Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Update Einstellungen werden vom Systemadministrator verwaltet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.04.2013, 11:02   #1
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Windows 8
Hallo.
Mir ist gerade aufgefallen, dass ich die Windows Update Einstellungen nicht ändern kann.
Suchen und installieren der Updates ist kein Problem.
Es ist ein gelbes Kästchen zu sehen, in dem steht, dass einige Einstellungen vom Systemadministrator verwaltet werden.
Ein Bild davon habe ich hinzugefügt.
Ich bin als Administrator angemeldet, es ist kein weiteres Konto gemeldet.
Kann mir jemand sagen woran das liegt und wie ich das wieder ändern kann.
Danke.
Miniaturansicht angehängter Grafiken
Windows Update Einstellungen werden vom Systemadministrator verwaltet-win-update.jpg  

Geändert von Solar0 (03.04.2013 um 11:09 Uhr)

Alt 04.04.2013, 11:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Hallo und

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.04.2013, 10:11   #3
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Ich habe Kaspersky auf meinem Laptop, der sagt es ist alles sauber.
Malwarebytes hat ebenfalls nichts gefunden.
Bis jetzt hatte ich auch noch keine Probleme mit Viren oder ähnliches.
__________________

Alt 05.04.2013, 10:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 05.04.2013, 11:29   #5
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Hier sind die beiden:

Code:
ATTFilter
OTL logfile created on: 05.04.2013 12:18:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karoline\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,82 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 74,63% Memory free
9,01 Gb Paging File | 6,94 Gb Available in Paging File | 76,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,83 Gb Total Space | 620,95 Gb Free Space | 91,20% Space Free | Partition Type: NTFS
 
Computer Name: EMMCHEN | User Name: Karoline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karoline\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (Acer Cloud Technology)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\Drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\Drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FDE3A3BC-13CF-48C1-9701-B7B8717DE877}
IE:64bit: - HKLM\..\SearchScopes\{FDE3A3BC-13CF-48C1-9701-B7B8717DE877}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {FDE3A3BC-13CF-48C1-9701-B7B8717DE877}
IE - HKLM\..\SearchScopes\{FDE3A3BC-13CF-48C1-9701-B7B8717DE877}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\..\SearchScopes,DefaultScope = {FDE3A3BC-13CF-48C1-9701-B7B8717DE877}
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.03 01:16:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.22 19:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.22 19:00:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.12.13 17:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karoline\AppData\Roaming\mozilla\Extensions
[2013.02.14 19:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karoline\AppData\Roaming\mozilla\Firefox\Profiles\dr94vql9.default\extensions
[2013.02.14 19:15:48 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Karoline\AppData\Roaming\mozilla\firefox\profiles\dr94vql9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.13 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.03 01:16:09 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2012.12.21 16:40:00 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.04.03 11:18:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKU\S-1-5-21-827286464-1191435713-3838452255-1002..\Run: []  File not found
O4 - HKU\S-1-5-21-827286464-1191435713-3838452255-1002..\Run: [AcerCloud] C:\Program Files (x86)\Acer\Acer Cloud\acpanel_win.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-827286464-1191435713-3838452255-1007..\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB23638A-B9AD-4B0E-806E-B3C9BAA48784}: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.05 11:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.04.05 11:26:26 | 001,016,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2013.04.05 11:26:26 | 000,076,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2013.04.05 11:26:26 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.04.05 11:26:25 | 006,398,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.04.05 11:26:25 | 003,477,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.04.05 11:26:25 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.04.05 11:26:25 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.04.05 11:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.05 11:22:04 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.04.05 11:22:04 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.04.05 11:22:04 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.04.05 11:22:04 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.04.05 11:22:04 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.04.05 11:22:04 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.04.05 11:22:04 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.04.05 11:22:04 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.04.05 11:22:04 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.04.05 11:22:04 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.04.05 11:22:04 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.04.05 11:22:04 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.04.05 11:22:04 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.04.05 11:22:04 | 002,864,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.04.05 11:22:04 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.04.05 11:22:04 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.04.05 11:22:04 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.04.05 11:22:04 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.04.05 11:22:04 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.04.05 11:22:04 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.04.05 11:22:04 | 001,118,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.04.05 11:22:04 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.04.05 11:22:04 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.04.05 11:22:04 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.04.05 11:22:04 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2013.04.05 10:59:11 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Roaming\Malwarebytes
[2013.04.05 10:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.05 10:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.05 10:58:52 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.05 10:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.05 10:58:24 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Local\Programs
[2013.04.04 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Roaming\TuneUp Software
[2013.04.04 21:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.04.04 21:06:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.04.04 21:06:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.04.04 21:04:26 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Roaming\OpenCandy
[2013.03.14 21:22:29 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.03.14 21:22:28 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.03.14 21:22:26 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.03.14 21:22:26 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.03.14 21:22:26 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.03.14 21:22:26 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.03.14 21:22:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 21:22:03 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.03.14 21:22:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 21:22:02 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 21:22:02 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 21:22:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.14 21:22:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.14 21:22:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.14 21:22:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.03.14 21:22:02 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.14 21:22:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.03.14 21:22:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.14 21:21:48 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.03.14 21:21:48 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.03.14 21:21:17 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.03.14 21:21:15 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.03.14 21:21:13 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.14 21:21:11 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.14 21:21:10 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013.03.14 21:21:10 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.03.14 21:21:09 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.03.14 21:21:09 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.14 21:21:08 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013.03.14 21:21:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.03.14 21:21:08 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.03.14 21:21:07 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013.03.14 21:21:06 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.14 21:21:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.03.14 21:21:06 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.03.14 21:21:06 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.03.14 21:21:06 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013.03.14 21:21:06 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.03.14 21:21:06 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.03.14 21:21:06 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.03.14 21:21:06 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013.03.14 21:21:06 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.03.14 21:21:06 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013.03.14 21:21:06 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.03.14 21:21:06 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013.03.14 21:21:06 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013.03.14 21:21:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.03.14 21:21:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013.03.14 21:21:06 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013.03.14 21:21:06 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013.03.14 21:21:06 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.03.14 21:21:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013.03.14 21:21:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013.03.14 21:20:53 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.03.14 21:20:52 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.03.14 21:20:52 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.03.14 21:20:52 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.03.14 21:20:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.12 21:51:18 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.03.07 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Local\ElevatedDiagnostics
[2013.03.07 15:07:25 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.03.07 15:07:25 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013.03.07 15:07:25 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013.03.07 14:46:52 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.07 14:46:47 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.07 14:46:47 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.03.07 14:46:47 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.03.07 14:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.05 11:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.05 11:30:56 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 11:30:56 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 11:30:56 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 11:30:56 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 11:30:56 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 11:25:29 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 11:23:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.05 11:23:24 | 2424,528,895 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 10:58:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.04 21:04:39 | 000,001,402 | ---- | M] () -- C:\Users\Karoline\Desktop\Free YouTube to MP3 Converter.lnk
[2013.03.16 20:49:15 | 000,281,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.15 07:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.15 07:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.15 07:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.15 07:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.15 07:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.15 07:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.15 07:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.15 07:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.15 07:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.15 07:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.15 07:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.15 07:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.15 07:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.15 07:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.03.15 07:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.15 07:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.15 07:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.15 07:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.15 07:53:06 | 001,118,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.03.15 07:53:06 | 000,968,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.15 07:53:06 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.15 07:53:06 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.15 06:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.03.15 06:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.03.15 06:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.03.15 06:16:10 | 001,016,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2013.03.15 06:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.03.15 06:16:10 | 000,076,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2013.03.15 06:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.03.13 18:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.03.12 21:51:18 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.03.08 22:17:31 | 000,000,017 | ---- | M] () -- C:\Users\Karoline\AppData\Local\resmon.resmoncfg
[2013.03.07 14:46:43 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.03.07 14:46:43 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.03.07 14:46:43 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.03.07 14:46:43 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.03.07 14:46:43 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.03.07 14:46:43 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
 
========== Files Created - No Company Name ==========
 
[2013.04.05 11:26:25 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.04.05 11:22:04 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.05 10:58:53 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.16 20:49:05 | 000,281,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.08 22:17:31 | 000,000,017 | ---- | C] () -- C:\Users\Karoline\AppData\Local\resmon.resmoncfg
[2012.12.17 20:10:46 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.12.17 20:10:42 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.17 20:10:41 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.13 20:15:03 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.09.27 10:50:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.12.13 22:39:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 05.04.2013 12:18:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karoline\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,82 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 74,63% Memory free
9,01 Gb Paging File | 6,94 Gb Available in Paging File | 76,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,83 Gb Total Space | 620,95 Gb Free Space | 91,20% Space Free | Partition Type: NTFS
 
Computer Name: EMMCHEN | User Name: Karoline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-827286464-1191435713-3838452255-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07648B17-5422-4A3C-BA4A-0DED8CAA1441}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0FBC07B5-E6A3-49C2-9396-42CE9DEF4DED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{124A1742-1599-4C42-820C-615EC35683E2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3068730C-FA53-4C45-9994-636696D41353}" = rport=138 | protocol=17 | dir=out | app=system | 
"{415DD201-0B65-4B43-85F7-3F9B444C2C6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{520AFFF6-20E4-4920-A728-71D68389B03C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8385D15F-06F5-4CDA-9F34-98CBD0D9EAC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9EAA228F-85AE-4F0F-96DC-03EC0A982EAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B0A16DB8-BBDB-4F5C-B3D3-FD4B08012669}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BB31CFC0-58BC-4A1C-BF4A-0CDD8E5F97E4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DAA6BBA2-DBF0-4D65-A4B8-9564F3C3CE85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC050D0F-7FDF-46C4-B0E0-551353D3A620}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009777F9-BE61-4761-A124-A7D233CCD3F3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{00D0794E-5DE4-4A30-A2D2-8374791726C5}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{052B48CC-2097-4100-AD41-081393E1F3AF}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{085AD49F-4382-4BDD-8C8C-4D12B53B0FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{0B58C10D-F17C-4B82-8BDB-CAA610A6ACB5}" = dir=out | name=windows_ie_ac_001 | 
"{0BD27713-BF86-497D-95A9-3125CD7DC393}" = dir=out | name=taptiles | 
"{0C375B65-48BE-4E32-A320-D0B94F6F27AB}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{0E9C6302-FED0-4714-970C-A8B97D54E153}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{0EC93787-447B-4850-83AF-90BAAC39D4C7}" = dir=out | name=7digital music store | 
"{0EDDF653-93ED-4F49-A79D-26D4FAD0C438}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0FAF2520-F011-47EF-852A-971FC423467E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{132BE931-E430-4505-A1B7-6457F83E8D57}" = dir=out | name=social jogger | 
"{1424BBAB-37B7-46C1-BF16-D6395CA54E5F}" = dir=out | name=cut the rope | 
"{149EF4A6-16A8-4C0F-BF85-B8C03389F699}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{1790D528-587F-4518-8EC3-F739D19E5B73}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{19E161EF-10FE-4FEF-8DBC-14825515835C}" = dir=out | name=microsoft mahjong | 
"{1A1173C3-53DC-4CB2-9967-65F6EEA07626}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{1ADAF8AF-5584-4F7B-8354-878FD61F83AE}" = dir=in | name=acer explorer | 
"{1B39E10D-7209-47AF-877E-6D16645C8AD9}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{1D862211-2239-4AA6-A780-C13EAF444E8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1DA66183-24EF-4C81-9BB7-E29FF31B10D9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2105EB30-4908-4F78-A0B6-DC8B0CDEA4B8}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{210BFE5B-B20F-4F01-9C5B-4DB65AAFD8B8}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{22CD2F9A-7FF3-4EDC-9339-DCDB0B172F41}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | 
"{280E4DCA-3153-4A72-8F31-36AEA2FEAD0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{28DEC73F-B435-408E-A317-D4D278A2C864}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2BE29F2B-C06F-41E8-B825-9849999C0578}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3153C895-2063-45C5-AC04-1DFEE49C35BE}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{31625964-5124-4FD6-9CFD-2666DADE819B}" = dir=out | name=microsoft mahjong | 
"{3168F09A-42B7-44C3-A7AA-FC867E41EAE0}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{35F0B403-AC0A-4445-ADAA-D1C31848DC25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3BCAE100-D174-4B4B-A65A-1BBBFBAFABA0}" = dir=out | name=newsxpresso | 
"{41D072CB-A6E1-48F7-A56B-000B8D702296}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{439C5DA6-8618-4C86-A383-227C89DE2521}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{43E6A559-AD71-419E-B80C-26DABC770CDC}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{441BCA29-211D-444B-9E24-47E12B59DF5D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{45B01F71-241B-4E08-8D7F-90D71F5593E7}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{52CC2400-22CB-482F-9E2D-1B6D1D9E3042}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{554A9B34-A045-4F77-8BBF-31B886DF4369}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | 
"{5582E467-C663-4204-89D6-BC2B6A53ECBF}" = dir=out | name=microsoft minesweeper | 
"{56F763DF-3A57-4972-8DEA-1C3488D55BA9}" = dir=out | name=skitch | 
"{58B5D2ED-C084-43A4-852C-6A4D12204027}" = dir=out | name=txtr reader | 
"{6099DAA4-728A-425E-8FB9-EDC560AC00F2}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{64AABFC8-2B5A-4EFA-8B70-3843ED813C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{65BE970E-A553-4670-9A2F-4A280F2DBD09}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{6A1CB8F2-45C1-4DC6-858F-0F0C64260C6E}" = dir=out | name=acer explorer | 
"{6D368251-A5E4-4CBD-9C7D-49DC36B7CAD9}" = dir=out | name=acer crystal eye | 
"{70093625-F3B5-47EC-9EA2-58830D1EB220}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{71217F79-DC06-4A7D-BADB-D3BFEB50E35A}" = dir=out | name=tunein radio | 
"{7398A14C-8BA2-4E1C-BFBF-88DB1FC93E24}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{7AC5F3F6-23E4-4725-8DD2-9A42248C7EE0}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{7C18153D-4F75-4060-B1C7-43F6961A0E88}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{7E337A1D-5A45-4C47-BE0D-0E68DB7679AB}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{870A6B47-1518-475D-B789-FEB5FB1A98DE}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{8A3C289B-281E-4D31-A31C-9ABAE8887E40}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{92A37881-B47C-41AC-8817-D94791FFB3E1}" = dir=out | name=evernote | 
"{939ACDD5-8A3A-47C1-981B-26E91464D1E9}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{96B457AC-BD80-4E1E-B51F-6D60C143BBB3}" = dir=out | name=microsoft solitaire collection | 
"{9714D9EB-0348-4B90-88A7-BABF93CC2D5F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{983B9881-CE9C-422D-AF1C-02C69235B9D9}" = dir=in | name=evernote | 
"{9B72D7D6-1BFD-4958-8C6C-58D66E6310A2}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{9F53D942-E317-4520-BC8F-26EE769B65C6}" = dir=out | name=newsxpresso metro | 
"{9F8B6CED-DA06-419E-9591-0300EEC42871}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A15DD1A5-3E21-4E3F-A04B-9FB07FCF142C}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{A53CBFC5-164E-4532-A0E0-C3033AA5169D}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A5FC9336-4F47-481B-ABC2-95124794888E}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{A61CAF68-675A-44F0-BB9B-DEE174340AE8}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{A8E78DF7-AC10-447B-B930-3990BCF1F3B0}" = dir=out | name=txtr reader | 
"{AD0F1EBC-0F12-4DB5-BA15-E4229983C8E9}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B5086A61-70DC-405F-BD8B-05B7D6D60E78}" = dir=out | name=acer crystal eye | 
"{B51D2D0A-DD1C-4737-9B3C-8E71EB593D92}" = dir=out | name=weatherbug | 
"{B8EF95D3-53A7-4753-9EB9-61BDCA21421A}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{BA5856F7-98BE-4A64-A7A7-684F3EDD0906}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{BB263603-3C9A-4DCF-9BC6-EFE9CBE7A929}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{BB702FAC-E9E6-46D3-800C-2BE7AE6DA95A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BC388041-29F8-4C30-AA26-333313B90F4A}" = dir=out | name=ebay | 
"{BE0F5E33-87DF-4B09-9CB3-5342581A44F6}" = dir=out | name=microsoft solitaire collection | 
"{BE2CB654-C60C-4621-9025-39F8E070B700}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{C360BD43-68AF-4057-A080-C9FA0BD75F56}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C44F4001-5117-4E3F-972D-06FD998E2275}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | 
"{C4FBCA3C-CC2E-4062-9A43-397ACC86FADF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C5AE9721-A3A2-4A1C-84DD-385AAC1A3C22}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{C665C464-1326-4BAF-81E2-00882DC8BEB7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{C6EEA767-7E57-4C6F-B8A0-DA0B343E30FC}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{C8ADEBBF-A7E7-432C-9ACC-A0F3458071E8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{C914F600-6A95-46B2-A002-322DFB2957A6}" = dir=out | name=tunein radio | 
"{D7797A1D-239E-4AC9-A9D8-FD35B1D56E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{D7CEE054-C711-4903-A5F3-997483443AB4}" = dir=out | name=windows_ie_ac_001 | 
"{DA28D79D-AB17-490B-B108-63FA46D3E13C}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{DE9D14CC-576B-4F61-B194-8CBB734D16BA}" = dir=out | name=acer explorer | 
"{DF8C286C-6CFC-42B5-8E48-67235897209C}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{E1B05FC4-C2FC-4B31-9745-7F26257FD0C2}" = dir=in | name=skype | 
"{E5E1C635-715D-403E-90F2-4FAC8B901D66}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E60A0DCA-6A66-4BE1-A550-842CA4D02F58}" = dir=in | name=ebay | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E991EF37-5F00-4854-AB72-A49A58862C50}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{EF7FEDB0-1BBA-4EDE-A32D-FF74F9D8C4E7}" = dir=out | name=social jogger | 
"{F0257610-86A4-4AC8-AE0C-E4F81D93F5D7}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{F47FB236-978B-4B90-946F-CF0448ACFB6F}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{F57E3418-B25C-4D26-B643-F9243EB430BB}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{F7E77DDA-271A-44F4-85C4-1647190B9979}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{F7F839AE-91CA-4AF8-BE97-792FD976C96B}" = dir=out | name=skype | 
"{F9A8FFC1-77BA-4238-80ED-B43712118989}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FBF0A383-E326-4E27-B6EE-681D02BF73B5}" = dir=out | name=weatherbug | 
"{FC994981-5D15-4454-8240-5CA6230D9945}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8215A318-CC27-435E-B3EA-2E3443C8998C}" = Acer Instant Update Service
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"PhotoScape" = PhotoScape
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2013 15:14:14 | Computer Name = Emmchen | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“
 ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 16.03.2013 15:10:05 | Computer Name = Emmchen | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.03.2013 16:29:27 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 16.03.2013 16:29:27 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 16.03.2013 16:29:27 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 16.03.2013 16:30:00 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 16.03.2013 16:30:00 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 16.03.2013 16:30:00 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 18.03.2013 14:21:19 | Computer Name = Emmchen | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.03.2013 15:36:28 | Computer Name = Emmchen | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_6_602_180.exe,
 Version: 11.6.602.180, Zeitstempel: 0x51301434  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x02857800  ID des fehlerhaften Prozesses: 0xd44  Startzeit der fehlerhaften Anwendung:
 0x01ce23f4a7c10f33  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 2003b706-9003-11e2-becc-4c72b9d642bd
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 16.03.2013 19:38:00 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 18.03.2013 12:16:54 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 18.03.2013 13:10:38 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 19.03.2013 14:05:34 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 20.03.2013 05:12:03 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 20.03.2013 08:36:14 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 21.03.2013 12:30:36 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 21.03.2013 12:58:30 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 22.03.2013 13:20:17 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 22.03.2013 14:04:11 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
 
< End of report >
         


Alt 05.04.2013, 13:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Windows Update Einstellungen werden vom Systemadministrator verwaltet

Alt 05.04.2013, 14:32   #7
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Der erste:

Nur zur Info: Wärend der Scannung kamen zwei Meldungen, dass er auf zwei Prozesse nicht zugreifen kann.
Ich weiss ja nicht, ob das was zu bedeuten hat...

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-05 14:59:56
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003a WDC_WD7500BPVT-22HXZT3 rev.01.01A01 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Karoline\AppData\Local\Temp\uxdoapog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                             000007fea1fbd8f8 7 bytes JMP 000007ff9fae0260
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                               000007fea1fcb1a4 7 bytes JMP 000007ff9fae0298
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                             000007fea1fcb214 7 bytes JMP 000007ff9fae02d0
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                             000007fea1fcb238 8 bytes JMP 000007ff9fae0228
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                      000007fea1fcb87c 8 bytes JMP 000007ff9fae0308
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                  000007fe9faf28a0 7 bytes JMP 000007ff9fae00d8
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                       000007fe9faf28e8 5 bytes JMP 000007ff9fae0180
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                    000007fe9fb0f590 6 bytes JMP 000007ff9fae0148
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                000007fe9fb0f8ac 5 bytes JMP 000007ff9fae0110
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\USER32.dll!CreateWindowExW                                                       000007fea1aac5b0 7 bytes JMP 000007ff9fae0378
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                                   000007fea1ab7160 5 bytes JMP 000007ff9fae0340
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                 000007fea1bf10b0 8 bytes JMP 000007ff9fae01f0
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                               000007fea1c011b0 8 bytes JMP 000007ff9fae01b8
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                      000007fe9d386d10 5 bytes JMP 000007ff9d170110
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                       000007fe9d38d060 5 bytes JMP 000007ff9d1700d8
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                   000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                   000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\dwm.exe[932] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                 000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                     000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                     000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                   000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1864] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                               000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1864] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                               000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1864] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                             000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1864] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                     000007fea231177a 4 bytes [31, A2, FE, 07]
.text   C:\Windows\system32\nvvsvc.exe[1864] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                     000007fea2311782 4 bytes [31, A2, FE, 07]
.text   C:\Windows\system32\taskhostex.exe[2952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                           000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\taskhostex.exe[2952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                           000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\taskhostex.exe[2952] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                         000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\Explorer.EXE[2232] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                      000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\Explorer.EXE[2232] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                      000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\Explorer.EXE[2232] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                    000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                        000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3996] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                           000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3996] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                           000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3996] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                         000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\igfxext.exe[3108] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\igfxext.exe[3108] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\igfxext.exe[3108] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                       000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4072] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                       000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4072] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                     000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                              000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                              000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                            000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                               000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                               000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3896] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                             000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\Apoint.exe[3148] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                               000007fea231177a 4 bytes [31, A2, FE, 07]
.text   C:\Program Files\Apoint2K\Apoint.exe[3148] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                               000007fea2311782 4 bytes [31, A2, FE, 07]
.text   C:\Program Files\Apoint2K\Apoint.exe[3148] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                         000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\Apoint.exe[3148] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                         000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\Apoint.exe[3148] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                       000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\igfxtray.exe[3384] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                             000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\igfxtray.exe[3384] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                             000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\igfxtray.exe[3384] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                           000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\igfxsrvc.exe[2760] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                             000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\igfxsrvc.exe[2760] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                             000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\igfxsrvc.exe[2760] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                           000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\hkcmd.exe[3428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\hkcmd.exe[3428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\hkcmd.exe[3428] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                              000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[3464] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                   000007fea231177a 4 bytes [31, A2, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[3464] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                   000007fea2311782 4 bytes [31, A2, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                             000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                             000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\System32\igfxpers.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                           000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\ApMsgFwd.exe[2448] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 306                             000007fea231177a 4 bytes [31, A2, FE, 07]
.text   C:\Program Files\Apoint2K\ApMsgFwd.exe[2448] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 314                             000007fea2311782 4 bytes [31, A2, FE, 07]
.text   C:\Program Files\Apoint2K\ApMsgFwd.exe[2448] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                       000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\ApMsgFwd.exe[2448] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                       000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\ApMsgFwd.exe[2448] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                     000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\HidFind.exe[3260] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\HidFind.exe[3260] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                        000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\HidFind.exe[3260] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\Apntex.exe[4120] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                         000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\Apntex.exe[4120] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                         000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Apoint2K\Apntex.exe[4120] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                       000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\conhost.exe[4216] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\conhost.exe[4216] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\conhost.exe[4216] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4544] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fea231177a 4 bytes [31, A2, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4544] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fea2311782 4 bytes [31, A2, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[5016] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[5016] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                        000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Windows\system32\wbem\unsecapp.exe[5016] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                  000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                  000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4200] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4300] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690         000007fe9cc21532 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4300] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698         000007fe9cc2153a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4300] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246       000007fe9cc2165a 4 bytes [C2, 9C, FE, 07]
.text   C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe[2804] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fea231177a 4 bytes [31, A2, FE, 07]
.text   C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe[2804] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fea2311782 4 bytes [31, A2, FE, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [712:736]                                                                                               fffff960008285e8
Thread  C:\Windows\SYSTEM32\ntdll.dll [3436:4360]                                                                                             0000000000b8a6ce
Thread  C:\Windows\SYSTEM32\ntdll.dll [3436:4376]                                                                                             00000000733697fe
Thread  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3220:632]                                           00000000733697fe

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
         

Der andere:

Bevor ich das Programm geöffnet habe kam hier eine englische Meldung.
Ich habe auf NO geklickt... (Siehe Anhang)

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.05.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Karoline :: EMMCHEN [administrator]

05.04.2013 15:14:54
mbar-log-2013-04-05 (15-14-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 7232
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Miniaturansicht angehängter Grafiken
Windows Update Einstellungen werden vom Systemadministrator verwaltet-mbar.jpg  

Geändert von Solar0 (05.04.2013 um 14:37 Uhr)

Alt 05.04.2013, 15:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 05.04.2013, 15:49   #9
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-05 16:36:35
-----------------------------
16:36:35.082    OS Version: Windows x64 6.2.9200 
16:36:35.082    Number of processors: 4 586 0x3A09
16:36:35.083    ComputerName: EMMCHEN  UserName: 
16:36:35.130    Initialze error 1 
16:38:37.713    AVAST engine download error: 0
16:38:43.540    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003a
16:38:43.542    Disk 0 Vendor: WDC_WD7500BPVT-22HXZT3 01.01A01 Size: 715404MB BusType: 11
16:38:43.559    Disk 0 MBR read successfully
16:38:43.561    Disk 0 MBR scan
16:38:43.563    Disk 0 unknown MBR code
16:38:43.565    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
16:38:43.568    Disk 0 scanning C:\Windows\system32\drivers
16:38:43.570    Service scanning
16:38:44.343    Modules scanning
16:38:44.348    Disk 0 trace - called modules:
16:38:44.357    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
16:38:44.362    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800995d060]
16:38:44.367    3 CLASSPNP.SYS[fffff88001ce08aa] -> nt!IofCallDriver -> \Device\0000003a[0xfffffa8007fab060]
16:38:44.375    Scan finished successfully
16:39:23.999    Disk 0 MBR has been saved successfully to "C:\Users\Karoline\Documents\MBR.dat"
16:39:24.004    The log file has been saved successfully to "C:\Users\Karoline\Documents\aswMBR.txt"
         

Code:
ATTFilter
16:42:18.0968 2288  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:42:18.0968 2288  UEFI system
16:42:19.0110 2288  ============================================================
16:42:19.0110 2288  Current date / time: 2013/04/05 16:42:19.0110
16:42:19.0110 2288  SystemInfo:
16:42:19.0110 2288  
16:42:19.0110 2288  OS Version: 6.2.9200 ServicePack: 0.0
16:42:19.0110 2288  Product type: Workstation
16:42:19.0110 2288  ComputerName: EMMCHEN
16:42:19.0110 2288  UserName: Karoline
16:42:19.0110 2288  Windows directory: C:\Windows
16:42:19.0110 2288  System windows directory: C:\Windows
16:42:19.0110 2288  Running under WOW64
16:42:19.0110 2288  Processor architecture: Intel x64
16:42:19.0110 2288  Number of processors: 4
16:42:19.0110 2288  Page size: 0x1000
16:42:19.0110 2288  Boot type: Normal boot
16:42:19.0110 2288  ============================================================
16:42:19.0608 2288  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:42:19.0612 2288  ============================================================
16:42:19.0612 2288  \Device\Harddisk0\DR0:
16:42:19.0612 2288  GPT partitions:
16:42:19.0613 2288  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {54215480-695A-4E09-9EF1-31C86A40A1F5}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
16:42:19.0613 2288  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {482DF278-B8B1-44CD-91E2-7BE2044102A5}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
16:42:19.0613 2288  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {3A976A91-79CF-4128-B581-C49276987745}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
16:42:19.0613 2288  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D9E846B2-0321-4027-9E2D-6E9761CD703B}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x551A7000
16:42:19.0613 2288  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B61D6FAE-1CBF-49A6-A3C1-7537E40C6167}, Name: Basic data partition, StartLBA 0x55345800, BlocksNum 0x2200800
16:42:19.0613 2288  MBR partitions:
16:42:19.0613 2288  ============================================================
16:42:19.0625 2288  C: <-> \Device\Harddisk0\DR0\Partition4
16:42:19.0626 2288  ============================================================
16:42:19.0626 2288  Initialize success
16:42:19.0626 2288  ============================================================
16:44:09.0291 3984  ============================================================
16:44:09.0291 3984  Scan started
16:44:09.0291 3984  Mode: Manual; SigCheck; TDLFS; 
16:44:09.0291 3984  ============================================================
16:44:09.0893 3984  ================ Scan system memory ========================
16:44:09.0893 3984  System memory - ok
16:44:09.0894 3984  ================ Scan services =============================
16:44:10.0043 3984  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:44:10.0120 3984  1394ohci - ok
16:44:10.0125 3984  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
16:44:10.0137 3984  3ware - ok
16:44:10.0165 3984  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:44:10.0183 3984  ACPI - ok
16:44:10.0201 3984  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:44:10.0211 3984  acpiex - ok
16:44:10.0215 3984  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:44:10.0225 3984  acpipagr - ok
16:44:10.0228 3984  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
16:44:10.0267 3984  AcpiPmi - ok
16:44:10.0271 3984  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:44:10.0294 3984  acpitime - ok
16:44:10.0399 3984  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:44:10.0418 3984  AdobeFlashPlayerUpdateSvc - ok
16:44:10.0442 3984  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:44:10.0461 3984  adp94xx - ok
16:44:10.0469 3984  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:44:10.0485 3984  adpahci - ok
16:44:10.0490 3984  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:44:10.0501 3984  adpu320 - ok
16:44:10.0529 3984  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:44:10.0542 3984  AeLookupSvc - ok
16:44:10.0577 3984  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
16:44:10.0603 3984  AFD - ok
16:44:10.0626 3984  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:44:10.0644 3984  agp440 - ok
16:44:10.0671 3984  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
16:44:10.0699 3984  ALG - ok
16:44:10.0762 3984  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
16:44:10.0799 3984  AllUserInstallAgent - ok
16:44:10.0829 3984  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
16:44:10.0855 3984  AmdK8 - ok
16:44:10.0873 3984  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:44:10.0901 3984  AmdPPM - ok
16:44:10.0934 3984  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:44:10.0953 3984  amdsata - ok
16:44:10.0976 3984  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:44:10.0992 3984  amdsbs - ok
16:44:10.0997 3984  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:44:11.0008 3984  amdxata - ok
16:44:11.0034 3984  [ 690E9CFCB6EA1E21BE32D88420B44943 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:44:11.0063 3984  ApfiltrService - ok
16:44:11.0068 3984  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
16:44:11.0098 3984  AppID - ok
16:44:11.0129 3984  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:44:11.0163 3984  AppIDSvc - ok
16:44:11.0199 3984  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
16:44:11.0236 3984  Appinfo - ok
16:44:11.0244 3984  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
16:44:11.0260 3984  arc - ok
16:44:11.0265 3984  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:44:11.0275 3984  arcsas - ok
16:44:11.0279 3984  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:44:11.0313 3984  AsyncMac - ok
16:44:11.0317 3984  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:44:11.0326 3984  atapi - ok
16:44:11.0354 3984  [ 51C6777AD7649F6C3ED389151CFD9DE6 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
16:44:11.0361 3984  AthBTPort - ok
16:44:11.0452 3984  [ 688D17F196290EB2FCE0D6A62227853A ] AtherosSvc      C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
16:44:11.0469 3984  AtherosSvc - ok
16:44:11.0563 3984  [ 1DA32C4ED8D3928B0DAC570557B8A09B ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
16:44:11.0629 3984  athr - ok
16:44:11.0666 3984  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:44:11.0701 3984  AudioEndpointBuilder - ok
16:44:11.0737 3984  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:44:11.0772 3984  Audiosrv - ok
16:44:11.0819 3984  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
16:44:11.0834 3984  AVP - ok
16:44:11.0872 3984  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:44:11.0902 3984  AxInstSV - ok
16:44:11.0932 3984  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:44:11.0960 3984  b06bdrv - ok
16:44:11.0991 3984  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:44:12.0015 3984  BasicDisplay - ok
16:44:12.0032 3984  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
16:44:12.0068 3984  BasicRender - ok
16:44:12.0111 3984  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:44:12.0133 3984  BDESVC - ok
16:44:12.0149 3984  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:44:12.0168 3984  Beep - ok
16:44:12.0201 3984  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
16:44:12.0225 3984  BFE - ok
16:44:12.0262 3984  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
16:44:12.0306 3984  BITS - ok
16:44:12.0331 3984  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:44:12.0350 3984  bowser - ok
16:44:12.0386 3984  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:44:12.0424 3984  BrokerInfrastructure - ok
16:44:12.0455 3984  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
16:44:12.0488 3984  Browser - ok
16:44:12.0527 3984  [ B600D86961C6DF87EEB637D4C4ABB663 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
16:44:12.0546 3984  BTATH_A2DP - ok
16:44:12.0580 3984  [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
16:44:12.0587 3984  btath_avdt - ok
16:44:12.0615 3984  [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
16:44:12.0621 3984  BTATH_BUS - ok
16:44:12.0651 3984  [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
16:44:12.0660 3984  BTATH_HCRP - ok
16:44:12.0673 3984  [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:44:12.0680 3984  BTATH_LWFLT - ok
16:44:12.0695 3984  [ 057DA8351AD21AE485A11A8237DC9263 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
16:44:12.0702 3984  BTATH_RCP - ok
16:44:12.0728 3984  [ F0B7281CE5B52BF847ADCA5846DE3CC8 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
16:44:12.0740 3984  BtFilter - ok
16:44:12.0773 3984  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:44:12.0783 3984  BthAvrcpTg - ok
16:44:12.0813 3984  [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
16:44:12.0832 3984  BthEnum - ok
16:44:12.0866 3984  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
16:44:12.0904 3984  BthHFEnum - ok
16:44:12.0926 3984  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:44:12.0950 3984  bthhfhid - ok
16:44:12.0981 3984  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
16:44:13.0001 3984  BthLEEnum - ok
16:44:13.0020 3984  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:44:13.0059 3984  BTHMODEM - ok
16:44:13.0084 3984  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:44:13.0104 3984  BthPan - ok
16:44:13.0147 3984  [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:44:13.0188 3984  BTHPORT - ok
16:44:13.0222 3984  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
16:44:13.0240 3984  bthserv - ok
16:44:13.0253 3984  [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:44:13.0265 3984  BTHUSB - ok
16:44:13.0278 3984  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:44:13.0290 3984  cdfs - ok
16:44:13.0306 3984  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
16:44:13.0336 3984  cdrom - ok
16:44:13.0361 3984  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:44:13.0391 3984  CertPropSvc - ok
16:44:13.0396 3984  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
16:44:13.0425 3984  circlass - ok
16:44:13.0454 3984  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:44:13.0480 3984  CLFS - ok
16:44:13.0502 3984  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:44:13.0520 3984  CmBatt - ok
16:44:13.0555 3984  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:44:13.0595 3984  CNG - ok
16:44:13.0601 3984  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:44:13.0642 3984  CompositeBus - ok
16:44:13.0647 3984  COMSysApp - ok
16:44:13.0668 3984  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
16:44:13.0679 3984  condrv - ok
16:44:13.0760 3984  [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:44:13.0772 3984  cphs - ok
16:44:13.0794 3984  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:44:13.0807 3984  CryptSvc - ok
16:44:13.0836 3984  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
16:44:13.0856 3984  dam - ok
16:44:13.0918 3984  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:44:13.0963 3984  DcomLaunch - ok
16:44:13.0995 3984  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:44:14.0029 3984  defragsvc - ok
16:44:14.0094 3984  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
16:44:14.0121 3984  DeviceAssociationService - ok
16:44:14.0172 3984  [ 91E80E3783883DA59A065E16AC031C3B ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
16:44:14.0194 3984  DeviceFastLaneService - ok
16:44:14.0217 3984  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
16:44:14.0245 3984  DeviceInstall - ok
16:44:14.0279 3984  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:44:14.0316 3984  Dfsc - ok
16:44:14.0347 3984  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:44:14.0372 3984  Dhcp - ok
16:44:14.0394 3984  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
16:44:14.0410 3984  discache - ok
16:44:14.0423 3984  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
16:44:14.0433 3984  disk - ok
16:44:14.0451 3984  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
16:44:14.0460 3984  dmvsc - ok
16:44:14.0481 3984  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:44:14.0492 3984  Dnscache - ok
16:44:14.0528 3984  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
16:44:14.0558 3984  dot3svc - ok
16:44:14.0572 3984  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
16:44:14.0589 3984  DPS - ok
16:44:14.0623 3984  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:44:14.0632 3984  drmkaud - ok
16:44:14.0696 3984  [ 4E2C9C48316B2156B45B58687C7435AC ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
16:44:14.0716 3984  DsiWMIService - ok
16:44:14.0744 3984  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:44:14.0785 3984  DsmSvc - ok
16:44:14.0845 3984  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:44:14.0883 3984  DXGKrnl - ok
16:44:14.0911 3984  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
16:44:14.0939 3984  Eaphost - ok
16:44:15.0012 3984  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:44:15.0082 3984  ebdrv - ok
16:44:15.0105 3984  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
16:44:15.0125 3984  EFS - ok
16:44:15.0175 3984  [ AD23FC5DB336CA89A6FC2DA1F70E421C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
16:44:15.0183 3984  EgisTec Ticket Service - ok
16:44:15.0210 3984  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
16:44:15.0219 3984  EhStorClass - ok
16:44:15.0232 3984  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:44:15.0242 3984  EhStorTcgDrv - ok
16:44:15.0294 3984  [ 3D897AAAAC4BC8D6F069DA3BB65D136D ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
16:44:15.0316 3984  ePowerSvc - ok
16:44:15.0320 3984  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:44:15.0341 3984  ErrDev - ok
16:44:15.0382 3984  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
16:44:15.0399 3984  EventSystem - ok
16:44:15.0417 3984  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:44:15.0452 3984  exfat - ok
16:44:15.0474 3984  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:44:15.0485 3984  fastfat - ok
16:44:15.0511 3984  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
16:44:15.0551 3984  Fax - ok
16:44:15.0556 3984  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
16:44:15.0568 3984  fdc - ok
16:44:15.0590 3984  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:44:15.0632 3984  fdPHost - ok
16:44:15.0654 3984  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
16:44:15.0687 3984  FDResPub - ok
16:44:15.0713 3984  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
16:44:15.0742 3984  fhsvc - ok
16:44:15.0767 3984  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:44:15.0786 3984  FileInfo - ok
16:44:15.0803 3984  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:44:15.0837 3984  Filetrace - ok
16:44:15.0871 3984  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:44:15.0894 3984  FLEXnet Licensing Service - ok
16:44:15.0920 3984  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:44:15.0947 3984  flpydisk - ok
16:44:15.0970 3984  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:44:15.0998 3984  FltMgr - ok
16:44:16.0043 3984  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
16:44:16.0082 3984  FontCache - ok
16:44:16.0184 3984  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:44:16.0201 3984  FontCache3.0.0.0 - ok
16:44:16.0233 3984  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:44:16.0244 3984  FsDepends - ok
16:44:16.0253 3984  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:44:16.0263 3984  Fs_Rec - ok
16:44:16.0292 3984  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:44:16.0309 3984  fvevol - ok
16:44:16.0335 3984  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
16:44:16.0362 3984  FxPPM - ok
16:44:16.0377 3984  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:44:16.0386 3984  gagp30kx - ok
16:44:16.0396 3984  GamesAppService - ok
16:44:16.0428 3984  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:44:16.0460 3984  gencounter - ok
16:44:16.0486 3984  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
16:44:16.0507 3984  GPIOClx0101 - ok
16:44:16.0570 3984  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:44:16.0618 3984  gpsvc - ok
16:44:16.0649 3984  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:44:16.0661 3984  HdAudAddService - ok
16:44:16.0683 3984  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:44:16.0702 3984  HDAudBus - ok
16:44:16.0738 3984  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
16:44:16.0758 3984  HidBatt - ok
16:44:16.0764 3984  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:44:16.0806 3984  HidBth - ok
16:44:16.0823 3984  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:44:16.0833 3984  hidi2c - ok
16:44:16.0837 3984  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
16:44:16.0894 3984  HidIr - ok
16:44:16.0913 3984  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
16:44:16.0923 3984  hidserv - ok
16:44:16.0932 3984  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:44:16.0967 3984  HidUsb - ok
16:44:16.0998 3984  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:44:17.0023 3984  hkmsvc - ok
16:44:17.0055 3984  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:44:17.0084 3984  HomeGroupListener - ok
16:44:17.0123 3984  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:44:17.0166 3984  HomeGroupProvider - ok
16:44:17.0192 3984  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:44:17.0211 3984  HpSAMD - ok
16:44:17.0245 3984  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:44:17.0281 3984  HTTP - ok
16:44:17.0314 3984  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:44:17.0332 3984  hwpolicy - ok
16:44:17.0338 3984  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:44:17.0363 3984  hyperkbd - ok
16:44:17.0367 3984  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:44:17.0391 3984  HyperVideo - ok
16:44:17.0417 3984  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:44:17.0437 3984  i8042prt - ok
16:44:17.0467 3984  [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
16:44:17.0484 3984  iaStorA - ok
16:44:17.0501 3984  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:44:17.0516 3984  iaStorV - ok
16:44:17.0609 3984  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:44:17.0654 3984  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
16:44:17.0654 3984  IconMan_R - detected UnsignedFile.Multi.Generic (1)
16:44:17.0778 3984  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:44:17.0853 3984  igfx - ok
16:44:17.0881 3984  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:44:17.0899 3984  iirsp - ok
16:44:17.0938 3984  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:44:17.0989 3984  IKEEXT - ok
16:44:18.0098 3984  [ DDC860724AEF8F8E42AC61E6585769C6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:44:18.0154 3984  IntcAzAudAddService - ok
16:44:18.0182 3984  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:44:18.0210 3984  IntcDAud - ok
16:44:18.0249 3984  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:44:18.0276 3984  Intel(R) Capability Licensing Service Interface - ok
16:44:18.0303 3984  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:44:18.0312 3984  intelide - ok
16:44:18.0335 3984  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:44:18.0356 3984  intelppm - ok
16:44:18.0360 3984  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:44:18.0383 3984  IpFilterDriver - ok
16:44:18.0415 3984  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:44:18.0433 3984  iphlpsvc - ok
16:44:18.0437 3984  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
16:44:18.0470 3984  IPMIDRV - ok
16:44:18.0474 3984  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:44:18.0494 3984  IPNAT - ok
16:44:18.0515 3984  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:44:18.0541 3984  IRENUM - ok
16:44:18.0547 3984  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:44:18.0564 3984  isapnp - ok
16:44:18.0599 3984  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:44:18.0619 3984  iScsiPrt - ok
16:44:18.0696 3984  [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:44:18.0711 3984  jhi_service - ok
16:44:18.0731 3984  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:44:18.0750 3984  kbdclass - ok
16:44:18.0761 3984  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:44:18.0773 3984  kbdhid - ok
16:44:18.0784 3984  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
16:44:18.0811 3984  kdnic - ok
16:44:18.0827 3984  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
16:44:18.0840 3984  KeyIso - ok
16:44:18.0872 3984  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
16:44:18.0893 3984  kl1 - ok
16:44:18.0907 3984  [ F2EB9202FCCC81E0902D3C5A70037A44 ] klelam          C:\Windows\system32\DRIVERS\klelam.sys
16:44:18.0926 3984  klelam - ok
16:44:18.0975 3984  [ 5D0104D068AA740A4CD75158652EA986 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
16:44:18.0989 3984  KLIF - ok
16:44:18.0997 3984  [ 1B5B924D27399F41DECD1CC6D706429F ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
16:44:19.0003 3984  KLIM6 - ok
16:44:19.0011 3984  [ A0B1AE842D7C7F2FDF530A7049CB988D ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
16:44:19.0017 3984  klkbdflt - ok
16:44:19.0021 3984  [ A8FFD74947077D8BD9A80936EC24514D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
16:44:19.0028 3984  klmouflt - ok
16:44:19.0040 3984  [ FE0F2B2F8B0EA185B572BD3082593600 ] klwfp           C:\Windows\system32\DRIVERS\klwfp.sys
16:44:19.0048 3984  klwfp - ok
16:44:19.0062 3984  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
16:44:19.0070 3984  kneps - ok
16:44:19.0088 3984  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:44:19.0098 3984  KSecDD - ok
16:44:19.0125 3984  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:44:19.0136 3984  KSecPkg - ok
16:44:19.0160 3984  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:44:19.0179 3984  ksthunk - ok
16:44:19.0235 3984  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:44:19.0263 3984  KtmRm - ok
16:44:19.0292 3984  [ E8394F7CA5107A61A60729CEA7A21FF6 ] L1C             C:\Windows\system32\DRIVERS\L1C63x64.sys
16:44:19.0306 3984  L1C - ok
16:44:19.0347 3984  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:44:19.0385 3984  LanmanServer - ok
16:44:19.0429 3984  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:44:19.0454 3984  LanmanWorkstation - ok
16:44:19.0490 3984  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:44:19.0512 3984  lltdio - ok
16:44:19.0543 3984  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:44:19.0572 3984  lltdsvc - ok
16:44:19.0584 3984  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:44:19.0597 3984  lmhosts - ok
16:44:19.0656 3984  [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:44:19.0673 3984  LMS - ok
16:44:19.0706 3984  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:44:19.0720 3984  LSI_SAS - ok
16:44:19.0724 3984  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:44:19.0736 3984  LSI_SAS2 - ok
16:44:19.0741 3984  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:44:19.0752 3984  LSI_SCSI - ok
16:44:19.0756 3984  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
16:44:19.0766 3984  LSI_SSS - ok
16:44:19.0792 3984  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
16:44:19.0826 3984  LSM - ok
16:44:19.0844 3984  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:44:19.0871 3984  luafv - ok
16:44:19.0903 3984  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:44:19.0909 3984  MBAMProtector - ok
16:44:20.0000 3984  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:44:20.0018 3984  MBAMScheduler - ok
16:44:20.0047 3984  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:44:20.0063 3984  MBAMService - ok
16:44:20.0067 3984  McAfee SiteAdvisor Service - ok
16:44:20.0093 3984  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
16:44:20.0103 3984  megasas - ok
16:44:20.0110 3984  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:44:20.0125 3984  MegaSR - ok
16:44:20.0153 3984  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
16:44:20.0161 3984  MEIx64 - ok
16:44:20.0182 3984  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
16:44:20.0193 3984  MMCSS - ok
16:44:20.0196 3984  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
16:44:20.0229 3984  Modem - ok
16:44:20.0245 3984  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:44:20.0272 3984  monitor - ok
16:44:20.0294 3984  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:44:20.0303 3984  mouclass - ok
16:44:20.0319 3984  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:44:20.0329 3984  mouhid - ok
16:44:20.0343 3984  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:44:20.0353 3984  mountmgr - ok
16:44:20.0374 3984  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:44:20.0391 3984  mpsdrv - ok
16:44:20.0445 3984  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:44:20.0474 3984  MpsSvc - ok
16:44:20.0495 3984  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:44:20.0508 3984  MRxDAV - ok
16:44:20.0538 3984  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:44:20.0568 3984  mrxsmb - ok
16:44:20.0592 3984  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:44:20.0615 3984  mrxsmb10 - ok
16:44:20.0653 3984  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:44:20.0675 3984  mrxsmb20 - ok
16:44:20.0697 3984  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:44:20.0738 3984  MsBridge - ok
16:44:20.0752 3984  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
16:44:20.0785 3984  MSDTC - ok
16:44:20.0808 3984  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:44:20.0830 3984  Msfs - ok
16:44:20.0853 3984  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
16:44:20.0871 3984  msgpiowin32 - ok
16:44:20.0883 3984  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:44:20.0896 3984  mshidkmdf - ok
16:44:20.0911 3984  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
16:44:20.0939 3984  mshidumdf - ok
16:44:20.0951 3984  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:44:20.0968 3984  msisadrv - ok
16:44:20.0996 3984  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:44:21.0010 3984  MSiSCSI - ok
16:44:21.0013 3984  msiserver - ok
16:44:21.0026 3984  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:44:21.0046 3984  MSKSSRV - ok
16:44:21.0062 3984  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:44:21.0074 3984  MsLldp - ok
16:44:21.0077 3984  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:44:21.0087 3984  MSPCLOCK - ok
16:44:21.0090 3984  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:44:21.0100 3984  MSPQM - ok
16:44:21.0121 3984  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:44:21.0137 3984  MsRPC - ok
16:44:21.0154 3984  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:44:21.0163 3984  mssmbios - ok
16:44:21.0180 3984  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:44:21.0190 3984  MSTEE - ok
16:44:21.0193 3984  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:44:21.0219 3984  MTConfig - ok
16:44:21.0240 3984  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:44:21.0250 3984  Mup - ok
16:44:21.0253 3984  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:44:21.0263 3984  mvumis - ok
16:44:21.0280 3984  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:44:21.0286 3984  mwlPSDFilter - ok
16:44:21.0303 3984  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:44:21.0310 3984  mwlPSDNServ - ok
16:44:21.0327 3984  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:44:21.0334 3984  mwlPSDVDisk - ok
16:44:21.0376 3984  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
16:44:21.0393 3984  napagent - ok
16:44:21.0414 3984  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:44:21.0439 3984  NativeWifiP - ok
16:44:21.0477 3984  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:44:21.0512 3984  NcaSvc - ok
16:44:21.0536 3984  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:44:21.0559 3984  NcdAutoSetup - ok
16:44:21.0604 3984  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:44:21.0645 3984  NDIS - ok
16:44:21.0657 3984  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:44:21.0670 3984  NdisCap - ok
16:44:21.0685 3984  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:44:21.0699 3984  NdisImPlatform - ok
16:44:21.0729 3984  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:44:21.0739 3984  NdisTapi - ok
16:44:21.0754 3984  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:44:21.0774 3984  Ndisuio - ok
16:44:21.0789 3984  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:44:21.0826 3984  NdisWan - ok
16:44:21.0831 3984  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
16:44:21.0848 3984  NDISWANLEGACY - ok
16:44:21.0867 3984  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:44:21.0876 3984  NDProxy - ok
16:44:21.0893 3984  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
16:44:21.0914 3984  Ndu - ok
16:44:21.0931 3984  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:44:21.0956 3984  NetBIOS - ok
16:44:21.0972 3984  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:44:21.0985 3984  NetBT - ok
16:44:21.0993 3984  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
16:44:22.0005 3984  Netlogon - ok
16:44:22.0032 3984  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
16:44:22.0077 3984  Netman - ok
16:44:22.0108 3984  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:44:22.0130 3984  netprofm - ok
16:44:22.0179 3984  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:44:22.0199 3984  NetTcpPortSharing - ok
16:44:22.0226 3984  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:44:22.0236 3984  nfrd960 - ok
16:44:22.0264 3984  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:44:22.0278 3984  NlaSvc - ok
16:44:22.0294 3984  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:44:22.0316 3984  Npfs - ok
16:44:22.0335 3984  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
16:44:22.0351 3984  npsvctrig - ok
16:44:22.0371 3984  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
16:44:22.0382 3984  nsi - ok
16:44:22.0393 3984  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:44:22.0430 3984  nsiproxy - ok
16:44:22.0518 3984  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:44:22.0567 3984  Ntfs - ok
16:44:22.0639 3984  [ A9AE582FE2240E7FB0E9C11E1CC762A0 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
16:44:22.0657 3984  NTI IScheduleSvc - ok
16:44:22.0679 3984  [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
16:44:22.0686 3984  NTIDrvr - ok
16:44:22.0695 3984  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
16:44:22.0721 3984  Null - ok
16:44:22.0926 3984  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:44:23.0065 3984  nvlddmkm - ok
16:44:23.0080 3984  [ 7067753FA8B75A3BDBA5633B4D2A5D0A ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
16:44:23.0087 3984  nvpciflt - ok
16:44:23.0101 3984  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:44:23.0111 3984  nvraid - ok
16:44:23.0117 3984  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:44:23.0128 3984  nvstor - ok
16:44:23.0191 3984  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:44:23.0209 3984  nvsvc - ok
16:44:23.0283 3984  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:44:23.0321 3984  nvUpdatusService - ok
16:44:23.0326 3984  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:44:23.0336 3984  nv_agp - ok
16:44:23.0362 3984  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:44:23.0395 3984  p2pimsvc - ok
16:44:23.0432 3984  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:44:23.0476 3984  p2psvc - ok
16:44:23.0491 3984  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
16:44:23.0526 3984  Parport - ok
16:44:23.0557 3984  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:44:23.0577 3984  partmgr - ok
16:44:23.0615 3984  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:44:23.0629 3984  PcaSvc - ok
16:44:23.0654 3984  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:44:23.0673 3984  pccsmcfd - ok
16:44:23.0691 3984  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
16:44:23.0704 3984  pci - ok
16:44:23.0721 3984  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:44:23.0738 3984  pciide - ok
16:44:23.0744 3984  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:44:23.0759 3984  pcmcia - ok
16:44:23.0775 3984  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:44:23.0784 3984  pcw - ok
16:44:23.0814 3984  [ AECC24430301DBC6A76916E3029B6B83 ] pdc             C:\Windows\system32\drivers\pdc.sys
16:44:23.0824 3984  pdc - ok
16:44:23.0853 3984  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:44:23.0888 3984  PEAUTH - ok
16:44:23.0971 3984  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:44:24.0006 3984  PerfHost - ok
16:44:24.0061 3984  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
16:44:24.0107 3984  pla - ok
16:44:24.0127 3984  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:44:24.0139 3984  PlugPlay - ok
16:44:24.0161 3984  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:44:24.0172 3984  PNRPAutoReg - ok
16:44:24.0218 3984  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:44:24.0244 3984  PNRPsvc - ok
16:44:24.0272 3984  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:44:24.0289 3984  PolicyAgent - ok
16:44:24.0312 3984  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
16:44:24.0323 3984  Power - ok
16:44:24.0342 3984  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:44:24.0370 3984  PptpMiniport - ok
16:44:24.0478 3984  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
16:44:24.0514 3984  PrintNotify - ok
16:44:24.0539 3984  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
16:44:24.0552 3984  Processor - ok
16:44:24.0582 3984  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:44:24.0621 3984  ProfSvc - ok
16:44:24.0653 3984  [ AF038FA3D3748B7595FE7096AD803696 ] Ps2Kb2Hid       C:\Windows\System32\drivers\aPs2Kb2Hid.sys
16:44:24.0665 3984  Ps2Kb2Hid - ok
16:44:24.0714 3984  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:44:24.0749 3984  Psched - ok
16:44:24.0785 3984  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
16:44:24.0828 3984  QWAVE - ok
16:44:24.0855 3984  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:44:24.0875 3984  QWAVEdrv - ok
16:44:24.0888 3984  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:44:24.0901 3984  RasAcd - ok
16:44:24.0926 3984  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:44:24.0956 3984  RasAgileVpn - ok
16:44:24.0973 3984  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
16:44:25.0018 3984  RasAuto - ok
16:44:25.0035 3984  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:44:25.0065 3984  Rasl2tp - ok
16:44:25.0090 3984  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
16:44:25.0108 3984  RasMan - ok
16:44:25.0119 3984  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:44:25.0132 3984  RasPppoe - ok
16:44:25.0149 3984  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:44:25.0162 3984  RasSstp - ok
16:44:25.0182 3984  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:44:25.0195 3984  rdbss - ok
16:44:25.0205 3984  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:44:25.0215 3984  rdpbus - ok
16:44:25.0233 3984  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:44:25.0258 3984  RDPDR - ok
16:44:25.0284 3984  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:44:25.0293 3984  RdpVideoMiniport - ok
16:44:25.0308 3984  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:44:25.0334 3984  RDPWD - ok
16:44:25.0358 3984  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:44:25.0381 3984  rdyboost - ok
16:44:25.0417 3984  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:44:25.0431 3984  RemoteAccess - ok
16:44:25.0484 3984  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:44:25.0512 3984  RemoteRegistry - ok
16:44:25.0535 3984  [ CF59781FCB68F859EB6C835ED285211D ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
16:44:25.0541 3984  RfButtonDriverService - ok
16:44:25.0562 3984  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:44:25.0582 3984  RFCOMM - ok
16:44:25.0608 3984  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:44:25.0629 3984  RpcEptMapper - ok
16:44:25.0655 3984  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
16:44:25.0692 3984  RpcLocator - ok
16:44:25.0729 3984  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
16:44:25.0764 3984  RpcSs - ok
16:44:25.0800 3984  [ 7BFDFD1D2244B444D7BBC55087426518 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
16:44:25.0819 3984  RSPCIESTOR - ok
16:44:25.0843 3984  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:44:25.0871 3984  rspndr - ok
16:44:25.0885 3984  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
16:44:25.0900 3984  s3cap - ok
16:44:25.0927 3984  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
16:44:25.0939 3984  SamSs - ok
16:44:25.0959 3984  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:44:25.0980 3984  sbp2port - ok
16:44:26.0026 3984  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:44:26.0042 3984  SCardSvr - ok
16:44:26.0059 3984  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:44:26.0086 3984  scfilter - ok
16:44:26.0120 3984  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
16:44:26.0145 3984  Schedule - ok
16:44:26.0172 3984  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:44:26.0187 3984  SCPolicySvc - ok
16:44:26.0214 3984  [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
16:44:26.0226 3984  sdbus - ok
16:44:26.0241 3984  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:44:26.0262 3984  SDRSVC - ok
16:44:26.0289 3984  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:44:26.0307 3984  sdstor - ok
16:44:26.0339 3984  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:44:26.0351 3984  secdrv - ok
16:44:26.0364 3984  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
16:44:26.0380 3984  seclogon - ok
16:44:26.0406 3984  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
16:44:26.0434 3984  SENS - ok
16:44:26.0463 3984  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:44:26.0477 3984  SensrSvc - ok
16:44:26.0489 3984  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
16:44:26.0501 3984  SerCx - ok
16:44:26.0504 3984  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
16:44:26.0514 3984  Serenum - ok
16:44:26.0518 3984  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
16:44:26.0529 3984  Serial - ok
16:44:26.0532 3984  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:44:26.0550 3984  sermouse - ok
16:44:26.0599 3984  [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
16:44:26.0615 3984  ServiceLayer - ok
16:44:26.0642 3984  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
16:44:26.0670 3984  SessionEnv - ok
16:44:26.0673 3984  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
16:44:26.0683 3984  sfloppy - ok
16:44:26.0715 3984  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:44:26.0731 3984  SharedAccess - ok
16:44:26.0772 3984  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:44:26.0823 3984  ShellHWDetection - ok
16:44:26.0828 3984  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:44:26.0837 3984  SiSRaid2 - ok
16:44:26.0841 3984  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:44:26.0851 3984  SiSRaid4 - ok
16:44:26.0879 3984  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:44:26.0893 3984  SNMPTRAP - ok
16:44:26.0904 3984  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
16:44:26.0918 3984  spaceport - ok
16:44:26.0921 3984  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
16:44:26.0932 3984  SpbCx - ok
16:44:26.0956 3984  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
16:44:26.0988 3984  Spooler - ok
16:44:27.0092 3984  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:44:27.0150 3984  sppsvc - ok
16:44:27.0183 3984  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:44:27.0213 3984  srv - ok
16:44:27.0251 3984  [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:44:27.0286 3984  srv2 - ok
16:44:27.0313 3984  [ FD8B4F201B681C555A4AF41922C52557 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:44:27.0337 3984  srvnet - ok
16:44:27.0372 3984  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:44:27.0412 3984  SSDPSRV - ok
16:44:27.0429 3984  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:44:27.0456 3984  SstpSvc - ok
16:44:27.0480 3984  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:44:27.0524 3984  stexstor - ok
16:44:27.0577 3984  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
16:44:27.0617 3984  stisvc - ok
16:44:27.0622 3984  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:44:27.0635 3984  storahci - ok
16:44:27.0663 3984  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
16:44:27.0674 3984  storflt - ok
16:44:27.0707 3984  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
16:44:27.0736 3984  StorSvc - ok
16:44:27.0751 3984  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:44:27.0762 3984  storvsc - ok
16:44:27.0777 3984  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
16:44:27.0815 3984  svsvc - ok
16:44:27.0848 3984  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
16:44:27.0865 3984  swenum - ok
16:44:27.0889 3984  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
16:44:27.0932 3984  swprv - ok
16:44:27.0982 3984  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
16:44:28.0048 3984  SysMain - ok
16:44:28.0086 3984  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:44:28.0125 3984  SystemEventsBroker - ok
16:44:28.0176 3984  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
16:44:28.0198 3984  TabletInputService - ok
16:44:28.0225 3984  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:44:28.0239 3984  TapiSrv - ok
16:44:28.0298 3984  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:44:28.0344 3984  Tcpip - ok
16:44:28.0390 3984  [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:44:28.0448 3984  TCPIP6 - ok
16:44:28.0480 3984  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:44:28.0511 3984  tcpipreg - ok
16:44:28.0531 3984  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:44:28.0558 3984  tdx - ok
16:44:28.0576 3984  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:44:28.0585 3984  terminpt - ok
16:44:28.0642 3984  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
16:44:28.0668 3984  TermService - ok
16:44:28.0697 3984  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
16:44:28.0730 3984  Themes - ok
16:44:28.0748 3984  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:44:28.0769 3984  THREADORDER - ok
16:44:28.0799 3984  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:44:28.0811 3984  TimeBroker - ok
16:44:28.0844 3984  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
16:44:28.0865 3984  TPM - ok
16:44:28.0884 3984  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
16:44:28.0898 3984  TrkWks - ok
16:44:28.0951 3984  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:44:28.0970 3984  TrustedInstaller - ok
16:44:29.0003 3984  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:44:29.0017 3984  TsUsbFlt - ok
16:44:29.0023 3984  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
16:44:29.0042 3984  TsUsbGD - ok
16:44:29.0065 3984  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:44:29.0096 3984  tunnel - ok
16:44:29.0100 3984  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:44:29.0110 3984  uagp35 - ok
16:44:29.0114 3984  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:44:29.0124 3984  UASPStor - ok
16:44:29.0143 3984  [ 69CC6087483FCE6AEBF1DF5AE791044F ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
16:44:29.0149 3984  UBHelper - ok
16:44:29.0178 3984  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:44:29.0190 3984  UCX01000 - ok
16:44:29.0207 3984  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:44:29.0239 3984  udfs - ok
16:44:29.0263 3984  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:44:29.0278 3984  UI0Detect - ok
16:44:29.0281 3984  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:44:29.0291 3984  uliagpkx - ok
16:44:29.0302 3984  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
16:44:29.0312 3984  umbus - ok
16:44:29.0315 3984  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:44:29.0325 3984  UmPass - ok
16:44:29.0357 3984  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
16:44:29.0391 3984  UmRdpService - ok
16:44:29.0475 3984  [ DBE2E6388379D5CC78099650541E9566 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:44:29.0495 3984  UNS - ok
16:44:29.0517 3984  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
16:44:29.0551 3984  upnphost - ok
16:44:29.0577 3984  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
16:44:29.0588 3984  usbccgp - ok
16:44:29.0603 3984  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:44:29.0622 3984  usbcir - ok
16:44:29.0652 3984  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
16:44:29.0672 3984  usbehci - ok
16:44:29.0710 3984  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:44:29.0740 3984  usbhub - ok
16:44:29.0762 3984  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
16:44:29.0778 3984  USBHUB3 - ok
16:44:29.0807 3984  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
16:44:29.0817 3984  usbohci - ok
16:44:29.0831 3984  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:44:29.0859 3984  usbprint - ok
16:44:29.0863 3984  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
16:44:29.0874 3984  USBSTOR - ok
16:44:29.0885 3984  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
16:44:29.0895 3984  usbuhci - ok
16:44:29.0916 3984  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:44:29.0945 3984  usbvideo - ok
16:44:29.0966 3984  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
16:44:29.0980 3984  USBXHCI - ok
16:44:29.0993 3984  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
16:44:30.0004 3984  VaultSvc - ok
16:44:30.0018 3984  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:44:30.0027 3984  vdrvroot - ok
16:44:30.0074 3984  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
16:44:30.0091 3984  vds - ok
16:44:30.0112 3984  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
16:44:30.0122 3984  VerifierExt - ok
16:44:30.0147 3984  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
16:44:30.0164 3984  vhdmp - ok
16:44:30.0167 3984  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
16:44:30.0176 3984  viaide - ok
16:44:30.0181 3984  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:44:30.0191 3984  vmbus - ok
16:44:30.0195 3984  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:44:30.0205 3984  VMBusHID - ok
16:44:30.0244 3984  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
16:44:30.0302 3984  vmicheartbeat - ok
16:44:30.0310 3984  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:44:30.0323 3984  vmickvpexchange - ok
16:44:30.0328 3984  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
16:44:30.0341 3984  vmicrdv - ok
16:44:30.0346 3984  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:44:30.0359 3984  vmicshutdown - ok
16:44:30.0365 3984  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:44:30.0377 3984  vmictimesync - ok
16:44:30.0385 3984  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
16:44:30.0398 3984  vmicvss - ok
16:44:30.0414 3984  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:44:30.0424 3984  volmgr - ok
16:44:30.0446 3984  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:44:30.0461 3984  volmgrx - ok
16:44:30.0481 3984  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:44:30.0495 3984  volsnap - ok
16:44:30.0513 3984  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
16:44:30.0523 3984  vpci - ok
16:44:30.0527 3984  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:44:30.0539 3984  vsmraid - ok
16:44:30.0592 3984  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
16:44:30.0642 3984  VSS - ok
16:44:30.0648 3984  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:44:30.0662 3984  VSTXRAID - ok
16:44:30.0681 3984  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:44:30.0692 3984  vwifibus - ok
16:44:30.0704 3984  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:44:30.0715 3984  vwififlt - ok
16:44:30.0726 3984  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:44:30.0737 3984  vwifimp - ok
16:44:30.0764 3984  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
16:44:30.0781 3984  W32Time - ok
16:44:30.0785 3984  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:44:30.0813 3984  WacomPen - ok
16:44:30.0834 3984  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:44:30.0854 3984  Wanarp - ok
16:44:30.0859 3984  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:44:30.0877 3984  Wanarpv6 - ok
16:44:30.0927 3984  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
16:44:30.0952 3984  wbengine - ok
16:44:30.0974 3984  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:44:30.0988 3984  WbioSrvc - ok
16:44:31.0011 3984  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:44:31.0025 3984  Wcmsvc - ok
16:44:31.0061 3984  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:44:31.0076 3984  wcncsvc - ok
16:44:31.0087 3984  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:44:31.0098 3984  WcsPlugInService - ok
16:44:31.0137 3984  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
16:44:31.0146 3984  Wd - ok
16:44:31.0173 3984  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:44:31.0182 3984  WdBoot - ok
16:44:31.0216 3984  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:44:31.0235 3984  Wdf01000 - ok
16:44:31.0250 3984  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:44:31.0262 3984  WdFilter - ok
16:44:31.0280 3984  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:44:31.0297 3984  WdiServiceHost - ok
16:44:31.0301 3984  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:44:31.0318 3984  WdiSystemHost - ok
16:44:31.0356 3984  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
16:44:31.0371 3984  WebClient - ok
16:44:31.0386 3984  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:44:31.0415 3984  Wecsvc - ok
16:44:31.0430 3984  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:44:31.0469 3984  wercplsupport - ok
16:44:31.0485 3984  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:44:31.0500 3984  WerSvc - ok
16:44:31.0522 3984  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
16:44:31.0532 3984  WFPLWFS - ok
16:44:31.0557 3984  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:44:31.0569 3984  WiaRpc - ok
16:44:31.0586 3984  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:44:31.0595 3984  WIMMount - ok
16:44:31.0624 3984  WinDefend - ok
16:44:31.0668 3984  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:44:31.0685 3984  WinHttpAutoProxySvc - ok
16:44:31.0747 3984  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:44:31.0772 3984  Winmgmt - ok
16:44:31.0872 3984  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:44:31.0920 3984  WinRM - ok
16:44:31.0965 3984  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
16:44:31.0997 3984  WlanSvc - ok
16:44:32.0047 3984  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
16:44:32.0075 3984  wlidsvc - ok
16:44:32.0096 3984  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
16:44:32.0106 3984  WmiAcpi - ok
16:44:32.0132 3984  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:44:32.0145 3984  wmiApSrv - ok
16:44:32.0169 3984  WMPNetworkSvc - ok
16:44:32.0187 3984  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
16:44:32.0207 3984  wpcfltr - ok
16:44:32.0246 3984  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:44:32.0268 3984  WPCSvc - ok
16:44:32.0308 3984  [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:44:32.0345 3984  WPDBusEnum - ok
16:44:32.0363 3984  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
16:44:32.0382 3984  WpdUpFltr - ok
16:44:32.0421 3984  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:44:32.0438 3984  ws2ifsl - ok
16:44:32.0456 3984  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:44:32.0471 3984  wscsvc - ok
16:44:32.0474 3984  WSearch - ok
16:44:32.0545 3984  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
16:44:32.0601 3984  WSService - ok
16:44:32.0694 3984  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
16:44:32.0740 3984  wuauserv - ok
16:44:32.0759 3984  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:44:32.0769 3984  WudfPf - ok
16:44:32.0790 3984  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:44:32.0811 3984  WUDFRd - ok
16:44:32.0816 3984  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:32.0828 3984  WUDFSensorLP - ok
16:44:32.0847 3984  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:44:32.0860 3984  wudfsvc - ok
16:44:32.0865 3984  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:32.0876 3984  WUDFWpdFs - ok
16:44:32.0905 3984  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:44:32.0936 3984  WwanSvc - ok
16:44:32.0948 3984  ================ Scan global ===============================
16:44:32.0996 3984  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
16:44:33.0017 3984  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
16:44:33.0041 3984  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
16:44:33.0065 3984  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
16:44:33.0073 3984  [Global] - ok
16:44:33.0073 3984  ================ Scan MBR ==================================
16:44:33.0083 3984  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:44:33.0201 3984  \Device\Harddisk0\DR0 - ok
16:44:33.0202 3984  ================ Scan VBR ==================================
16:44:33.0206 3984  [ A88CACC8286A9A8E1E1E5CFAEA0C0B23 ] \Device\Harddisk0\DR0\Partition1
16:44:33.0208 3984  \Device\Harddisk0\DR0\Partition1 - ok
16:44:33.0236 3984  [ F3D5643DB777C8634E18782CF4B1BB89 ] \Device\Harddisk0\DR0\Partition2
16:44:33.0238 3984  \Device\Harddisk0\DR0\Partition2 - ok
16:44:33.0253 3984  [ FFAD4BA8A844DD0E08C3E63F592A565A ] \Device\Harddisk0\DR0\Partition3
16:44:33.0254 3984  \Device\Harddisk0\DR0\Partition3 - ok
16:44:33.0271 3984  [ 765713D8676B55E72EB08E4FC846E93D ] \Device\Harddisk0\DR0\Partition4
16:44:33.0273 3984  \Device\Harddisk0\DR0\Partition4 - ok
16:44:33.0304 3984  [ FE3777A29174E868D0DA2AED277FE054 ] \Device\Harddisk0\DR0\Partition5
16:44:33.0307 3984  \Device\Harddisk0\DR0\Partition5 - ok
16:44:33.0308 3984  ============================================================
16:44:33.0308 3984  Scan finished
16:44:33.0308 3984  ============================================================
16:44:33.0321 4440  Detected object count: 1
16:44:33.0321 4440  Actual detected object count: 1
16:46:01.0138 4440  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
16:46:01.0138 4440  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 06.04.2013, 01:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Unauffällig bisher

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 09.04.2013, 19:03   #11
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



***

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 8 x64
Ran by Karoline on 09.04.2013 at 19:39:20,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\softonic



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Karoline\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Karoline\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Karoline\appdata\local\software"



~~~ FireFox

Failed to delete: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Failed to delete: [Registry Value] hkey_local_machine\software\wow6432node\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Emptied folder: C:\Users\Karoline\AppData\Roaming\mozilla\firefox\profiles\dr94vql9.default\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.04.2013 at 19:47:24,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 09/04/2013 um 20:42:35 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Karoline - EMMCHEN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Karoline\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16519

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\Karoline\AppData\Roaming\Mozilla\Firefox\Profiles\dr94vql9.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\axzf6013.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1337 octets] - [09/04/2013 20:42:35]

########## EOF - C:\AdwCleaner[S1].txt - [1397 octets] ##########
         

Code:
ATTFilter
OTL logfile created on: 09.04.2013 20:50:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karoline\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,82 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,96% Memory free
9,01 Gb Paging File | 7,18 Gb Available in Paging File | 79,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,83 Gb Total Space | 622,35 Gb Free Space | 91,41% Space Free | Partition Type: NTFS
 
Computer Name: EMMCHEN | User Name: Karoline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karoline\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.)
SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\Drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\Drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{FDE3A3BC-13CF-48C1-9701-B7B8717DE877}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{FDE3A3BC-13CF-48C1-9701-B7B8717DE877}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-827286464-1191435713-3838452255-1007\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.21 16:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.22 19:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2012.12.13 17:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karoline\AppData\Roaming\mozilla\Extensions
[2013.04.05 13:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karoline\AppData\Roaming\mozilla\Firefox\Profiles\dr94vql9.default\extensions
[2013.04.05 13:53:34 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Karoline\AppData\Roaming\mozilla\firefox\profiles\dr94vql9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 19:15:48 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Karoline\AppData\Roaming\mozilla\firefox\profiles\dr94vql9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.13 17:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.21 16:40:00 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.04.03 11:18:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKU\S-1-5-21-827286464-1191435713-3838452255-1002..\Run: []  File not found
O4 - HKU\S-1-5-21-827286464-1191435713-3838452255-1002..\Run: [AcerCloud] C:\Program Files (x86)\Acer\Acer Cloud\acpanel_win.exe File not found
O4 - HKU\S-1-5-21-827286464-1191435713-3838452255-1007..\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB23638A-B9AD-4B0E-806E-B3C9BAA48784}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.09 19:39:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.09 19:39:03 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.05 15:05:09 | 000,000,000 | ---D | C] -- C:\Users\Karoline\Desktop\mbar
[2013.04.05 14:38:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.04.05 14:38:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.04.05 14:37:12 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
[2013.04.05 14:35:55 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.04.05 14:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\INSTALLER
[2013.04.05 12:56:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.05 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\Karoline\PicStream
[2013.04.05 11:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.04.05 11:26:26 | 001,016,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2013.04.05 11:26:26 | 000,076,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2013.04.05 11:26:26 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.04.05 11:26:25 | 006,398,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.04.05 11:26:25 | 003,477,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.04.05 11:26:25 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.04.05 11:26:25 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.04.05 11:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.05 11:22:04 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.04.05 11:22:04 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.04.05 11:22:04 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.04.05 11:22:04 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.04.05 11:22:04 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.04.05 11:22:04 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.04.05 11:22:04 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.04.05 11:22:04 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.04.05 11:22:04 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.04.05 11:22:04 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.04.05 11:22:04 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.04.05 11:22:04 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.04.05 11:22:04 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.04.05 11:22:04 | 002,864,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.04.05 11:22:04 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.04.05 11:22:04 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.04.05 11:22:04 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.04.05 11:22:04 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.04.05 11:22:04 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.04.05 11:22:04 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.04.05 11:22:04 | 001,118,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.04.05 11:22:04 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.04.05 11:22:04 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.04.05 11:22:04 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.04.05 11:22:04 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2013.04.05 10:59:11 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Roaming\Malwarebytes
[2013.04.05 10:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.05 10:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.05 10:58:52 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.05 10:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.05 10:58:24 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Local\Programs
[2013.04.04 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Karoline\AppData\Roaming\TuneUp Software
[2013.04.04 21:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.04.04 21:06:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.04.04 21:06:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.14 21:22:29 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.03.14 21:22:28 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.03.14 21:22:26 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.03.14 21:22:26 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.03.14 21:22:26 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.03.14 21:22:26 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.03.14 21:22:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 21:22:03 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.03.14 21:22:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 21:22:02 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 21:22:02 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 21:22:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.14 21:22:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.14 21:22:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.14 21:22:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.03.14 21:22:02 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.14 21:22:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.03.14 21:22:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.14 21:21:48 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.03.14 21:21:48 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.03.14 21:21:17 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.03.14 21:21:15 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.03.14 21:21:13 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.03.14 21:21:11 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.03.14 21:21:10 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013.03.14 21:21:10 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.03.14 21:21:09 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013.03.14 21:21:09 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.03.14 21:21:08 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013.03.14 21:21:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.03.14 21:21:08 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.03.14 21:21:07 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013.03.14 21:21:06 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.14 21:21:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013.03.14 21:21:06 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.03.14 21:21:06 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.03.14 21:21:06 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013.03.14 21:21:06 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.03.14 21:21:06 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.03.14 21:21:06 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013.03.14 21:21:06 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013.03.14 21:21:06 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.03.14 21:21:06 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013.03.14 21:21:06 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013.03.14 21:21:06 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013.03.14 21:21:06 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013.03.14 21:21:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.03.14 21:21:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013.03.14 21:21:06 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013.03.14 21:21:06 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013.03.14 21:21:06 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.03.14 21:21:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013.03.14 21:21:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013.03.14 21:20:53 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.03.14 21:20:52 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.03.14 21:20:52 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.03.14 21:20:52 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.03.14 21:20:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.12 21:51:18 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.09 20:51:57 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.09 20:51:57 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.09 20:51:57 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.09 20:51:57 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.09 20:51:57 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 20:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.09 20:46:30 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 20:44:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.09 20:44:24 | 2424,528,895 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 16:39:24 | 000,000,512 | ---- | M] () -- C:\Users\Karoline\Documents\MBR.dat
[2013.04.05 14:36:49 | 000,002,173 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
[2013.04.05 14:36:49 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Acer Backup Manager.lnk
[2013.04.05 10:58:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.04 21:04:39 | 000,001,402 | ---- | M] () -- C:\Users\Karoline\Desktop\Free YouTube to MP3 Converter.lnk
[2013.03.16 20:49:15 | 000,281,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.15 07:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.15 07:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.15 07:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.15 07:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.15 07:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.15 07:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.15 07:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.15 07:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.15 07:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.15 07:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.15 07:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.15 07:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.15 07:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.15 07:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.03.15 07:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.15 07:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.15 07:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.15 07:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.15 07:53:06 | 001,118,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.03.15 07:53:06 | 000,968,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.15 07:53:06 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.15 07:53:06 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.15 06:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.03.15 06:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.03.15 06:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.03.15 06:16:10 | 001,016,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2013.03.15 06:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.03.15 06:16:10 | 000,076,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2013.03.15 06:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.03.13 18:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.03.12 21:51:18 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.05 16:39:23 | 000,000,512 | ---- | C] () -- C:\Users\Karoline\Documents\MBR.dat
[2013.04.05 11:26:25 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.04.05 11:22:04 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.05 10:58:53 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.16 20:49:05 | 000,281,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.08 22:17:31 | 000,000,017 | ---- | C] () -- C:\Users\Karoline\AppData\Local\resmon.resmoncfg
[2012.12.17 20:10:46 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.12.17 20:10:42 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.17 20:10:41 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.13 20:15:03 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.09.27 10:50:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.12.13 22:39:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 09.04.2013 20:50:33 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karoline\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,82 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,96% Memory free
9,01 Gb Paging File | 7,18 Gb Available in Paging File | 79,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,83 Gb Total Space | 622,35 Gb Free Space | 91,41% Space Free | Partition Type: NTFS
 
Computer Name: EMMCHEN | User Name: Karoline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-827286464-1191435713-3838452255-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07648B17-5422-4A3C-BA4A-0DED8CAA1441}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0FBC07B5-E6A3-49C2-9396-42CE9DEF4DED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{124A1742-1599-4C42-820C-615EC35683E2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3068730C-FA53-4C45-9994-636696D41353}" = rport=138 | protocol=17 | dir=out | app=system | 
"{415DD201-0B65-4B43-85F7-3F9B444C2C6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{520AFFF6-20E4-4920-A728-71D68389B03C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8385D15F-06F5-4CDA-9F34-98CBD0D9EAC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9EAA228F-85AE-4F0F-96DC-03EC0A982EAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B0A16DB8-BBDB-4F5C-B3D3-FD4B08012669}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BB31CFC0-58BC-4A1C-BF4A-0CDD8E5F97E4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DAA6BBA2-DBF0-4D65-A4B8-9564F3C3CE85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC050D0F-7FDF-46C4-B0E0-551353D3A620}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009777F9-BE61-4761-A124-A7D233CCD3F3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{00D0794E-5DE4-4A30-A2D2-8374791726C5}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{052B48CC-2097-4100-AD41-081393E1F3AF}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{085AD49F-4382-4BDD-8C8C-4D12B53B0FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{0B58C10D-F17C-4B82-8BDB-CAA610A6ACB5}" = dir=out | name=windows_ie_ac_001 | 
"{0BD27713-BF86-497D-95A9-3125CD7DC393}" = dir=out | name=taptiles | 
"{0EC93787-447B-4850-83AF-90BAAC39D4C7}" = dir=out | name=7digital music store | 
"{0EDDF653-93ED-4F49-A79D-26D4FAD0C438}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0FAF2520-F011-47EF-852A-971FC423467E}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{1424BBAB-37B7-46C1-BF16-D6395CA54E5F}" = dir=out | name=cut the rope | 
"{149EF4A6-16A8-4C0F-BF85-B8C03389F699}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{1790D528-587F-4518-8EC3-F739D19E5B73}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{19E161EF-10FE-4FEF-8DBC-14825515835C}" = dir=out | name=microsoft mahjong | 
"{1B39E10D-7209-47AF-877E-6D16645C8AD9}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{1D862211-2239-4AA6-A780-C13EAF444E8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1DA66183-24EF-4C81-9BB7-E29FF31B10D9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{210BFE5B-B20F-4F01-9C5B-4DB65AAFD8B8}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{22CD2F9A-7FF3-4EDC-9339-DCDB0B172F41}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | 
"{280E4DCA-3153-4A72-8F31-36AEA2FEAD0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{28DEC73F-B435-408E-A317-D4D278A2C864}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2BE29F2B-C06F-41E8-B825-9849999C0578}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3153C895-2063-45C5-AC04-1DFEE49C35BE}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{31625964-5124-4FD6-9CFD-2666DADE819B}" = dir=out | name=microsoft mahjong | 
"{35F0B403-AC0A-4445-ADAA-D1C31848DC25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41D072CB-A6E1-48F7-A56B-000B8D702296}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{439C5DA6-8618-4C86-A383-227C89DE2521}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{441BCA29-211D-444B-9E24-47E12B59DF5D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{45B01F71-241B-4E08-8D7F-90D71F5593E7}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{554A9B34-A045-4F77-8BBF-31B886DF4369}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | 
"{5582E467-C663-4204-89D6-BC2B6A53ECBF}" = dir=out | name=microsoft minesweeper | 
"{56F763DF-3A57-4972-8DEA-1C3488D55BA9}" = dir=out | name=skitch | 
"{6099DAA4-728A-425E-8FB9-EDC560AC00F2}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{64AABFC8-2B5A-4EFA-8B70-3843ED813C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{65BE970E-A553-4670-9A2F-4A280F2DBD09}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{6D368251-A5E4-4CBD-9C7D-49DC36B7CAD9}" = dir=out | name=acer crystal eye | 
"{70093625-F3B5-47EC-9EA2-58830D1EB220}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{71217F79-DC06-4A7D-BADB-D3BFEB50E35A}" = dir=out | name=tunein radio | 
"{7398A14C-8BA2-4E1C-BFBF-88DB1FC93E24}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{7AC5F3F6-23E4-4725-8DD2-9A42248C7EE0}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{7C18153D-4F75-4060-B1C7-43F6961A0E88}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8A3C289B-281E-4D31-A31C-9ABAE8887E40}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{92A37881-B47C-41AC-8817-D94791FFB3E1}" = dir=out | name=evernote | 
"{939ACDD5-8A3A-47C1-981B-26E91464D1E9}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{96B457AC-BD80-4E1E-B51F-6D60C143BBB3}" = dir=out | name=microsoft solitaire collection | 
"{983B9881-CE9C-422D-AF1C-02C69235B9D9}" = dir=in | name=evernote | 
"{9B72D7D6-1BFD-4958-8C6C-58D66E6310A2}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{9F53D942-E317-4520-BC8F-26EE769B65C6}" = dir=out | name=newsxpresso metro | 
"{9F8B6CED-DA06-419E-9591-0300EEC42871}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A53CBFC5-164E-4532-A0E0-C3033AA5169D}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A5FC9336-4F47-481B-ABC2-95124794888E}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{A61CAF68-675A-44F0-BB9B-DEE174340AE8}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{A8E78DF7-AC10-447B-B930-3990BCF1F3B0}" = dir=out | name=txtr reader | 
"{AD0F1EBC-0F12-4DB5-BA15-E4229983C8E9}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B5086A61-70DC-405F-BD8B-05B7D6D60E78}" = dir=out | name=acer crystal eye | 
"{B8EF95D3-53A7-4753-9EB9-61BDCA21421A}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{BA5856F7-98BE-4A64-A7A7-684F3EDD0906}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{BB263603-3C9A-4DCF-9BC6-EFE9CBE7A929}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{BB702FAC-E9E6-46D3-800C-2BE7AE6DA95A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BC388041-29F8-4C30-AA26-333313B90F4A}" = dir=out | name=ebay | 
"{BE0F5E33-87DF-4B09-9CB3-5342581A44F6}" = dir=out | name=microsoft solitaire collection | 
"{BE2CB654-C60C-4621-9025-39F8E070B700}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{C360BD43-68AF-4057-A080-C9FA0BD75F56}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C44F4001-5117-4E3F-972D-06FD998E2275}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | 
"{C4FBCA3C-CC2E-4062-9A43-397ACC86FADF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C665C464-1326-4BAF-81E2-00882DC8BEB7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{C6EEA767-7E57-4C6F-B8A0-DA0B343E30FC}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{C8ADEBBF-A7E7-432C-9ACC-A0F3458071E8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{C914F600-6A95-46B2-A002-322DFB2957A6}" = dir=out | name=tunein radio | 
"{D7797A1D-239E-4AC9-A9D8-FD35B1D56E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{D7CEE054-C711-4903-A5F3-997483443AB4}" = dir=out | name=windows_ie_ac_001 | 
"{DA28D79D-AB17-490B-B108-63FA46D3E13C}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{DE9D14CC-576B-4F61-B194-8CBB734D16BA}" = dir=out | name=acer explorer | 
"{DF8C286C-6CFC-42B5-8E48-67235897209C}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{E1B05FC4-C2FC-4B31-9745-7F26257FD0C2}" = dir=in | name=skype | 
"{E5E1C635-715D-403E-90F2-4FAC8B901D66}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E60A0DCA-6A66-4BE1-A550-842CA4D02F58}" = dir=in | name=ebay | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E991EF37-5F00-4854-AB72-A49A58862C50}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{EF7FEDB0-1BBA-4EDE-A32D-FF74F9D8C4E7}" = dir=out | name=social jogger | 
"{F0257610-86A4-4AC8-AE0C-E4F81D93F5D7}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{F7F839AE-91CA-4AF8-BE97-792FD976C96B}" = dir=out | name=skype | 
"{F9A8FFC1-77BA-4238-80ED-B43712118989}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FBF0A383-E326-4E27-B6EE-681D02BF73B5}" = dir=out | name=weatherbug | 
"{FC994981-5D15-4454-8240-5CA6230D9945}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8215A318-CC27-435E-B3EA-2E3443C8998C}" = Acer Instant Update Service
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"Nokia Suite" = Nokia Suite
"PhotoScape" = PhotoScape
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.03.2013 16:30:00 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 18.03.2013 14:21:19 | Computer Name = Emmchen | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.03.2013 15:36:28 | Computer Name = Emmchen | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_6_602_180.exe,
 Version: 11.6.602.180, Zeitstempel: 0x51301434  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x02857800  ID des fehlerhaften Prozesses: 0xd44  Startzeit der fehlerhaften Anwendung:
 0x01ce23f4a7c10f33  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 2003b706-9003-11e2-becc-4c72b9d642bd
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 19.03.2013 14:21:09 | Computer Name = Emmchen | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.03.2013 05:30:06 | Computer Name = Emmchen | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 22.03.2013 14:27:55 | Computer Name = Emmchen | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 24.03.2013 05:28:28 | Computer Name = Emmchen | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.03.2013 14:57:22 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 25.03.2013 14:57:22 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 25.03.2013 14:57:22 | Computer Name = Emmchen | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
[ System Events ]
Error - 20.03.2013 05:12:03 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 20.03.2013 08:36:14 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 21.03.2013 12:30:36 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 21.03.2013 12:58:30 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 22.03.2013 13:20:17 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 22.03.2013 14:04:11 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 24.03.2013 05:14:53 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 24.03.2013 06:03:08 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
Error - 25.03.2013 12:03:31 | Computer Name = Emmchen | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 25.03.2013 12:32:32 | Computer Name = Emmchen | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen.
 Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code:
 47.
 
 
< End of report >
         

Geändert von Solar0 (09.04.2013 um 19:40 Uhr) Grund: Download funktioniert jetzt

Alt 09.04.2013, 22:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 11.04.2013, 11:47   #13
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Ich habe ein Problem mit dem Programm eset.
Ich setze den Haken bei "YES, I accept the Terms of Use" und klicke auf Start.
Doch dann kommt die Meldung "Can not get Update. Is proxy configured?"
Obwohl ich mit dem Internet verbunden bin.

Alt 11.04.2013, 12:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Bitte mal prüfen:


Falsche Proxy Einstellungen entfernen
  • Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
  • Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
    wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)


__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 11.04.2013, 13:02   #15
Solar0
 
Windows Update Einstellungen werden vom Systemadministrator verwaltet - Standard

Windows Update Einstellungen werden vom Systemadministrator verwaltet



Habe ich geprüft, das Häkchen war nicht gesetzt.
Es funktioniert noch immer nicht..hmm...

Antwort

Themen zu Windows Update Einstellungen werden vom Systemadministrator verwaltet
bild, einstellungen, gelbes, gen, installiere, installieren, kästchen, systemadministrator, update, updates, windows, windows 8, windows update, woran, ändern



Ähnliche Themen: Windows Update Einstellungen werden vom Systemadministrator verwaltet


  1. Firefox: Einstellungen werden immer wieder zurückgesetzt
    Plagegeister aller Art und deren Bekämpfung - 21.09.2015 (1)
  2. Windows 10; Proxi Einstellungen können nicht mehr geändert werden.
    Log-Analyse und Auswertung - 24.08.2015 (28)
  3. Windows 8.1 Update konnte nicht abgeschlossen werden
    Alles rund um Windows - 10.08.2015 (3)
  4. Google Chrome Einstellungen werden von einem anderen Programm manipuliert
    Log-Analyse und Auswertung - 29.04.2015 (11)
  5. FF Einstellungen werden nicht gespeichert
    Plagegeister aller Art und deren Bekämpfung - 08.11.2014 (7)
  6. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Update funktioniert nicht mehr!
    Log-Analyse und Auswertung - 22.11.2013 (19)
  7. Weisser Bildschirm bei Start Windows 7 - nur Systemadministrator
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (9)
  8. (falsches subforum) Weisser Bildschirm bei Start Windows 7 - nur für Systemadministrator
    Mülltonne - 18.03.2013 (0)
  9. Java Update und Einstellungen
    Anleitungen, FAQs & Links - 19.11.2011 (1)
  10. Jegliche Einstellungen mit Scrolleigenschaft oder Auswahl werden immer nach oben Gescrollt
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (10)
  11. Google - Suchanfragen werden umgeleitet, manipulierte TCP/IP-Einstellungen
    Log-Analyse und Auswertung - 14.11.2010 (19)
  12. Google Apps verwaltet nur Smartphones der Konkurrenz
    Nachrichten - 15.07.2010 (0)
  13. Gpedit Einstellungen Werden Nicht übernommen
    Alles rund um Windows - 13.07.2010 (0)
  14. Nach Windows Update konnte nicht gesucht werden Code 80072EFE
    Log-Analyse und Auswertung - 30.05.2010 (0)
  15. Probleme/Fehler bei Windows Update KD955759 - Kann nicht installiert werden!
    Alles rund um Windows - 25.01.2010 (7)
  16. Windows xp update kann nicht installiert werden
    Alles rund um Windows - 14.11.2009 (0)
  17. Graka einstellungen werden nicht richtig geladen
    Alles rund um Windows - 04.04.2007 (1)

Zum Thema Windows Update Einstellungen werden vom Systemadministrator verwaltet - Windows 8 Hallo. Mir ist gerade aufgefallen, dass ich die Windows Update Einstellungen nicht ändern kann. Suchen und installieren der Updates ist kein Problem. Es ist ein gelbes Kästchen zu - Windows Update Einstellungen werden vom Systemadministrator verwaltet...
Archiv
Du betrachtest: Windows Update Einstellungen werden vom Systemadministrator verwaltet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.