:48 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenCandy
[2012.09.29 22:59:37 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org
[2012.10.10 18:01:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\pdfforge
[2012.09.29 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Screensaver
[2012.09.29 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TuneUp Software
[2012.11.09 14:06:40 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Ubisoft
[2012.12.08 04:18:51 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\vlc
[2012.09.30 13:16:07 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\WildTangent
[2012.12.08 03:55:09 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2012.10.18 23:33:50 | 026,643,352 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lukas\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.10.18 23:34:02 | 000,181,800 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.10.18 23:33:52 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.04.20 12:05:09 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Lukas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.11.28 11:37:16 | 000,010,134 | R--- | M] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.07.30 21:11:12 | 000,933,256 | ---- | M] (DivX, LLC) -- C:\Users\Lukas\AppData\Roaming\OpenCandy\7B2748EF6FB44D278209D3C3073F7551\DivXInstaller.exe
[2012.09.30 13:16:18 | 001,007,648 | ---- | M] (WildTangent) -- C:\Users\Lukas\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
[2012.09.30 13:16:08 | 000,000,179 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


[/code]



P.S. Ich bedanke mich schonmal für die schnellen Antworten und deine Unterstützung :-)


Alt 11.12.2012, 10:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Trojaner gefunden, was tun ?

Alt 11.12.2012, 15:24   #7
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



aswMBR Logfile :

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-11 15:06:07
-----------------------------
15:06:07.051    OS Version: Windows x64 6.1.7601 Service Pack 1
15:06:07.051    Number of processors: 8 586 0x3A09
15:06:07.051    ComputerName: JUGL_PC  UserName: Lukas
15:06:09.438    Initialize success
15:06:35.476    AVAST engine defs: 12121101
15:08:21.743    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:08:21.759    Disk 0 Vendor: TOSHIBA_ GU00 Size: 953869MB BusType: 3
15:08:21.775    Disk 0 MBR read successfully
15:08:21.775    Disk 0 MBR scan
15:08:21.775    Disk 0 Windows 7 default MBR code
15:08:21.790    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15872 MB offset 2048
15:08:21.821    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 32507904
15:08:21.837    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       937895 MB offset 32712704
15:08:21.853    Disk 0 scanning C:\Windows\system32\drivers
15:08:28.186    Service scanning
15:09:23.816    Modules scanning
15:09:23.816    Disk 0 trace - called modules:
15:09:23.878    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:09:23.878    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008272790]
15:09:23.894    3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007dfa050]
15:09:25.860    AVAST engine scan C:\Windows
15:09:28.746    AVAST engine scan C:\Windows\system32
15:11:47.274    AVAST engine scan C:\Windows\system32\drivers
15:11:58.365    AVAST engine scan C:\Users\Lukas
15:13:16.756    AVAST engine scan C:\ProgramData
15:14:09.187    Scan finished successfully
15:15:09.154    Disk 0 MBR has been saved successfully to "C:\Users\Lukas\Downloads\MBR.dat"
15:15:09.154    The log file has been saved successfully to "C:\Users\Lukas\Downloads\aswMBR.txt"
         
und noch der TDSS-Killer Logfile :

Code:
ATTFilter
15:18:57.0452 3612  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:18:57.0577 3612  ============================================================
15:18:57.0577 3612  Current date / time: 2012/12/11 15:18:57.0577
15:18:57.0577 3612  SystemInfo:
15:18:57.0577 3612  
15:18:57.0577 3612  OS Version: 6.1.7601 ServicePack: 1.0
15:18:57.0577 3612  Product type: Workstation
15:18:57.0577 3612  ComputerName: JUGL_PC
15:18:57.0577 3612  UserName: Lukas
15:18:57.0577 3612  Windows directory: C:\Windows
15:18:57.0577 3612  System windows directory: C:\Windows
15:18:57.0577 3612  Running under WOW64
15:18:57.0577 3612  Processor architecture: Intel x64
15:18:57.0577 3612  Number of processors: 8
15:18:57.0577 3612  Page size: 0x1000
15:18:57.0577 3612  Boot type: Normal boot
15:18:57.0577 3612  ============================================================
15:18:57.0998 3612  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:18:57.0998 3612  ============================================================
15:18:57.0998 3612  \Device\Harddisk0\DR0:
15:18:57.0998 3612  MBR partitions:
15:18:57.0998 3612  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F00800, BlocksNum 0x32000
15:18:57.0998 3612  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F32800, BlocksNum 0x727D3800
15:18:57.0998 3612  ============================================================
15:18:58.0014 3612  C: <-> \Device\Harddisk0\DR0\Partition2
15:18:58.0014 3612  ============================================================
15:18:58.0014 3612  Initialize success
15:18:58.0014 3612  ============================================================
15:19:31.0835 5536  ============================================================
15:19:31.0835 5536  Scan started
15:19:31.0835 5536  Mode: Manual; SigCheck; TDLFS; 
15:19:31.0835 5536  ============================================================
15:19:32.0178 5536  ================ Scan system memory ========================
15:19:32.0178 5536  System memory - ok
15:19:32.0178 5536  ================ Scan services =============================
15:19:32.0661 5536  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:19:32.0771 5536  1394ohci - ok
15:19:32.0786 5536  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:19:32.0802 5536  ACPI - ok
15:19:32.0817 5536  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:19:32.0880 5536  AcpiPmi - ok
15:19:33.0005 5536  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:19:33.0020 5536  AdobeARMservice - ok
15:19:33.0317 5536  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:19:33.0348 5536  AdobeFlashPlayerUpdateSvc - ok
15:19:33.0395 5536  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:19:33.0426 5536  adp94xx - ok
15:19:33.0457 5536  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:19:33.0473 5536  adpahci - ok
15:19:33.0473 5536  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:19:33.0488 5536  adpu320 - ok
15:19:33.0519 5536  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:19:33.0644 5536  AeLookupSvc - ok
15:19:33.0691 5536  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:19:33.0738 5536  AFD - ok
15:19:33.0769 5536  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:19:33.0769 5536  agp440 - ok
15:19:33.0816 5536  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:19:33.0878 5536  ALG - ok
15:19:33.0909 5536  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:19:33.0925 5536  aliide - ok
15:19:33.0925 5536  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:19:33.0941 5536  amdide - ok
15:19:33.0956 5536  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:19:33.0987 5536  AmdK8 - ok
15:19:34.0003 5536  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:19:34.0019 5536  AmdPPM - ok
15:19:34.0034 5536  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:19:34.0034 5536  amdsata - ok
15:19:34.0050 5536  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:19:34.0065 5536  amdsbs - ok
15:19:34.0065 5536  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:19:34.0081 5536  amdxata - ok
15:19:34.0128 5536  [ FA766C7988FDD78F2B2D55AA7536FFB4 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
15:19:34.0159 5536  ApfiltrService - ok
15:19:34.0190 5536  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:19:34.0346 5536  AppID - ok
15:19:34.0377 5536  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:19:34.0440 5536  AppIDSvc - ok
15:19:34.0471 5536  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:19:34.0502 5536  Appinfo - ok
15:19:34.0549 5536  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:19:34.0549 5536  arc - ok
15:19:34.0565 5536  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:19:34.0565 5536  arcsas - ok
15:19:34.0845 5536  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:19:34.0861 5536  aspnet_state - ok
15:19:34.0908 5536  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:34.0955 5536  AsyncMac - ok
15:19:34.0970 5536  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:19:34.0986 5536  atapi - ok
15:19:35.0017 5536  [ 78B183A794A08978EA0A8D017054352B ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
15:19:35.0033 5536  AthBTPort - ok
15:19:35.0142 5536  [ 7E63E24E17B5233FA69E6613E84B5306 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:19:35.0157 5536  AtherosSvc - ok
15:19:35.0267 5536  [ 43E7A4298644526B0190C43AF6489DB1 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:19:35.0345 5536  athr - ok
15:19:35.0391 5536  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:19:35.0438 5536  AudioEndpointBuilder - ok
15:19:35.0454 5536  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:19:35.0469 5536  AudioSrv - ok
15:19:35.0610 5536  [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
15:19:35.0625 5536  Autodesk Content Service - ok
15:19:35.0937 5536  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:19:36.0000 5536  AVGIDSAgent - ok
15:19:36.0047 5536  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:19:36.0047 5536  AVGIDSDriver - ok
15:19:36.0109 5536  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
15:19:36.0109 5536  AVGIDSHA - ok
15:19:36.0156 5536  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
15:19:36.0171 5536  Avgldx64 - ok
15:19:36.0234 5536  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
15:19:36.0265 5536  Avgloga - ok
15:19:36.0296 5536  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
15:19:36.0312 5536  Avgmfx64 - ok
15:19:36.0327 5536  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
15:19:36.0343 5536  Avgrkx64 - ok
15:19:36.0374 5536  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
15:19:36.0374 5536  Avgtdia - ok
15:19:36.0405 5536  [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
15:19:36.0421 5536  avgtp - ok
15:19:36.0468 5536  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:19:36.0483 5536  avgwd - ok
15:19:36.0546 5536  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:19:36.0624 5536  AxInstSV - ok
15:19:36.0671 5536  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:19:36.0702 5536  b06bdrv - ok
15:19:36.0733 5536  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:36.0764 5536  b57nd60a - ok
15:19:36.0827 5536  [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:19:36.0842 5536  BBSvc - ok
15:19:36.0873 5536  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:19:36.0889 5536  BBUpdate - ok
15:19:36.0920 5536  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:19:36.0951 5536  BDESVC - ok
15:19:36.0983 5536  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:19:37.0029 5536  Beep - ok
15:19:37.0092 5536  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:19:37.0139 5536  BFE - ok
15:19:37.0185 5536  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:19:37.0248 5536  BITS - ok
15:19:37.0279 5536  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:19:37.0295 5536  blbdrive - ok
15:19:37.0310 5536  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:19:37.0341 5536  bowser - ok
15:19:37.0341 5536  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:19:37.0373 5536  BrFiltLo - ok
15:19:37.0388 5536  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:19:37.0388 5536  BrFiltUp - ok
15:19:37.0435 5536  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:19:37.0466 5536  Browser - ok
15:19:37.0497 5536  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:19:37.0560 5536  Brserid - ok
15:19:37.0575 5536  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:37.0591 5536  BrSerWdm - ok
15:19:37.0622 5536  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:37.0638 5536  BrUsbMdm - ok
15:19:37.0653 5536  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:37.0669 5536  BrUsbSer - ok
15:19:37.0716 5536  [ 3E352B570E9CD1047A596927896D6F7C ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
15:19:37.0747 5536  BTATH_A2DP - ok
15:19:37.0747 5536  [ AF715C0F2A656BDA9D4AF470224325C7 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
15:19:37.0763 5536  btath_avdt - ok
15:19:37.0794 5536  [ D438A33D568C76C24E8D7394981F42DC ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
15:19:37.0794 5536  BTATH_BUS - ok
15:19:37.0809 5536  [ 6EFA8C93009E0BE0886C2422C7D20BC5 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:19:37.0825 5536  BTATH_HCRP - ok
15:19:37.0841 5536  [ 168506D0F0C8DF588F8A7E25C58A2DE6 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:19:37.0856 5536  BTATH_LWFLT - ok
15:19:37.0887 5536  [ 7C8FB1D73BD279DD914CCA6ED0F4F62B ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
15:19:37.0903 5536  BTATH_RCP - ok
15:19:37.0934 5536  [ 4F6EA72C82C05C8C67643C9E0585108A ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
15:19:37.0950 5536  BtFilter - ok
15:19:37.0965 5536  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:19:38.0012 5536  BthEnum - ok
15:19:38.0043 5536  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:19:38.0075 5536  BTHMODEM - ok
15:19:38.0121 5536  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:19:38.0168 5536  BthPan - ok
15:19:38.0199 5536  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:19:38.0262 5536  BTHPORT - ok
15:19:38.0293 5536  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:19:38.0340 5536  bthserv - ok
15:19:38.0355 5536  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:19:38.0387 5536  BTHUSB - ok
15:19:38.0418 5536  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:19:38.0465 5536  cdfs - ok
15:19:38.0480 5536  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:19:38.0511 5536  cdrom - ok
15:19:38.0558 5536  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:19:38.0621 5536  CertPropSvc - ok
15:19:38.0652 5536  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:19:38.0683 5536  circlass - ok
15:19:38.0714 5536  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:19:38.0745 5536  CLFS - ok
15:19:38.0839 5536  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:38.0855 5536  clr_optimization_v2.0.50727_32 - ok
15:19:38.0964 5536  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:38.0979 5536  clr_optimization_v2.0.50727_64 - ok
15:19:39.0167 5536  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:19:39.0182 5536  clr_optimization_v4.0.30319_32 - ok
15:19:39.0198 5536  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:19:39.0213 5536  clr_optimization_v4.0.30319_64 - ok
15:19:39.0245 5536  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:19:39.0291 5536  CmBatt - ok
15:19:39.0307 5536  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:19:39.0323 5536  cmdide - ok
15:19:39.0354 5536  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:19:39.0385 5536  CNG - ok
15:19:39.0401 5536  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:19:39.0416 5536  Compbatt - ok
15:19:39.0432 5536  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:19:39.0463 5536  CompositeBus - ok
15:19:39.0479 5536  COMSysApp - ok
15:19:39.0681 5536  [ CEEF9EF16A91596F849421295ABBE86F ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:19:39.0713 5536  cphs - ok
15:19:39.0759 5536  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:19:39.0775 5536  crcdisk - ok
15:19:39.0822 5536  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:19:39.0884 5536  CryptSvc - ok
15:19:39.0978 5536  [ A61FE65EE4332ABE6B11679911DB23A3 ] DCDhcpService   C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe
15:19:39.0993 5536  DCDhcpService - ok
15:19:40.0040 5536  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:19:40.0118 5536  DcomLaunch - ok
15:19:40.0165 5536  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:19:40.0196 5536  defragsvc - ok
15:19:40.0227 5536  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:19:40.0274 5536  DfsC - ok
15:19:40.0305 5536  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:19:40.0337 5536  Dhcp - ok
15:19:40.0368 5536  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:19:40.0399 5536  discache - ok
15:19:40.0430 5536  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:19:40.0446 5536  Disk - ok
15:19:40.0461 5536  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:19:40.0493 5536  Dnscache - ok
15:19:40.0508 5536  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:19:40.0539 5536  dot3svc - ok
15:19:40.0555 5536  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:19:40.0586 5536  DPS - ok
15:19:40.0617 5536  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:19:40.0633 5536  drmkaud - ok
15:19:40.0742 5536  [ C02FF01B821FBB72104132E56EC5B881 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:19:40.0773 5536  DsiWMIService - ok
15:19:40.0805 5536  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:19:40.0836 5536  DXGKrnl - ok
15:19:40.0867 5536  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:19:40.0929 5536  EapHost - ok
15:19:41.0023 5536  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:19:41.0085 5536  ebdrv - ok
15:19:41.0117 5536  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:19:41.0148 5536  EFS - ok
15:19:41.0226 5536  [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:19:41.0241 5536  EgisTec Ticket Service - ok
15:19:41.0335 5536  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:19:41.0382 5536  ehRecvr - ok
15:19:41.0413 5536  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:19:41.0429 5536  ehSched - ok
15:19:41.0460 5536  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:19:41.0491 5536  elxstor - ok
15:19:41.0616 5536  [ 76B978AD795A7E71C48390B000F6023F ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:19:41.0647 5536  ePowerSvc - ok
15:19:41.0663 5536  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:19:41.0678 5536  ErrDev - ok
15:19:41.0709 5536  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:19:41.0756 5536  EventSystem - ok
15:19:41.0787 5536  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:19:41.0803 5536  exfat - ok
15:19:41.0819 5536  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:19:41.0850 5536  fastfat - ok
15:19:41.0881 5536  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:19:41.0928 5536  Fax - ok
15:19:41.0975 5536  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:19:41.0990 5536  fdc - ok
15:19:42.0021 5536  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:19:42.0037 5536  fdPHost - ok
15:19:42.0037 5536  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:19:42.0068 5536  FDResPub - ok
15:19:42.0084 5536  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:19:42.0099 5536  FileInfo - ok
15:19:42.0115 5536  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:19:42.0177 5536  Filetrace - ok
15:19:42.0224 5536  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:19:42.0240 5536  FLEXnet Licensing Service - ok
15:19:42.0318 5536  [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:19:42.0380 5536  FLEXnet Licensing Service 64 - ok
15:19:42.0411 5536  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:19:42.0411 5536  flpydisk - ok
15:19:42.0443 5536  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:19:42.0458 5536  FltMgr - ok
15:19:42.0505 5536  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:19:42.0552 5536  FontCache - ok
15:19:42.0599 5536  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:19:42.0614 5536  FontCache3.0.0.0 - ok
15:19:42.0630 5536  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:19:42.0645 5536  FsDepends - ok
15:19:42.0677 5536  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:19:42.0692 5536  Fs_Rec - ok
15:19:42.0723 5536  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:19:42.0739 5536  fvevol - ok
15:19:42.0770 5536  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:19:42.0786 5536  gagp30kx - ok
15:19:42.0864 5536  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:19:42.0895 5536  GamesAppService - ok
15:19:42.0957 5536  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:19:43.0004 5536  gpsvc - ok
15:19:43.0051 5536  [ 32096F187020A54D29C95B3A1467D963 ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:19:43.0067 5536  GREGService - ok
15:19:43.0098 5536  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:19:43.0145 5536  hcw85cir - ok
15:19:43.0160 5536  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:19:43.0207 5536  HdAudAddService - ok
15:19:43.0238 5536  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:19:43.0269 5536  HDAudBus - ok
15:19:43.0301 5536  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:19:43.0316 5536  HidBatt - ok
15:19:43.0332 5536  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:19:43.0347 5536  HidBth - ok
15:19:43.0363 5536  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:19:43.0379 5536  HidIr - ok
15:19:43.0394 5536  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:19:43.0441 5536  hidserv - ok
15:19:43.0472 5536  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:19:43.0472 5536  HidUsb - ok
15:19:43.0503 5536  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:19:43.0550 5536  hkmsvc - ok
15:19:43.0566 5536  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:19:43.0597 5536  HomeGroupListener - ok
15:19:43.0613 5536  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:19:43.0628 5536  HomeGroupProvider - ok
15:19:43.0659 5536  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:19:43.0675 5536  HpSAMD - ok
15:19:43.0706 5536  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:19:43.0753 5536  HTTP - ok
15:19:43.0753 5536  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:19:43.0769 5536  hwpolicy - ok
15:19:43.0769 5536  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:19:43.0784 5536  i8042prt - ok
15:19:43.0831 5536  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:19:43.0847 5536  iaStor - ok
15:19:43.0909 5536  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:19:43.0925 5536  IAStorDataMgrSvc - ok
15:19:43.0956 5536  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:19:43.0971 5536  iaStorV - ok
15:19:44.0081 5536  [ D3090576412EC63E0C6271D8B0974D73 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:19:44.0127 5536  IconMan_R - ok
15:19:44.0190 5536  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:19:44.0221 5536  idsvc - ok
15:19:44.0502 5536  [ 276EE9CDAB16C50E1DF0E4CEFA882F5F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:19:44.0876 5536  igfx - ok
15:19:44.0907 5536  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:19:44.0923 5536  iirsp - ok
15:19:44.0954 5536  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:19:45.0032 5536  IKEEXT - ok
15:19:45.0157 5536  [ E83BB47C3446F0497019DE7FD6C6A86F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:19:45.0219 5536  IntcAzAudAddService - ok
15:19:45.0266 5536  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:19:45.0313 5536  IntcDAud - ok
15:19:45.0407 5536  [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:19:45.0438 5536  Intel(R) Capability Licensing Service Interface - ok
15:19:45.0469 5536  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:19:45.0469 5536  intelide - ok
15:19:45.0500 5536  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:19:45.0531 5536  intelppm - ok
15:19:45.0563 5536  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:19:45.0609 5536  IPBusEnum - ok
15:19:45.0625 5536  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:19:45.0641 5536  IpFilterDriver - ok
15:19:45.0703 5536  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:19:45.0750 5536  iphlpsvc - ok
15:19:45.0750 5536  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:19:45.0765 5536  IPMIDRV - ok
15:19:45.0797 5536  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:19:45.0859 5536  IPNAT - ok
15:19:45.0875 5536  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:19:45.0890 5536  IRENUM - ok
15:19:45.0890 5536  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:19:45.0906 5536  isapnp - ok
15:19:45.0921 5536  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:19:45.0937 5536  iScsiPrt - ok
15:19:45.0968 5536  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:19:45.0984 5536  iusb3hcs - ok
15:19:46.0015 5536  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
15:19:46.0031 5536  iusb3hub - ok
15:19:46.0046 5536  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:19:46.0062 5536  iusb3xhc - ok
15:19:46.0124 5536  [ 12DADA7E8BE1AED392F049CD6258C351 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:19:46.0155 5536  jhi_service - ok
15:19:46.0187 5536  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:19:46.0202 5536  kbdclass - ok
15:19:46.0233 5536  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:19:46.0265 5536  kbdhid - ok
15:19:46.0280 5536  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:19:46.0296 5536  KeyIso - ok
15:19:46.0343 5536  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:19:46.0343 5536  KSecDD - ok
15:19:46.0374 5536  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:19:46.0389 5536  KSecPkg - ok
15:19:46.0421 5536  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:19:46.0467 5536  ksthunk - ok
15:19:46.0499 5536  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:19:46.0545 5536  KtmRm - ok
15:19:46.0577 5536  [ 320F16CA30BC0B8FF59F6C9E1ACD8516 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
15:19:46.0577 5536  L1C - ok
15:19:46.0639 5536  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:19:46.0701 5536  LanmanServer - ok
15:19:46.0717 5536  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:19:46.0764 5536  LanmanWorkstation - ok
15:19:46.0826 5536  [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:19:46.0842 5536  Live Updater Service - ok
15:19:46.0889 5536  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:19:46.0935 5536  lltdio - ok
15:19:46.0951 5536  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:19:46.0982 5536  lltdsvc - ok
15:19:46.0998 5536  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:19:47.0029 5536  lmhosts - ok
15:19:47.0091 5536  [ 8D82CBBF5A8532D9A21A64BBCB774EE7 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:19:47.0107 5536  LMS - ok
15:19:47.0138 5536  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:19:47.0154 5536  LSI_FC - ok
15:19:47.0185 5536  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:19:47.0185 5536  LSI_SAS - ok
15:19:47.0201 5536  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:19:47.0201 5536  LSI_SAS2 - ok
15:19:47.0216 5536  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:19:47.0232 5536  LSI_SCSI - ok
15:19:47.0232 5536  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:19:47.0263 5536  luafv - ok
15:19:47.0279 5536  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:19:47.0294 5536  Mcx2Svc - ok
15:19:47.0294 5536  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:19:47.0310 5536  megasas - ok
15:19:47.0357 5536  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:19:47.0388 5536  MegaSR - ok
15:19:47.0419 5536  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:19:47.0435 5536  MEIx64 - ok
15:19:47.0637 5536  [ 551A5E070F5DF69A64463852E93009DD ] mitsijm2013     C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
15:19:47.0669 5536  mitsijm2013 - ok
15:19:47.0700 5536  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:19:47.0762 5536  MMCSS - ok
15:19:47.0778 5536  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:19:47.0809 5536  Modem - ok
15:19:47.0825 5536  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:19:47.0840 5536  monitor - ok
15:19:47.0871 5536  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:19:47.0887 5536  mouclass - ok
15:19:47.0887 5536  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:19:47.0903 5536  mouhid - ok
15:19:47.0918 5536  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:19:47.0918 5536  mountmgr - ok
15:19:47.0981 5536  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:19:47.0996 5536  MozillaMaintenance - ok
15:19:48.0027 5536  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:19:48.0043 5536  mpio - ok
15:19:48.0059 5536  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:19:48.0074 5536  mpsdrv - ok
15:19:48.0105 5536  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:19:48.0137 5536  MpsSvc - ok
15:19:48.0152 5536  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:19:48.0168 5536  MRxDAV - ok
15:19:48.0183 5536  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:19:48.0230 5536  mrxsmb - ok
15:19:48.0246 5536  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:19:48.0277 5536  mrxsmb10 - ok
15:19:48.0277 5536  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:19:48.0293 5536  mrxsmb20 - ok
15:19:48.0293 5536  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:19:48.0308 5536  msahci - ok
15:19:48.0308 5536  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:19:48.0308 5536  msdsm - ok
15:19:48.0339 5536  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:19:48.0339 5536  MSDTC - ok
15:19:48.0355 5536  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:19:48.0386 5536  Msfs - ok
15:19:48.0402 5536  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:19:48.0433 5536  mshidkmdf - ok
15:19:48.0433 5536  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:19:48.0449 5536  msisadrv - ok
15:19:48.0480 5536  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:19:48.0511 5536  MSiSCSI - ok
15:19:48.0511 5536  msiserver - ok
15:19:48.0527 5536  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:19:48.0573 5536  MSKSSRV - ok
15:19:48.0573 5536  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:19:48.0589 5536  MSPCLOCK - ok
15:19:48.0605 5536  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:19:48.0636 5536  MSPQM - ok
15:19:48.0651 5536  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:19:48.0667 5536  MsRPC - ok
15:19:48.0683 5536  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:19:48.0683 5536  mssmbios - ok
15:19:48.0683 5536  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:19:48.0714 5536  MSTEE - ok
15:19:48.0714 5536  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:19:48.0729 5536  MTConfig - ok
15:19:48.0729 5536  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:19:48.0729 5536  Mup - ok
15:19:48.0745 5536  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:19:48.0745 5536  mwlPSDFilter - ok
15:19:48.0761 5536  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:19:48.0761 5536  mwlPSDNServ - ok
15:19:48.0776 5536  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:19:48.0776 5536  mwlPSDVDisk - ok
15:19:48.0807 5536  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:19:48.0839 5536  napagent - ok
15:19:48.0885 5536  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:19:48.0932 5536  NativeWifiP - ok
15:19:48.0995 5536  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:19:49.0026 5536  NDIS - ok
15:19:49.0073 5536  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:19:49.0104 5536  NdisCap - ok
15:19:49.0119 5536  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:19:49.0135 5536  NdisTapi - ok
15:19:49.0135 5536  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:19:49.0182 5536  Ndisuio - ok
15:19:49.0182 5536  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:19:49.0213 5536  NdisWan - ok
15:19:49.0229 5536  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:19:49.0260 5536  NDProxy - ok
15:19:49.0260 5536  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:19:49.0291 5536  NetBIOS - ok
15:19:49.0322 5536  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:19:49.0353 5536  NetBT - ok
15:19:49.0369 5536  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:19:49.0385 5536  Netlogon - ok
15:19:49.0400 5536  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:19:49.0447 5536  Netman - ok
15:19:49.0665 5536  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:19:49.0697 5536  NetMsmqActivator - ok
15:19:49.0743 5536  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:19:49.0759 5536  NetPipeActivator - ok
15:19:49.0806 5536  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:19:49.0884 5536  netprofm - ok
15:19:49.0915 5536  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:19:49.0931 5536  NetTcpActivator - ok
15:19:49.0931 5536  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:19:49.0931 5536  NetTcpPortSharing - ok
15:19:49.0977 5536  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:19:49.0993 5536  nfrd960 - ok
15:19:50.0040 5536  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:19:50.0071 5536  NlaSvc - ok
15:19:50.0165 5536  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:19:50.0227 5536  NOBU - ok
15:19:50.0243 5536  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:19:50.0274 5536  Npfs - ok
15:19:50.0289 5536  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:19:50.0305 5536  nsi - ok
15:19:50.0321 5536  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:19:50.0352 5536  nsiproxy - ok
15:19:50.0414 5536  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:19:50.0461 5536  Ntfs - ok
15:19:50.0570 5536  [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:19:50.0601 5536  NTI IScheduleSvc - ok
15:19:50.0633 5536  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:19:50.0633 5536  NTIDrvr - ok
15:19:50.0648 5536  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:19:50.0679 5536  Null - ok
15:19:51.0085 5536  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:19:51.0210 5536  nvlddmkm - ok
15:19:51.0319 5536  [ 918841B2454F4F2BD94479692079490B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:19:51.0350 5536  nvpciflt - ok
15:19:51.0381 5536  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:19:51.0397 5536  nvraid - ok
15:19:51.0413 5536  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:19:51.0428 5536  nvstor - ok
15:19:51.0475 5536  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:19:51.0506 5536  nvsvc - ok
15:19:51.0553 5536  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:19:51.0584 5536  nvUpdatusService - ok
15:19:51.0615 5536  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:19:51.0615 5536  nv_agp - ok
15:19:51.0615 5536  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:19:51.0631 5536  ohci1394 - ok
15:19:51.0662 5536  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:19:51.0693 5536  p2pimsvc - ok
15:19:51.0709 5536  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:19:51.0725 5536  p2psvc - ok
15:19:51.0740 5536  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:19:51.0756 5536  Parport - ok
15:19:51.0787 5536  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:19:51.0803 5536  partmgr - ok
15:19:51.0834 5536  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:19:51.0849 5536  PcaSvc - ok
15:19:51.0849 5536  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:19:51.0865 5536  pci - ok
15:19:51.0881 5536  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:19:51.0896 5536  pciide - ok
15:19:51.0912 5536  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:19:51.0927 5536  pcmcia - ok
15:19:51.0927 5536  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:19:51.0927 5536  pcw - ok
15:19:51.0943 5536  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:19:51.0974 5536  PEAUTH - ok
15:19:52.0177 5536  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:19:52.0208 5536  PerfHost - ok
15:19:52.0255 5536  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:19:52.0302 5536  pla - ok
15:19:52.0349 5536  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:19:52.0380 5536  PlugPlay - ok
15:19:52.0411 5536  PnkBstrA - ok
15:19:52.0427 5536  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:19:52.0442 5536  PNRPAutoReg - ok
15:19:52.0442 5536  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:19:52.0458 5536  PNRPsvc - ok
15:19:52.0505 5536  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:19:52.0567 5536  PolicyAgent - ok
15:19:52.0583 5536  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:19:52.0614 5536  Power - ok
15:19:52.0645 5536  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:19:52.0692 5536  PptpMiniport - ok
15:19:52.0707 5536  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:19:52.0723 5536  Processor - ok
15:19:52.0770 5536  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:19:52.0817 5536  ProfSvc - ok
15:19:52.0832 5536  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:19:52.0848 5536  ProtectedStorage - ok
15:19:52.0879 5536  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:19:52.0941 5536  Psched - ok
15:19:52.0973 5536  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:19:53.0004 5536  ql2300 - ok
15:19:53.0019 5536  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:19:53.0019 5536  ql40xx - ok
15:19:53.0051 5536  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:19:53.0066 5536  QWAVE - ok
15:19:53.0066 5536  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:19:53.0097 5536  QWAVEdrv - ok
15:19:53.0097 5536  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:19:53.0129 5536  RasAcd - ok
15:19:53.0160 5536  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:19:53.0191 5536  RasAgileVpn - ok
15:19:53.0238 5536  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:19:53.0269 5536  RasAuto - ok
15:19:53.0285 5536  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:19:53.0316 5536  Rasl2tp - ok
15:19:53.0331 5536  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:19:53.0363 5536  RasMan - ok
15:19:53.0363 5536  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:19:53.0394 5536  RasPppoe - ok
15:19:53.0409 5536  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:19:53.0425 5536  RasSstp - ok
15:19:53.0456 5536  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:19:53.0519 5536  rdbss - ok
15:19:53.0534 5536  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:19:53.0550 5536  rdpbus - ok
15:19:53.0565 5536  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:19:53.0597 5536  RDPCDD - ok
15:19:53.0597 5536  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:19:53.0628 5536  RDPENCDD - ok
15:19:53.0643 5536  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:19:53.0675 5536  RDPREFMP - ok
15:19:53.0706 5536  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:19:53.0737 5536  RDPWD - ok
15:19:53.0753 5536  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:19:53.0768 5536  rdyboost - ok
15:19:53.0784 5536  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:19:53.0831 5536  RemoteAccess - ok
15:19:53.0862 5536  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:19:53.0877 5536  RemoteRegistry - ok
15:19:53.0924 5536  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:19:53.0940 5536  RFCOMM - ok
15:19:53.0955 5536  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:19:53.0987 5536  RpcEptMapper - ok
15:19:54.0002 5536  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:19:54.0033 5536  RpcLocator - ok
15:19:54.0049 5536  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:19:54.0080 5536  RpcSs - ok
15:19:54.0111 5536  [ 6E5C3D18C3BCC72AA527DBC5FA61AB8F ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
15:19:54.0143 5536  RSPCIESTOR - ok
15:19:54.0174 5536  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:19:54.0189 5536  rspndr - ok
15:19:54.0205 5536  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:19:54.0221 5536  SamSs - ok
15:19:54.0221 5536  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:19:54.0221 5536  sbp2port - ok
15:19:54.0330 5536  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:19:54.0361 5536  SBSDWSCService - ok
15:19:54.0392 5536  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:19:54.0423 5536  SCardSvr - ok
15:19:54.0455 5536  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:19:54.0486 5536  scfilter - ok
15:19:54.0501 5536  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:19:54.0548 5536  Schedule - ok
15:19:54.0579 5536  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:19:54.0595 5536  SCPolicySvc - ok
15:19:54.0611 5536  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:19:54.0642 5536  SDRSVC - ok
15:19:54.0673 5536  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:19:54.0704 5536  secdrv - ok
15:19:54.0720 5536  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:19:54.0735 5536  seclogon - ok
15:19:54.0767 5536  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:19:54.0798 5536  SENS - ok
15:19:54.0813 5536  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:19:54.0845 5536  SensrSvc - ok
15:19:54.0876 5536  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:19:54.0907 5536  Serenum - ok
15:19:54.0923 5536  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:19:54.0938 5536  Serial - ok
15:19:54.0954 5536  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:19:54.0969 5536  sermouse - ok
15:19:55.0001 5536  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:19:55.0032 5536  SessionEnv - ok
15:19:55.0063 5536  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:19:55.0063 5536  sffdisk - ok
15:19:55.0079 5536  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:19:55.0094 5536  sffp_mmc - ok
15:19:55.0094 5536  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:19:55.0110 5536  sffp_sd - ok
15:19:55.0125 5536  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:19:55.0157 5536  sfloppy - ok
15:19:55.0188 5536  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:19:55.0219 5536  SharedAccess - ok
15:19:55.0250 5536  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:19:55.0281 5536  ShellHWDetection - ok
15:19:55.0313 5536  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:19:55.0328 5536  SiSRaid2 - ok
15:19:55.0328 5536  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:19:55.0344 5536  SiSRaid4 - ok
15:19:55.0344 5536  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:19:55.0375 5536  Smb - ok
15:19:55.0422 5536  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:19:55.0437 5536  SNMPTRAP - ok
15:19:55.0453 5536  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:19:55.0453 5536  spldr - ok
15:19:55.0500 5536  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:19:55.0547 5536  Spooler - ok
15:19:55.0656 5536  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:19:55.0781 5536  sppsvc - ok
15:19:55.0781 5536  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:19:55.0796 5536  sppuinotify - ok
15:19:55.0812 5536  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:19:55.0843 5536  srv - ok
15:19:55.0859 5536  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:19:55.0890 5536  srv2 - ok
15:19:55.0905 5536  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:19:55.0905 5536  srvnet - ok
15:19:55.0937 5536  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:19:55.0968 5536  SSDPSRV - ok
15:19:55.0983 5536  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:19:55.0999 5536  SstpSvc - ok
15:19:55.0999 5536  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:19:56.0015 5536  stexstor - ok
15:19:56.0030 5536  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:19:56.0061 5536  stisvc - ok
15:19:56.0077 5536  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:19:56.0093 5536  swenum - ok
15:19:56.0108 5536  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:19:56.0155 5536  swprv - ok
15:19:56.0202 5536  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:19:56.0249 5536  SysMain - ok
15:19:56.0280 5536  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:19:56.0295 5536  TabletInputService - ok
15:19:56.0311 5536  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:19:56.0342 5536  TapiSrv - ok
15:19:56.0342 5536  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:19:56.0389 5536  TBS - ok
15:19:56.0467 5536  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:19:56.0514 5536  Tcpip - ok
15:19:56.0545 5536  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:19:56.0576 5536  TCPIP6 - ok
15:19:56.0592 5536  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:19:56.0607 5536  tcpipreg - ok
15:19:56.0623 5536  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:19:56.0654 5536  TDPIPE - ok
15:19:56.0654 5536  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:19:56.0670 5536  TDTCP - ok
15:19:56.0670 5536  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:19:56.0685 5536  tdx - ok
15:19:56.0701 5536  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:19:56.0701 5536  TermDD - ok
15:19:56.0732 5536  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:19:56.0779 5536  TermService - ok
15:19:56.0795 5536  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:19:56.0795 5536  Themes - ok
15:19:56.0810 5536  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:19:56.0841 5536  THREADORDER - ok
15:19:56.0857 5536  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:19:56.0888 5536  TrkWks - ok
15:19:56.0935 5536  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:19:56.0951 5536  TrustedInstaller - ok
15:19:56.0966 5536  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:19:56.0997 5536  tssecsrv - ok
15:19:57.0013 5536  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:19:57.0029 5536  TsUsbFlt - ok
15:19:57.0044 5536  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:19:57.0060 5536  TsUsbGD - ok
15:19:57.0075 5536  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:19:57.0107 5536  tunnel - ok
15:19:57.0138 5536  [ 20155CF5FB9F7902178D7D5CDC7C0F90 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
15:19:57.0153 5536  TurboB - ok
15:19:57.0263 5536  [ E00FC2B80837C29817A3A082717B8C48 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:19:57.0278 5536  TurboBoost - ok
15:19:57.0325 5536  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:19:57.0325 5536  uagp35 - ok
15:19:57.0325 5536  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:19:57.0341 5536  UBHelper - ok
15:19:57.0356 5536  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:19:57.0387 5536  udfs - ok
15:19:57.0403 5536  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:19:57.0419 5536  UI0Detect - ok
15:19:57.0434 5536  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:19:57.0434 5536  uliagpkx - ok
15:19:57.0450 5536  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:19:57.0465 5536  umbus - ok
15:19:57.0497 5536  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:19:57.0528 5536  UmPass - ok
15:19:57.0637 5536  [ 875A3B86D821151C84A4DFD40309C72D ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:19:57.0653 5536  UNS - ok
15:19:57.0699 5536  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:19:57.0731 5536  upnphost - ok
15:19:57.0762 5536  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:19:57.0793 5536  usbccgp - ok
15:19:57.0809 5536  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:19:57.0824 5536  usbcir - ok
15:19:57.0824 5536  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:19:57.0840 5536  usbehci - ok
15:19:57.0855 5536  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:19:57.0871 5536  usbhub - ok
15:19:57.0887 5536  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:19:57.0918 5536  usbohci - ok
15:19:57.0918 5536  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:19:57.0949 5536  usbprint - ok
15:19:57.0949 5536  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:19:57.0980 5536  USBSTOR - ok
15:19:57.0980 5536  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:19:57.0996 5536  usbuhci - ok
15:19:58.0027 5536  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:19:58.0043 5536  usbvideo - ok
15:19:58.0058 5536  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:19:58.0089 5536  UxSms - ok
15:19:58.0089 5536  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:19:58.0105 5536  VaultSvc - ok
15:19:58.0121 5536  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:19:58.0121 5536  vdrvroot - ok
15:19:58.0152 5536  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:19:58.0199 5536  vds - ok
15:19:58.0214 5536  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:19:58.0230 5536  vga - ok
15:19:58.0245 5536  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:19:58.0277 5536  VgaSave - ok
15:19:58.0277 5536  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:19:58.0292 5536  vhdmp - ok
15:19:58.0292 5536  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:19:58.0308 5536  viaide - ok
15:19:58.0339 5536  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:19:58.0339 5536  volmgr - ok
15:19:58.0355 5536  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:19:58.0370 5536  volmgrx - ok
15:19:58.0370 5536  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:19:58.0386 5536  volsnap - ok
15:19:58.0401 5536  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:19:58.0417 5536  vsmraid - ok
15:19:58.0464 5536  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:19:58.0511 5536  VSS - ok
15:19:58.0635 5536  [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
15:19:58.0667 5536  vToolbarUpdater13.2.0 - ok
15:19:58.0698 5536  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:19:58.0729 5536  vwifibus - ok
15:19:58.0729 5536  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:19:58.0745 5536  vwififlt - ok
15:19:58.0776 5536  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:19:58.0823 5536  W32Time - ok
15:19:58.0854 5536  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:19:58.0869 5536  WacomPen - ok
15:19:58.0885 5536  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:19:58.0901 5536  WANARP - ok
15:19:58.0916 5536  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:19:58.0932 5536  Wanarpv6 - ok
15:19:58.0979 5536  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:19:59.0041 5536  wbengine - ok
15:19:59.0041 5536  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:19:59.0057 5536  WbioSrvc - ok
15:19:59.0072 5536  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:19:59.0103 5536  wcncsvc - ok
15:19:59.0135 5536  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:19:59.0150 5536  WcsPlugInService - ok
15:19:59.0181 5536  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:19:59.0181 5536  Wd - ok
15:19:59.0244 5536  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:19:59.0275 5536  Wdf01000 - ok
15:19:59.0306 5536  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:19:59.0369 5536  WdiServiceHost - ok
15:19:59.0369 5536  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:19:59.0400 5536  WdiSystemHost - ok
15:19:59.0415 5536  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:19:59.0462 5536  WebClient - ok
15:19:59.0478 5536  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:19:59.0525 5536  Wecsvc - ok
15:19:59.0540 5536  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:19:59.0571 5536  wercplsupport - ok
15:19:59.0587 5536  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:19:59.0618 5536  WerSvc - ok
15:19:59.0634 5536  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:19:59.0649 5536  WfpLwf - ok
15:19:59.0665 5536  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:19:59.0665 5536  WIMMount - ok
15:19:59.0696 5536  WinDefend - ok
15:19:59.0696 5536  WinHttpAutoProxySvc - ok
15:19:59.0821 5536  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:19:59.0883 5536  Winmgmt - ok
15:19:59.0930 5536  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:19:59.0977 5536  WinRM - ok
15:20:00.0039 5536  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:00.0102 5536  WinUsb - ok
15:20:00.0149 5536  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:20:00.0180 5536  Wlansvc - ok
15:20:00.0258 5536  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:20:00.0258 5536  wlcrasvc - ok
15:20:00.0383 5536  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:20:00.0414 5536  wlidsvc - ok
15:20:00.0445 5536  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:20:00.0476 5536  WmiAcpi - ok
15:20:00.0507 5536  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:20:00.0523 5536  wmiApSrv - ok
15:20:00.0554 5536  WMPNetworkSvc - ok
15:20:00.0585 5536  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:20:00.0601 5536  WPCSvc - ok
15:20:00.0617 5536  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:20:00.0632 5536  WPDBusEnum - ok
15:20:00.0648 5536  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:20:00.0663 5536  ws2ifsl - ok
15:20:00.0679 5536  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:20:00.0710 5536  wscsvc - ok
15:20:00.0710 5536  WSearch - ok
15:20:00.0773 5536  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:20:00.0819 5536  wuauserv - ok
15:20:00.0851 5536  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:20:00.0882 5536  WudfPf - ok
15:20:00.0929 5536  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:00.0944 5536  WUDFRd - ok
15:20:00.0991 5536  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:20:01.0022 5536  wudfsvc - ok
15:20:01.0053 5536  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:20:01.0085 5536  WwanSvc - ok
15:20:01.0163 5536  [ 79BC44FF509C79D4E34DED3CD6EFD92B ] ZAtheros Wlan Agent C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
15:20:01.0178 5536  ZAtheros Wlan Agent - ok
15:20:01.0209 5536  ================ Scan global ===============================
15:20:01.0241 5536  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:20:01.0272 5536  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:20:01.0272 5536  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:20:01.0303 5536  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:20:01.0334 5536  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:20:01.0334 5536  [Global] - ok
15:20:01.0334 5536  ================ Scan MBR ==================================
15:20:01.0350 5536  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:20:02.0239 5536  \Device\Harddisk0\DR0 - ok
15:20:02.0239 5536  ================ Scan VBR ==================================
15:20:02.0270 5536  [ 926E9DAD45CCB848DEB1337AE79F3F1D ] \Device\Harddisk0\DR0\Partition1
15:20:02.0270 5536  \Device\Harddisk0\DR0\Partition1 - ok
15:20:02.0286 5536  [ 216E278C81AE988E1F401FD71FCD2443 ] \Device\Harddisk0\DR0\Partition2
15:20:02.0286 5536  \Device\Harddisk0\DR0\Partition2 - ok
15:20:02.0286 5536  ============================================================
15:20:02.0286 5536  Scan finished
15:20:02.0286 5536  ============================================================
15:20:02.0301 0996  Detected object count: 0
15:20:02.0301 0996  Actual detected object count: 0
         

Alt 11.12.2012, 15:33   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Ist unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.12.2012, 20:18   #9
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Code:
ATTFilter
# AdwCleaner v2.100 - Datei am 11/12/2012 um 20:13:52 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lukas - JUGL_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lukas\Downloads\Virenschutz\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gefunden : C:\Program Files (x86)\Winamp Toolbar
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\ProgramData\Winamp Toolbar
Ordner Gefunden : C:\Users\Lukas\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Lukas\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1ktdi551.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gefunden : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1ktdi551.default\WinampToolbarData
Ordner Gefunden : C:\Users\Lukas\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Lukas\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gefunden : HKCU\Software\Winamp Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\Software\Winamp Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gefunden : HKU\S-1-5-21-2940378791-2078065668-643256562-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1ktdi551.default\prefs.js

Gefunden : user_pref("aol_toolbar.surf.date", "18");
Gefunden : user_pref("aol_toolbar.surf.lastDate", "11");
Gefunden : user_pref("aol_toolbar.surf.lastMonth", "11");
Gefunden : user_pref("aol_toolbar.surf.lastYear", "2012");
Gefunden : user_pref("aol_toolbar.surf.month", "2631");
Gefunden : user_pref("aol_toolbar.surf.prevMonth", "6803");
Gefunden : user_pref("aol_toolbar.surf.total", "13642");
Gefunden : user_pref("aol_toolbar.surf.week", "695");
Gefunden : user_pref("aol_toolbar.surf.year", "13581");
Gefunden : user_pref("winamp_toolbar.button.facebook_45469.click", "1");
Gefunden : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gefunden : user_pref("winamp_toolbar.cookie.homepage", "");
Gefunden : user_pref("winamp_toolbar.cookie.search", "");
Gefunden : user_pref("winamp_toolbar.default.homepage.check", false);
Gefunden : user_pref("winamp_toolbar.default.search.check", false);
Gefunden : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gefunden : user_pref("winamp_toolbar.guid", "{C31A2D89-24EF-BDCF-DFDB-A2016FAD1046}");
Gefunden : user_pref("winamp_toolbar.install.distroid", "winamp");
Gefunden : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.8949");
Gefunden : user_pref("winamp_toolbar.install.lid", "");
Gefunden : user_pref("winamp_toolbar.install.mtmhp", "");
Gefunden : user_pref("winamp_toolbar.install.ncid", "");
Gefunden : user_pref("winamp_toolbar.metrics.activestampdate", "11");
Gefunden : user_pref("winamp_toolbar.metrics.activestampmonth", "11");
Gefunden : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Gefunden : user_pref("winamp_toolbar.metrics.log", false);
Gefunden : user_pref("winamp_toolbar.metrics.originalDate", "29");
Gefunden : user_pref("winamp_toolbar.metrics.originalHours", "17");
Gefunden : user_pref("winamp_toolbar.metrics.originalMinutes", "55");
Gefunden : user_pref("winamp_toolbar.metrics.originalMonth", "9");
Gefunden : user_pref("winamp_toolbar.metrics.originalSeconds", "15");
Gefunden : user_pref("winamp_toolbar.metrics.originalYear", "2012");
Gefunden : user_pref("winamp_toolbar.relatednews.enabled", false);
Gefunden : user_pref("winamp_toolbar.remote.publish.xml", "1355253144343");
Gefunden : user_pref("winamp_toolbar.search.button", true);
Gefunden : user_pref("winamp_toolbar.search.cid", "13-11-2012");
Gefunden : user_pref("winamp_toolbar.search.instd", "20120929175102092");
Gefunden : user_pref("winamp_toolbar.search.oid", "29-09-2012");
Gefunden : user_pref("winamp_toolbar.search.placement", "left");
Gefunden : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gefunden : user_pref("winamp_toolbar.search.savehistory", false);
Gefunden : user_pref("winamp_toolbar.search.searchtype", "web");
Gefunden : user_pref("winamp_toolbar.search.source", "winamp-ff");
Gefunden : user_pref("winamp_toolbar.skin.custom", true);
Gefunden : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gefunden : user_pref("winamp_toolbar.weather.degc", "8");
Gefunden : user_pref("winamp_toolbar.weather.degf", "47");
Gefunden : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/30.png");
Gefunden : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
Gefunden : user_pref("winamp_toolbar.weather.metric", true);
Gefunden : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Partly Cloudy");
Gefunden : user_pref("winamp_toolbar.weather.update", "1355253144343");
Gefunden : user_pref("winamp_toolbar.winamp.artist", "");
Gefunden : user_pref("winamp_toolbar.winamp.button.focus", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.forward", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.open", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.pause", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.play", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.stop", false);
Gefunden : user_pref("winamp_toolbar.winamp.button.volume", true);
Gefunden : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gefunden : user_pref("winamp_toolbar.winamp.title", "-999999");

*************************

AdwCleaner[R1].txt - [16679 octets] - [11/12/2012 20:13:52]

########## EOF - C:\AdwCleaner[R1].txt - [16740 octets] ##########
         



Also wenn bisher alles normal bzw. unauffällig ist, dann bin ich erst mal beruhigt und glücklich, aber mir stellt sich dann die Frage wieso der erste Scan etwas gefunden hat ? :-)

Alt 11.12.2012, 22:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.12.2012, 23:06   #11
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



adwCleaner :

Code:
ATTFilter
# AdwCleaner v2.100 - Datei am 11/12/2012 um 23:01:16 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lukas - JUGL_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lukas\Downloads\Virenschutz\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1ktdi551.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1ktdi551.default\WinampToolbarData
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1ktdi551.default\prefs.js

Gelöscht : user_pref("aol_toolbar.surf.date", "86");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "11");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "11");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Gelöscht : user_pref("aol_toolbar.surf.month", "2699");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "6803");
Gelöscht : user_pref("aol_toolbar.surf.total", "13710");
Gelöscht : user_pref("aol_toolbar.surf.week", "763");
Gelöscht : user_pref("aol_toolbar.surf.year", "13649");
Gelöscht : user_pref("winamp_toolbar.button.facebook_45469.click", "1");
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gelöscht : user_pref("winamp_toolbar.cookie.homepage", "");
Gelöscht : user_pref("winamp_toolbar.cookie.search", "");
Gelöscht : user_pref("winamp_toolbar.default.homepage.check", false);
Gelöscht : user_pref("winamp_toolbar.default.search.check", false);
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.guid", "{C31A2D89-24EF-BDCF-DFDB-A2016FAD1046}");
Gelöscht : user_pref("winamp_toolbar.install.distroid", "winamp");
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.8949");
Gelöscht : user_pref("winamp_toolbar.install.lid", "");
Gelöscht : user_pref("winamp_toolbar.install.mtmhp", "");
Gelöscht : user_pref("winamp_toolbar.install.ncid", "");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "11");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "11");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Gelöscht : user_pref("winamp_toolbar.metrics.log", false);
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "29");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "17");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "55");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "9");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "15");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2012");
Gelöscht : user_pref("winamp_toolbar.relatednews.enabled", false);
Gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1355260332555");
Gelöscht : user_pref("winamp_toolbar.search.button", true);
Gelöscht : user_pref("winamp_toolbar.search.cid", "13-11-2012");
Gelöscht : user_pref("winamp_toolbar.search.instd", "20120929175102092");
Gelöscht : user_pref("winamp_toolbar.search.oid", "29-09-2012");
Gelöscht : user_pref("winamp_toolbar.search.placement", "left");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.savehistory", false);
Gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Gelöscht : user_pref("winamp_toolbar.search.source", "winamp-ff");
Gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.weather.degc", "7");
Gelöscht : user_pref("winamp_toolbar.weather.degf", "45");
Gelöscht : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/28.png");
Gelöscht : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
Gelöscht : user_pref("winamp_toolbar.weather.metric", true);
Gelöscht : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Mostly Cloudy");
Gelöscht : user_pref("winamp_toolbar.weather.update", "1355260332555");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");

*************************

AdwCleaner[R1].txt - [16778 octets] - [11/12/2012 20:13:52]
AdwCleaner[S1].txt - [16587 octets] - [11/12/2012 23:01:16]

########## EOF - C:\AdwCleaner[S1].txt - [16648 octets] ##########
         

Alt 11.12.2012, 23:17   #12
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



OTL File 1 :

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.12.2012 23:09:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Downloads\Virenschutz
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,84 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 72,15% Memory free
15,68 Gb Paging File | 13,30 Gb Available in Paging File | 84,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915,91 Gb Total Space | 464,79 Gb Free Space | 50,75% Space Free | Partition Type: NTFS
 
Computer Name: JUGL_PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lukas\Downloads\Virenschutz\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Lukas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (DCDhcpService) -- C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( )
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.29 18:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 03:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.11 23:01:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 03:54:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.11 23:01:21 | 000,000,000 | ---D | M]
 
[2012.09.29 18:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.12.11 23:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1ktdi551.default\extensions
[2012.11.13 16:52:34 | 000,002,533 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1ktdi551.default\searchplugins\aol-search.xml
[2012.12.08 03:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.29 18:54:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.08 03:54:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2940378791-2078065668-643256562-1001..\Run: [Akamai NetSession Interface] C:\Users\Lukas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2940378791-2078065668-643256562-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FB7768-163D-429E-9E8A-848F4EDF25BC}: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BEE3226-8D71-4E30-B024-7E821FADD76F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.28 11:12:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 20:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.12.09 13:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.09 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2012.12.09 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.09 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.09 13:23:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.09 13:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.08 03:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.02 14:21:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Activision
[2012.12.01 15:32:17 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_37.dll
[2012.12.01 15:30:42 | 000,226,304 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysWow64\binkw32.dll
[2012.12.01 15:26:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.28 18:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.11.28 12:02:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Autodesk,_Inc
[2012.11.28 12:01:16 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Granta Design
[2012.11.28 11:49:20 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Inventor
[2012.11.28 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Autodesk
[2012.11.28 11:40:31 | 000,000,000 | ---D | C] -- C:\Temp
[2012.11.28 11:40:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2012.11.28 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DWG TrueView 2013
[2012.11.28 11:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012.11.28 11:37:10 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.28 11:37:10 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.28 11:37:08 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.11.28 11:37:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.11.28 11:37:07 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.28 11:37:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.28 11:37:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.11.28 11:37:05 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.11.28 11:36:59 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.11.28 11:36:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.11.28 11:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012.11.28 10:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012.11.26 16:27:11 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Cyberlink
[2012.11.22 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\World in Conflict
[2012.11.22 15:30:22 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.11.18 22:29:35 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.18 22:29:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.18 22:25:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.18 22:25:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.18 22:25:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.18 22:25:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.18 22:25:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.18 22:25:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.18 22:25:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.18 22:25:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.18 22:25:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.18 22:25:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.18 22:25:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.18 22:25:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.18 22:25:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.18 22:25:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.18 22:25:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.18 22:23:01 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.18 22:23:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.18 22:23:00 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.18 22:23:00 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.18 21:17:56 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.18 21:17:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.18 21:17:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.18 21:17:51 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.18 21:17:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.18 21:17:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.18 21:17:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.18 21:17:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.18 21:17:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.18 21:17:26 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.18 21:17:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.11 23:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.11 23:10:29 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 23:10:29 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.11 23:02:58 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2012.12.11 23:02:56 | 2020,360,191 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.11 21:11:05 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 21:11:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.10 16:48:44 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.10 16:48:44 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.10 16:48:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.10 16:48:44 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.10 16:48:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.09 20:20:58 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.09 15:49:21 | 000,007,613 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2012.12.09 13:23:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.08 03:46:31 | 000,003,480 | ---- | M] () -- C:\bootsqm.dat
[2012.12.08 00:45:45 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.08 00:45:45 | 000,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.01 15:32:40 | 003,786,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_37.dll
[2012.12.01 15:30:45 | 000,226,304 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysWow64\binkw32.dll
[2012.12.01 15:26:17 | 000,443,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.28 16:57:27 | 000,415,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.28 11:57:51 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Vault Basic 2013.lnk
[2012.11.28 11:54:46 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2012.11.28 11:47:09 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk
[2012.11.28 11:39:44 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\DWG TrueView 2013.lnk
[2012.11.28 11:35:58 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2012.11.26 16:26:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.22 15:30:31 | 003,495,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.11.13 21:51:51 | 000,014,200 | ---- | M] () -- C:\Users\Lukas\Documents\Ihre Retourenmarke.pdf
 
========== Files Created - No Company Name ==========
 
[2012.12.09 13:23:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.09 13:20:01 | 000,007,613 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2012.12.08 03:46:31 | 000,003,480 | ---- | C] () -- C:\bootsqm.dat
[2012.12.07 22:47:25 | 000,215,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.11.28 11:57:51 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Vault Basic 2013.lnk
[2012.11.28 11:54:46 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2012.11.28 11:47:09 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk
[2012.11.28 11:39:44 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\DWG TrueView 2013.lnk
[2012.11.28 11:35:58 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2012.11.26 16:26:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.18 22:29:36 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.18 22:22:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 21:51:51 | 000,014,200 | ---- | C] () -- C:\Users\Lukas\Documents\Ihre Retourenmarke.pdf
[2012.11.02 14:00:31 | 000,215,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.24 19:45:32 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.24 19:34:18 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.04 18:20:23 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2012.10.02 00:35:00 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.20 11:40:15 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.04.20 11:40:03 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.04.20 11:40:01 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 11:40:01 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---




und der OTL File 2 :

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.12.2012 23:09:44 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Downloads\Virenschutz
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,84 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 72,15% Memory free
15,68 Gb Paging File | 13,30 Gb Available in Paging File | 84,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915,91 Gb Total Space | 464,79 Gb Free Space | 50,75% Space Free | Partition Type: NTFS
 
Computer Name: JUGL_PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{130A0615-A214-425D-99D8-105876FB7841}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2A92E06B-F6FB-4D56-9934-86EB66F9A49E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{312B3398-72ED-4A7C-B690-51C7E439F128}" = lport=445 | protocol=6 | dir=in | app=system | 
"{324E4051-2077-4A35-9D35-8FA21C37D7A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34D2FEC4-0160-492D-B1B7-853990B21397}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{37BC4C76-9FAE-435A-B813-77544B0804FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{395A02A2-67EA-4647-BCD4-8CA489E90C98}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3E14054C-4201-44FA-8CDF-E1A97B608F01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44E245BF-2BA9-4822-8AD0-2F00271E5403}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\acer\wdagent\dcdhcpservice.exe | 
"{47445BFC-CB5A-46BA-9549-705BA13239C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56468111-60EC-4A1E-B591-ABD31ACE5E91}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{5B986F98-7E29-46EE-AD7A-C4D68E5076E5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F0C09BC-2D86-4154-9D2D-1415B952DC8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F4B1A05-01FA-4CF2-9D27-81F7EA979B46}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7B6197F2-3DFA-4712-B426-3CAAA06E748C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{85284257-86D2-440B-BC73-AF6CC82ECAC4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{87029877-30CC-46C4-BFC9-E2E76BAA9E84}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{97CB9345-42A0-4543-943B-F02FC0AD2484}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A2278941-A717-4662-B72C-0452E2C32A82}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A4AD6DBE-715E-4861-883D-4DFA11E0EAFA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C4A9F409-FDE0-4623-9D04-48B6FAA9B2F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CCC1E723-FA1B-430B-A3CD-A8C33E42A6B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2B53DD2-A376-4D11-9795-7540A3C4D611}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5860A0C-4421-42FC-8D6F-AC4B089A8028}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FBB18B26-4342-4BBB-A62E-071D549534F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006B25EF-A281-4EDC-9E60-CA912422134F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0AFE0907-4040-4DAB-857F-C271688FA75B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{239A4D05-CE6C-467B-B237-0627C62E1CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{24C12A97-B9FB-4EA3-8B9F-42628389D0D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2CE2885C-E762-460B-B96E-62AB3842E1AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{312E8340-4A97-41BD-86A1-C7B192AF9914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{324895B1-3C42-4BD1-A8A7-CA9BB8BE8FC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3317877E-5432-4951-A8F9-629542BDBA53}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{362E5810-753F-4C2E-9BA4-E52307588C96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3FB3A099-CD80-4FB2-9A35-E687818C66A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43E48DD9-548B-437C-AF58-C74B4EAA9501}" = protocol=17 | dir=in | app=c:\users\lukas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4646E17F-3BB9-48C2-A6EB-3E4F82453971}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{4F76E4D2-E816-4BBC-8D4E-9F6B27D5488E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{5102085A-51F3-4385-8F20-4DB983B00E8F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{55A55735-331C-4CC1-BE08-CEEFC93ED723}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{79DE39F8-96BA-4FD2-8226-06BCDC540D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{7B52B645-FAEE-4BA0-8970-A5B432E3BFFC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{848DBCED-B6E2-426D-8C57-F4D762A89C79}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{87513EB0-77EC-49D1-9844-6723EFD817A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{88D2F339-EC19-40DB-8EAC-9F7DD679C51D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{951C7A07-2300-4937-86AE-8D1885AB42DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99A9B037-75C2-40D5-B040-1BEB0493A539}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9F4BA514-5547-4E4E-87AB-9655E13C2E04}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{A17DFD37-EDFD-4215-98E3-D6A3A3BA1910}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4896893-0D79-4FE6-88F4-B62F88FF00A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{A6B25E45-1123-40B7-99E7-63C076C892D8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{A7A29A06-FA99-4522-BB87-A01514CC048B}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe | 
"{A9964BA6-7E88-4F8E-9B5A-6D894849FCD7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{B4E86A5B-16F5-4CA8-A478-ABB1EA1BF13A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{BCE8E9A4-E8AD-46C0-9C25-3E6311F032F7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{BD548143-4AE0-4428-A43C-34AEDCF5D20B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C97D7A7E-0C5E-4ED3-9223-7B75C5C40E90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAA7D5ED-64B5-4C02-8EF6-1671A4B61522}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF930E5E-F17B-42F3-A08C-858E5089E7CF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{D0D2919B-3556-447D-9237-73813120B114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D557ABEE-B2A9-41A1-9EC6-CF10FC48163C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{E2DB8A19-6038-458B-B115-CB1743013434}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe | 
"{E4D395BC-BD92-40B5-A9E2-9F2C77B50556}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E55827EF-8D85-4B35-88AF-6DC2179F303A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{E85DE632-5FA4-41BD-97A6-F881A75BD716}" = protocol=6 | dir=in | app=c:\users\lukas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F47379F9-4316-44EF-8408-8A03B82D9F12}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F6FCFA17-5511-43B2-968D-AC332C694D2C}" = protocol=6 | dir=out | app=system | 
"TCP Query User{071440EF-AE46-49F1-9C28-841F0709AA09}C:\lukas dateien\spiele\far cry 2 v1.03\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\far cry 2 v1.03\bin\farcry2.exe | 
"TCP Query User{07C8F473-93C0-42A1-9765-01387C952F5B}C:\lukas dateien\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\flatout2\flatout2.exe | 
"TCP Query User{08D07E0F-B8A4-4F96-9B09-87EE91DF6457}C:\lukas dateien\spiele\rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | 
"TCP Query User{2F395967-C5B7-43CD-8FAC-BBC4ABF39CD3}C:\lukas dateien\spiele\call of duty 6\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\call of duty 6\modern warfare 2\iw4mp.exe | 
"TCP Query User{4963F76B-F4AA-40EA-BAE3-E60FBAF8DB32}C:\users\lukas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lukas\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{53D670B6-AB91-41C3-886B-DE1FEE7D6831}C:\lukas dateien\spiele\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\call of duty 4\iw3mp.exe | 
"TCP Query User{615F0EFD-16D4-4E2C-809F-CBAF52D5B949}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{6DBA76CF-05C3-4830-A37F-5B2CB5800D26}C:\lukas dateien\spiele\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\borderlands\binaries\borderlands.exe | 
"TCP Query User{800E27E3-DAA5-44F1-A884-4105CC1DC705}C:\lukas dateien\spiele\hawx\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\hawx\tom clancy's h.a.w.x\hawx.exe | 
"TCP Query User{8378CB55-A5FC-44A8-81DF-E744B409E06F}C:\lukas dateien\spiele\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\call of duty 4\iw3mp.exe | 
"TCP Query User{9478926D-EA56-4387-A5AD-150701021B5A}C:\users\lukas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lukas\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9A6D25AD-208B-4075-9FE9-72DDF5052967}C:\users\lukas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lukas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C0D2548D-0436-4F9D-8882-EF5AE3D76288}C:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe | 
"TCP Query User{DB157C2B-916B-4145-8BE9-D543F2C7EB42}C:\lukas dateien\spiele\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\borderlands\binaries\borderlands.exe | 
"TCP Query User{FD0F0931-B54D-438B-962F-BA4B3F69D30E}C:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe | 
"UDP Query User{5A3F65D3-BD01-4269-AA6B-6C0E5989259A}C:\lukas dateien\spiele\rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | 
"UDP Query User{5AE95D90-8A0F-4A0C-BB14-1C00A0588122}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{740E7B2F-E6C0-4D30-84D1-88F71D5062D8}C:\lukas dateien\spiele\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\call of duty 4\iw3mp.exe | 
"UDP Query User{8F638462-95CC-4FB5-A7B8-78328A43C8DA}C:\lukas dateien\spiele\hawx\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\hawx\tom clancy's h.a.w.x\hawx.exe | 
"UDP Query User{94D4FAE3-97BA-4F30-958F-1FD45281029F}C:\users\lukas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lukas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{AFEF0C74-3287-4D40-9C8B-C15392121820}C:\lukas dateien\spiele\far cry 2 v1.03\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\far cry 2 v1.03\bin\farcry2.exe | 
"UDP Query User{B7FC479E-E849-419C-A1CB-9AADDF070DDD}C:\lukas dateien\spiele\call of duty 6\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\call of duty 6\modern warfare 2\iw4mp.exe | 
"UDP Query User{B84EFF27-317E-4732-A0F5-5305558D7866}C:\lukas dateien\spiele\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\borderlands\binaries\borderlands.exe | 
"UDP Query User{B876120C-9951-4D70-9D7C-E479220BD8AF}C:\lukas dateien\spiele\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\borderlands\binaries\borderlands.exe | 
"UDP Query User{C069381F-A32E-40AA-AD95-731007C53B03}C:\lukas dateien\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\flatout2\flatout2.exe | 
"UDP Query User{C6BE1944-CD75-419C-B7BB-DF1CAAA98E5C}C:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe | 
"UDP Query User{D01957C6-3B3C-47BC-9107-CE3EE571555D}C:\users\lukas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lukas\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{EDA2CF2C-DA3B-4995-9B2B-CA0A8CB8353D}C:\lukas dateien\spiele\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\call of duty 4\iw3mp.exe | 
"UDP Query User{EFA7E603-06D3-460C-AE55-9A792DCBDD37}C:\users\lukas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lukas\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{F41D4C3B-2603-47FB-BBE0-AC528E68AEF9}C:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\lukas dateien\spiele\call of duty 2 v1.3\cod2mp_s.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - Deutsch (German)
"{5783F2D7-B001-0407-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - Deutsch (German)
"{5783F2D7-B001-0407-2102-0060B0CE6BBA}" = AutoCAD 2013 - Deutsch (German)
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}" = Acer Instant Update Service
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD 2013 - Deutsch (German)" = AutoCAD 2013 - Deutsch (German)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"DWG TrueView 2013" = DWG TrueView 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.9
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" =  clear.fi SDK - MVP 2
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" =  clear.fi SDK- Movie 2
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"GeoGebra" = GeoGebra
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"Kobo" = Kobo
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.4
"WildTangent acer Master Uninstall" = Acer Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WTA-153a1457-5308-4827-9738-8b2b16051ef4" = Wedding Dash
"WTA-195931dd-20d1-47cd-bb01-cb00f4fd9e8b" = Chuzzle Deluxe
"WTA-30e1e6f4-e4d7-4366-9802-118b26afde7c" = Plants vs. Zombies - Game of the Year
"WTA-3691f5e5-cbf1-4217-9925-3ec770e5f426" = Jewel Match 3
"WTA-41df7fd4-37ab-41bd-90be-25ffcb18f949" = Polar Bowler
"WTA-4345a117-5bcf-4855-8130-4e3cdaf67525" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-519733d8-ad78-4d99-b2ad-cd7062640015" = Torchlight
"WTA-58cc2f03-9177-4ba0-884f-51fe7e2639d9" = John Deere Drive Green
"WTA-59a81e83-44ec-4e87-927f-9481910220c0" = Slingo Deluxe
"WTA-81f31e09-378e-4d77-ac8f-0df945312b71" = Bejeweled 3
"WTA-88179b81-e36f-48d1-9825-9c778a741298" = Final Drive: Nitro
"WTA-9eec2977-f821-47ad-9f88-b45ca06fe1f7" = Zuma Deluxe
"WTA-c8e3b5c7-4d0f-4d68-9323-6ef1a4892bf7" = Virtual Villagers 4 - The Tree of Life
"WTA-d2ca568d-2367-4ba4-b5fc-9c9e327499f5" = Penguins!
"WTA-d7439b07-96cf-417b-9708-d8647897fe41" = FATE
"WTA-fa38e46e-d67c-41a4-b54f-07dc57a753f9" = Agatha Christie - Death on the Nile
"WTA-fc5fc8b4-995d-4555-ade7-c40e61825a9f" = Insaniquarium Deluxe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2940378791-2078065668-643256562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 08:41:54 | Computer Name = Jugl_PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.10.2012 15:25:21 | Computer Name = Jugl_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.10.2012 08:47:14 | Computer Name = Jugl_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.10.2012 15:07:44 | Computer Name = Jugl_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.10.2012 15:47:45 | Computer Name = Jugl_PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 22.10.2012 06:38:35 | Computer Name = Jugl_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.10.2012 12:25:25 | Computer Name = Jugl_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.10.2012 12:49:09 | Computer Name = Jugl_PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 24.10.2012 10:52:53 | Computer Name = Jugl_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.10.2012 11:18:06 | Computer Name = Jugl_PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 06.12.2012 18:08:22 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 07.12.2012 11:54:13 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 07.12.2012 11:54:25 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 07.12.2012 11:56:33 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.12.2012 11:56:33 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 07.12.2012 14:11:53 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 07.12.2012 17:29:58 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 07.12.2012 17:30:11 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 07.12.2012 17:32:20 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.12.2012 17:32:20 | Computer Name = Jugl_PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
--- --- ---

Alt 12.12.2012, 12:48   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2012.11.13 16:52:34 | 000,002,533 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1ktdi551.default\searchplugins\aol-search.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2012, 18:30   #14
Luke23
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1ktdi551.default\searchplugins\aol-search.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lukas\Downloads\Virenschutz\cmd.bat deleted successfully.
C:\Users\Lukas\Downloads\Virenschutz\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lukas
->Temp folder emptied: 82124807 bytes
->Temporary Internet Files folder emptied: 73996266 bytes
->Java cache emptied: 244336 bytes
->FireFox cache emptied: 69772050 bytes
->Flash cache emptied: 56998 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 877893 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35778 bytes
RecycleBin emptied: 2205324504 bytes
 
Total Files Cleaned = 2.320,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12132012_182454

Files\Folders moved on Reboot...
C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lukas\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 13.12.2012, 19:25   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner gefunden, was tun ? - Standard

Trojaner gefunden, was tun ?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner gefunden, was tun ?
acer, acer aspire, anti-malware, appdata, avg, cache, code, downloader, entfernen, escan, eset, folge, java, java/exploit.cve-2012-4681.cd, java/exploit.cve-2012-5076.q, langsam, logfile, malwarebytes, online, problem, programme, scan, trojan, trojaner, variant, virenscanner, windows



Ähnliche Themen: Trojaner gefunden, was tun ?


  1. Avira Scan, Trojaner TR/Crypt.ZPACK.50636 gefunden, Fehlalarm oder echter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  2. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  3. wigon.PB Trojaner und PSW.Agent.NUS Trojaner von ESET im Arbeitsspeicher gefunden
    Log-Analyse und Auswertung - 27.02.2013 (16)
  4. Trojaner gefunden, was tun?
    Log-Analyse und Auswertung - 28.01.2013 (14)
  5. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  6. Trojaner gefunden!
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (7)
  7. CPU Auslastung bei 100 % / Spiele ruckeln/ Viren und Trojaner gefunden ( Trojaner TR/Ramson.EJ.18..)
    Log-Analyse und Auswertung - 09.02.2012 (28)
  8. Trojaner gefunden - Was tun?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (19)
  9. Trojaner Gefunden
    Log-Analyse und Auswertung - 12.04.2011 (25)
  10. Trojaner/ZbotR.Gen und Trojaner/Trash.Gen auf Pc gefunden!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (10)
  11. Trojaner gefunden-was nun?
    Log-Analyse und Auswertung - 18.01.2011 (4)
  12. Trojaner gefunden
    Log-Analyse und Auswertung - 11.08.2010 (17)
  13. Trojaner 'TR/Crypt.XPACK.Gen' gefunden, Sorge um weitere Trojaner
    Log-Analyse und Auswertung - 28.09.2008 (0)
  14. trojaner gefunden!!!!!!
    Mülltonne - 30.06.2008 (0)
  15. Trojaner gefunden was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2008 (25)
  16. Trojaner gefunden
    Log-Analyse und Auswertung - 18.09.2005 (6)
  17. Trojaner gefunden
    Log-Analyse und Auswertung - 01.05.2005 (12)

Zum Thema Trojaner gefunden, was tun ? - Hallo ihr, bevor ich versuche mein Problem zu erklären gebe ich kurz ein paar wichtigen Details meines Laptops an: Es handelt sich hier um einen Acer ASPIRE V3-771G auf dem - Trojaner gefunden, was tun ?...
Archiv
Du betrachtest: Trojaner gefunden, was tun ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.