Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Browse2save, spyhunter

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.04.2013, 09:57   #1
Talpa
 
Browse2save, spyhunter - Frage

Browse2save, spyhunter



guten morgen,

vorneweg gleich: ich habe das forum bei meiner suche im internet gefunden und hoffe, dass ich hier hilfe bekommen kann. leider kenne ich mich mit den meisten begriffen, die ihr hier verwendet, nicht aus. ich bin zwar nicht der DAU, aber immerhin blond.
seht es mir daher bitte nach, wenn vielleicht öfter mal eine für euch dumme nachfrage kommt, es ist keine absicht meinerseits. alternativ dürft ihr natürlich gleich so schreiben, dass es auch solche wie ich kapieren.

so, nun zum thema.
auf der suche nach einer OCR-software für meinen scanner (der das nicht hat), habe ich mir am sonntag FreeOCR heruntergeladen. ich habe schon drauf geachtet, was ich da anklicke, keine weiteren toolbars etc, jedoch fiel mir dann auf, dass seit benutzung dieser software auf allen internetseiten plötzlich willkürlich wörter in links verwandelt waren. wenn ich mit der maus drüber ging, kamen dann werbebilder bzw ein link, den ich hätte klicken sollen.
ich habe herausgefunden, dass es sich hierbei um browse2save handelt, eine aggressive werbemalware.
die wollte ich natürlich loswerden und bin dann - wie ich blöderweise auch erst hinterher festgestellt habe (ihr dürft mich ruhig auslachen!) - auf spyhunter4.exe hereingefallen. habe dieses programm sogar noch gekauft , weil es mir die 157 gefundenen bedrohungen ja sonst nicht gelöscht hätte. ich war ja so eingeschüchtert von den vielen funden ...

bisher habe ich folgendes unternommen:
in der systemsteuerung sowohl dieses FreeOCR als auch SpyHunter wieder deinstalliert; ebenso die beiden .exe-dateien, die ich im ordner "downloads" hatte.
auch in den firefoxeinstellungen geguckt, da war noch ein add-on, welches ich ebenfalls gelöscht habe (das war was mit werbung, erinnere mich aber nicht mehr an den namen. also es war ein "böses" add-on, nicht der ab-blocker, den ich auch habe).

kaspersky anti-virus 2013 findet nun nichts mehr.

ABER: sobald der rechner an ist, passiert nach ca. 5 minuten folgendes: wenn ich auf start klicke, sehe ich, dass neben dem wort "herunterfahren" das "schild-icon" ist, welches bedeutet, dass updates installiert werden müssen und ich deswegen herunterfahren soll.
so geht das nun seit vorgestern.
es installiert immer 2 updates, ich weiß nicht welche, das sagt es nicht. in den windows einstellungen (windows update) werden die vielleicht nicht aufgeführt:


egal, dass kaspersky nix findet, nach jedem neustart des rechners tauchen plötzlich wieder diese beiden updates auf, weswegen ich vermute, dass mein rechner noch nicht ganz sauber ist. irgendwie halt verdächtig.

ich weürde mich sehr freuen, wenn jemand helfen könnte, was bei mir los ist.

danke sehr, christiane

Alt 10.04.2013, 12:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Hallo,

Zitat:
kaspersky anti-virus 2013 findet nun nichts mehr.
Was heißt "nun"?
Was hat es denn vorher gefunden und wo sind die Logs dazu?

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.04.2013, 12:56   #3
Talpa
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Kaspersky ließ ich vorher nicht laufen. Das "nun" bezog sich darauf, dass dieses seltsame Spyhunter Sachen fand und dann löschte und darauf folgend Kaspersky dann nix mehr fand.

Log files, das ist eben so ein Problem. Wo finde ich die/wie mache ich die?
Wie ich sie dann hier rein kriege, ist mir klar. Nur nicht, wie ich sie erstelle.

Danke.
__________________

Alt 10.04.2013, 13:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2013, 13:39   #5
Talpa
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



OTL.txt

Code:
ATTFilter
OTL logfile created on: 10.04.2013 13:29:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christiane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 72,21% Memory free
11,96 Gb Paging File | 9,70 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 257,78 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIANE-PC | User Name: Christiane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christiane\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledAddons: webmaster%40WhatFONTis.com:1.0.8
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christiane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.03.20 19:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.04.09 20:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.09 20:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.04.09 20:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.06 18:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.08 19:30:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.11.28 10:24:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 20:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.06 18:36:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.08 19:30:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 20:31:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.05.21 21:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\Extensions
[2011.05.20 19:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.21 21:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.04.10 11:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\Firefox\Profiles\oo1xj4j2.default\extensions
[2011.05.21 21:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\Sunbird\Profiles\zhnd8mis.default\extensions
[2013.03.03 11:05:15 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.04.10 11:41:47 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\extensions\amznUWL2@amazon.com.xpi
[2013.04.09 14:19:38 | 000,260,296 | ---- | M] () (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2012.11.27 14:38:44 | 000,008,890 | ---- | M] () (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\extensions\webmaster@WhatFONTis.com.xpi
[2012.12.11 17:14:49 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 09:27:44 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.17 11:47:40 | 000,000,911 | ---- | M] () -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\searchplugins\11-suche.xml
[2012.11.17 11:47:40 | 000,002,273 | ---- | M] () -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\searchplugins\englische-ergebnisse.xml
[2012.11.17 11:47:40 | 000,010,563 | ---- | M] () -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\searchplugins\gmx-suche.xml
[2012.11.17 11:47:40 | 000,002,432 | ---- | M] () -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\searchplugins\lastminute.xml
[2012.11.17 11:47:40 | 000,005,545 | ---- | M] () -- C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\searchplugins\webde-suche.xml
[2013.04.06 18:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.06 18:36:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007.09.28 18:57:26 | 006,275,816 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012.06.20 09:57:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 09:19:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 09:57:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 09:57:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 09:57:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 09:57:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: BRowsE2soave = C:\Users\Christiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmiohpbbioahjgejejfmpmmbncdmfl\1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001..\Run: [Facebook Update] C:\Users\Christiane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1163813797-2419015131-2533885825-1001..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C53554-F73F-4D95-9BCA-6E295569BAF7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.08 16:19:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 13:27:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christiane\Desktop\OTL.exe
[2013.04.10 09:14:08 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 09:14:08 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 09:14:08 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 09:14:08 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.10 09:14:08 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.10 09:14:08 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.10 09:14:08 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.10 09:14:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 09:14:08 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.10 09:14:08 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.10 09:14:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 09:14:08 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.10 09:14:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 09:14:08 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 09:14:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 09:14:08 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.10 09:14:08 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.10 09:14:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 09:14:08 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.10 09:14:08 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.10 09:14:08 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 09:14:08 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 09:14:08 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.10 09:14:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.10 09:14:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.10 09:14:08 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.10 09:14:08 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 09:14:08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.10 09:14:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.10 09:14:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.10 09:14:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.10 09:14:08 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.10 09:14:08 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.10 09:14:08 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 09:14:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 09:14:08 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.10 09:14:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.10 09:14:08 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.10 09:14:08 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.10 09:14:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.10 09:14:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 09:14:08 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.10 09:14:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 09:14:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.10 09:14:08 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 09:14:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.10 09:14:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.10 09:14:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 09:14:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.10 09:14:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.10 09:14:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 09:14:08 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.10 09:14:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 09:14:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.10 09:14:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.10 09:14:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 09:14:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.10 09:14:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 09:14:08 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.10 09:14:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.10 09:14:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.10 09:14:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 09:14:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 09:14:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.10 09:14:08 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.10 09:14:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.10 09:14:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.10 09:14:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.10 09:11:36 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.04.10 09:11:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.10 09:11:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.10 09:11:35 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.04.10 09:11:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.04.10 09:11:34 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 09:11:34 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.04.10 09:11:34 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.04.10 09:11:34 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.04.10 09:11:34 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.04.10 09:11:34 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 09:11:34 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 09:11:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.04.10 09:11:34 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.04.10 09:11:34 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.04.10 09:11:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.04.10 09:11:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.04.10 09:11:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.04.10 09:11:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 09:11:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.04.10 09:11:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 09:11:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.04.10 09:11:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.04.10 09:11:33 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 09:00:58 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.04.10 09:00:58 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.04.10 09:00:52 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.04.10 09:00:10 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 09:00:09 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 09:00:09 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 09:00:09 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 09:00:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 09:00:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 20:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013.04.09 20:13:50 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.04.09 20:12:56 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.04.09 20:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.04.09 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.04.09 20:12:41 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.09 20:12:41 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.04.09 19:40:07 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.08 16:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.08 16:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.04.07 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\Christiane\AppData\Local\FreeOCR
[2013.04.07 11:23:22 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\SysWow64\ImageEnXLibrary.ocx
[2013.04.07 11:23:18 | 000,000,000 | ---D | C] -- C:\FreeOCR
[2013.04.07 11:15:21 | 000,000,000 | ---D | C] -- C:\Users\Christiane\Documents\OneNote-Notizbücher
[2013.04.06 18:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.06 18:30:24 | 000,000,000 | ---D | C] -- C:\HP
[2013.04.06 10:08:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.04.06 10:08:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.04 10:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.04.04 10:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\BRowsE2soave
[2013.04.04 10:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.04.03 20:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.04.02 20:06:22 | 000,000,000 | ---D | C] -- C:\Users\Christiane\AppData\Roaming\com.dansl.QRreader
[2013.03.26 09:45:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.22 15:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.20 19:59:24 | 000,000,000 | ---D | C] -- C:\Users\Christiane\AppData\Roaming\OpenCandy
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.10 13:27:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christiane\Desktop\OTL.exe
[2013.04.10 13:00:01 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1163813797-2419015131-2533885825-1001UA.job
[2013.04.10 12:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 12:55:20 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 12:55:20 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.10 12:55:20 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 12:55:20 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.10 12:55:20 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.10 12:52:34 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.10 12:51:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.10 09:34:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 09:34:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 09:31:47 | 000,001,942 | ---- | M] () -- C:\Users\Christiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
[2013.04.10 09:30:42 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.10 09:29:49 | 000,831,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 09:27:38 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.10 09:19:09 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\SpyHunter4.job
[2013.04.10 09:14:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 09:14:08 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 09:14:08 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 09:14:08 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.10 09:14:08 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.10 09:14:08 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.10 09:14:08 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.10 09:14:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 09:14:08 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.10 09:14:08 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.10 09:14:08 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 09:14:08 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.10 09:14:08 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 09:14:08 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 09:14:08 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 09:14:08 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.10 09:14:08 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.10 09:14:08 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 09:14:08 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.10 09:14:08 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.10 09:14:08 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 09:14:08 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 09:14:08 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.10 09:14:08 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.10 09:14:08 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.10 09:14:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.10 09:14:08 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 09:14:08 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.10 09:14:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.10 09:14:08 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.10 09:14:08 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.10 09:14:08 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.10 09:14:08 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.10 09:14:08 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 09:14:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 09:14:08 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.10 09:14:08 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.10 09:14:08 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.10 09:14:08 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.10 09:14:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.10 09:14:08 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 09:14:08 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.10 09:14:08 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 09:14:08 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.10 09:14:08 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 09:14:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.10 09:14:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.10 09:14:08 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 09:14:08 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.10 09:14:08 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.10 09:14:08 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 09:14:08 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.10 09:14:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 09:14:08 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.10 09:14:08 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.10 09:14:08 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 09:14:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.10 09:14:08 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 09:14:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.10 09:14:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.10 09:14:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.10 09:14:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 09:14:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 09:14:08 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.10 09:14:08 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.10 09:14:08 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.10 09:14:08 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.10 09:14:08 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.10 09:14:08 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.10 09:14:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.10 09:11:07 | 001,591,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.10 08:56:48 | 000,385,446 | ---- | M] () -- C:\Users\Christiane\Zwischenablage01.jpg
[2013.04.09 20:25:39 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.09 20:25:39 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.04.09 20:13:50 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013.04.09 20:09:27 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.04.09 19:40:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.09 19:00:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1163813797-2419015131-2533885825-1001Core.job
[2013.04.09 13:30:12 | 000,219,692 | ---- | M] () -- C:\Users\Christiane\IMG_9425.jpg
[2013.04.09 13:29:28 | 000,226,627 | ---- | M] () -- C:\Users\Christiane\IMG_9424.jpg
[2013.04.08 20:02:14 | 000,213,397 | ---- | M] () -- C:\Users\Christiane\STB_9423.jpg
[2013.04.08 20:01:58 | 000,201,139 | ---- | M] () -- C:\Users\Christiane\STA_9422.jpg
[2013.04.08 16:19:08 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.08 14:49:15 | 000,618,876 | ---- | M] () -- C:\Users\Christiane\Documents\Scan0001.pdf
[2013.04.07 11:15:21 | 000,001,401 | ---- | M] () -- C:\Users\Christiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.04.01 18:52:20 | 000,055,296 | ---- | M] () -- C:\Users\Christiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.01 11:17:18 | 000,392,815 | ---- | M] () -- C:\Users\Christiane\IMG_9322.jpg
[2013.03.30 14:22:53 | 000,147,015 | ---- | M] () -- C:\Users\Christiane\Documents\Debekaantrag 1.4.13.pdf
[2013.03.24 10:02:40 | 000,407,920 | ---- | M] () -- C:\Users\Christiane\Scan0002.jpg
[2013.03.24 09:59:42 | 000,413,775 | ---- | M] () -- C:\Users\Christiane\Scan0001.jpg
[2013.03.22 15:48:32 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.22 11:33:24 | 000,242,009 | ---- | M] () -- C:\Users\Christiane\header-2x.png
[2013.03.20 20:01:18 | 000,000,009 | ---- | M] () -- C:\END
[2013.03.20 17:08:09 | 003,991,539 | ---- | M] () -- C:\Users\Christiane\Blog Backup 20-03-2013.xml
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.03.16 14:08:14 | 000,002,269 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3520 series.lnk
[2013.03.13 20:12:13 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 20:12:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.10 09:14:08 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.10 09:14:08 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.10 08:56:48 | 000,385,446 | ---- | C] () -- C:\Users\Christiane\Zwischenablage01.jpg
[2013.04.09 20:14:04 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013.04.09 13:30:12 | 000,219,692 | ---- | C] () -- C:\Users\Christiane\IMG_9425.jpg
[2013.04.09 13:29:28 | 000,226,627 | ---- | C] () -- C:\Users\Christiane\IMG_9424.jpg
[2013.04.08 20:02:14 | 000,213,397 | ---- | C] () -- C:\Users\Christiane\STB_9423.jpg
[2013.04.08 20:01:59 | 000,201,139 | ---- | C] () -- C:\Users\Christiane\STA_9422.jpg
[2013.04.08 19:30:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.04.08 17:24:30 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\SpyHunter4.job
[2013.04.08 16:19:08 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.08 14:49:15 | 000,618,876 | ---- | C] () -- C:\Users\Christiane\Documents\Scan0001.pdf
[2013.04.07 11:15:21 | 000,001,401 | ---- | C] () -- C:\Users\Christiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2013.04.01 11:17:18 | 000,392,815 | ---- | C] () -- C:\Users\Christiane\IMG_9322.jpg
[2013.03.30 14:22:53 | 000,147,015 | ---- | C] () -- C:\Users\Christiane\Documents\Debekaantrag 1.4.13.pdf
[2013.03.24 10:02:40 | 000,407,920 | ---- | C] () -- C:\Users\Christiane\Scan0002.jpg
[2013.03.24 09:59:42 | 000,413,775 | ---- | C] () -- C:\Users\Christiane\Scan0001.jpg
[2013.03.22 15:48:32 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.22 11:33:24 | 000,242,009 | ---- | C] () -- C:\Users\Christiane\header-2x.png
[2013.03.20 19:59:38 | 000,000,009 | ---- | C] () -- C:\END
[2013.03.20 17:08:08 | 003,991,539 | ---- | C] () -- C:\Users\Christiane\Blog Backup 20-03-2013.xml
[2013.03.08 22:40:38 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.01.30 12:54:53 | 000,080,635 | ---- | C] () -- C:\Users\Christiane\46769_10151259658784366_1759235892_n.jpg
[2013.01.16 12:36:07 | 000,013,394 | ---- | C] () -- C:\Users\Christiane\13562_486000874775644_2134764167_n.jpg
[2012.12.07 23:32:30 | 000,190,633 | ---- | C] () -- C:\Users\Christiane\532428_459806410743981_1256490687_n.png
[2012.11.27 15:00:36 | 009,778,476 | ---- | C] () -- C:\Users\Christiane\video-2012-11-11-17-06-43.mp4
[2012.11.27 15:00:36 | 006,967,054 | ---- | C] () -- C:\Users\Christiane\video-2012-11-16-12-51-36.mp4
[2012.11.27 15:00:35 | 007,865,130 | ---- | C] () -- C:\Users\Christiane\video-2012-11-11-15-39-49.mp4
[2012.11.19 20:32:13 | 000,351,026 | ---- | C] () -- C:\Users\Christiane\644115_551536351538482_182875002_n.jpg
[2012.11.03 14:07:20 | 000,002,125 | ---- | C] () -- C:\Users\Christiane\Firefox-Wiederherstellungs-Schlüssel.html
[2012.10.24 13:04:55 | 000,090,620 | ---- | C] () -- C:\Users\Christiane\319065_366298800121692_1907668805_n.jpg
[2012.10.10 09:17:17 | 000,000,250 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.20 19:50:58 | 000,458,128 | ---- | C] () -- C:\Users\Christiane\geschwisterbild.jpg
[2012.08.12 10:46:56 | 000,213,716 | ---- | C] () -- C:\Users\Christiane\IMG_7688.jpg
[2012.07.04 09:40:31 | 000,192,769 | ---- | C] () -- C:\Users\Christiane\Nickname.pdf
[2012.06.19 09:24:54 | 000,292,231 | ---- | C] () -- C:\Users\Christiane\IMGP3350.jpg
[2012.06.09 19:59:49 | 000,220,079 | ---- | C] () -- C:\Users\Christiane\blaue lotte.jpg
[2012.06.07 19:12:55 | 003,132,856 | ---- | C] () -- C:\Users\Christiane\IMG_6905.JPG
[2012.06.07 19:12:54 | 004,311,041 | ---- | C] () -- C:\Users\Christiane\IMG_6903.JPG
[2012.06.07 19:12:54 | 003,816,662 | ---- | C] () -- C:\Users\Christiane\IMG_6904.JPG
[2012.06.07 14:01:54 | 000,281,000 | ---- | C] () -- C:\Users\Christiane\IMGP3244.jpg
[2012.05.24 18:51:34 | 003,114,004 | ---- | C] () -- C:\Users\Christiane\Firmware_Speedport_W504V_1.15.000.bin
[2012.05.16 09:33:35 | 000,189,268 | ---- | C] () -- C:\Users\Christiane\Augustmütter.pdf
[2012.04.19 19:50:34 | 000,143,369 | ---- | C] () -- C:\Users\Christiane\grimassen.jpg
[2012.03.28 08:56:20 | 000,024,667 | ---- | C] () -- C:\Users\Christiane\562646_10150630170282971_85191472970_9091904_1889213319_n.jpg
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.11.06 19:57:37 | 000,287,729 | ---- | C] () -- C:\Users\Christiane\lottchen.jpg
[2011.10.12 14:26:57 | 000,509,852 | ---- | C] () -- C:\Users\Christiane\Collage oktober.jpg
[2011.09.19 07:35:15 | 000,385,605 | ---- | C] () -- C:\Users\Christiane\IMG_5267.jpg
[2011.07.14 09:33:52 | 000,067,839 | ---- | C] () -- C:\Users\Christiane\salvatore.jpg
[2011.06.24 12:36:15 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2011.06.08 10:31:44 | 000,204,062 | ---- | C] () -- C:\Users\Christiane\Mutter und Sohn.jpg
[2011.05.21 13:36:54 | 000,290,963 | ---- | C] () -- C:\Users\Christiane\IMG_5994.JPG
[2011.05.21 11:49:02 | 000,532,946 | ---- | C] () -- C:\Users\Christiane\IMG_2752.jpg
[2011.05.21 11:48:50 | 000,137,874 | ---- | C] () -- C:\Users\Christiane\IMG_2180.jpg
[2011.05.21 11:47:52 | 003,997,614 | ---- | C] () -- C:\Users\Christiane\IMGP1122.jpg
[2011.05.21 11:47:52 | 000,179,820 | ---- | C] () -- C:\Users\Christiane\signatur.jpg
[2011.05.21 11:44:46 | 000,510,751 | ---- | C] () -- C:\Users\Christiane\IMG_3883.jpg
[2011.05.21 11:43:55 | 000,259,285 | ---- | C] () -- C:\Users\Christiane\IMG_3438.jpg
[2011.05.21 11:42:39 | 000,654,635 | ---- | C] () -- C:\Users\Christiane\IMG_2620.jpg
[2011.05.21 10:08:17 | 000,109,463 | ---- | C] () -- C:\Users\Christiane\IMG_2260.jpg
[2011.05.21 10:08:04 | 014,655,532 | ---- | C] () -- C:\Users\Christiane\Segne_dieses_Kind.wav
[2011.05.21 10:07:40 | 004,625,832 | ---- | C] () -- C:\Users\Christiane\Patschefuß.jpg
[2011.05.21 10:07:39 | 001,303,370 | ---- | C] () -- C:\Users\Christiane\IMG_3089.jpg
[2011.05.20 21:09:21 | 000,055,296 | ---- | C] () -- C:\Users\Christiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.20 20:29:29 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.20 19:51:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.10 21:09:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 10.04.2013 13:29:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christiane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 72,21% Memory free
11,96 Gb Paging File | 9,70 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 257,78 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIANE-PC | User Name: Christiane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22950B23-DC28-49E9-AFBB-C34E88891D48}" = lport=137 | protocol=17 | dir=in | app=system | 
"{279271F2-4E88-4FA7-80DE-C8EC42B73CA9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{27BBA3CF-6918-4728-8E0B-837482451BE5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2A787FD4-B9DB-4FF4-927F-E3DD44D64D66}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{42A566F1-EB51-40E9-B750-29DA0E54EC48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{442FE464-271B-4EE9-8D49-BFF2600D8BF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47066877-311E-4D36-8898-C3C1C78C24C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A630F45-CF3A-4B96-ACB8-F353E4BE2ADD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7B9AB9DA-550C-44F2-988E-BA095833FDA2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7F67D236-94C2-4422-8201-7E35BAFBCFA2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{830BE9C3-73D6-44B3-8B13-176CF2E4E235}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83D00126-2E5A-42BF-92A4-6F89DFF4F9E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{894FB711-2FC5-44B9-980A-D6CE544E8A46}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{975164C1-C85B-4B85-BA9F-20295BE5E1DE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9F2E8076-1A47-4806-81AE-02F6CAEBB506}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B637354C-E57D-420C-89C0-1DED4EDE01D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C862B8D9-DA96-4C76-94E7-5D88DEA693D8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD88B10C-D60D-46D3-A0C8-6BD8005DFB9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D24466F3-E6DB-4659-85FC-F8180867490F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5E9FBFE-7CA1-454C-B68D-DB09309C7D33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA17940E-3C92-42C1-94C7-F2FF22395823}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E37375F1-BA72-40A6-8FAA-AE7AA1AEF931}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED8AE2A0-A3B9-43F4-96FC-9C115A28CB55}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F32DB47F-1D99-48E8-9605-1643FF635500}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4A19E75-5CE8-4D8A-9A24-7236C6E5D1B5}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0247D812-8811-4D2B-AA26-F4F3ED94C63A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{079711D0-3834-4862-82D7-235E33EB23EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{07AD1981-BEE0-47BF-A9D9-E8F0974D0B1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BD33F05-5636-47B8-B228-68C8BA722F70}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0C72E1B9-968B-4E33-A395-6054E39477E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{15C6F8F3-5888-4B5E-85CC-4DE90E916C8B}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{1B1D167B-C175-43DA-BD57-7BE148013EEA}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{1C167A53-A04D-4258-BB15-A2D54560D161}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{1EA0E3FE-A4BD-4566-8E18-8431D1CA4717}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{2412687E-A8AA-45AC-B434-6F1A4467EE4E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{26D33848-0CF4-4DFB-AAA9-32133861D19F}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe | 
"{35D82601-056F-404C-BB95-750AF8F82B45}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{38FA4929-4766-46CD-8DE9-76DE1A96B402}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{391022C5-5F4F-4257-9DB1-061EFC30EB0F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E77EEAD-EABE-4648-AA9F-FF216ED301A3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{47656DDE-47E5-46F5-B561-1414B2ACB657}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BB44B7B-9C11-4210-94E1-C3DAAC44E706}" = dir=in | app=c:\users\christiane\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{540DA4EE-ED4E-43E4-95B4-262ADDD68B2A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{62C378A5-35B7-4BBE-B068-2EA3C56101C6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{7078D1C7-B05F-470A-A47C-018C2D0E44D9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{73A0401A-48D5-4D29-83A5-97FBD5827721}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{754A0236-F4F6-4EEB-9653-3BC93EC806D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8594588D-EDA5-4D27-8D5C-19A56670C0B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{85E8C5D3-C77B-470F-99D3-64D9C58AC22B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{901C4076-A28A-436A-B2F2-326A00815A06}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{915158FA-72BC-474A-9B09-29B988374DF2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{9AA8D563-A881-4727-8338-066566FAC600}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe | 
"{A7934B9B-273E-470D-9B3E-9EA6A79D685B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B1759EF4-1E69-41AF-9196-DA4201F28B27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2C92DF7-DED0-4D49-A9FC-BB06696F0335}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BCD86F11-7D6B-4A3F-9055-D74FFD17A423}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BD09118C-86B0-4878-BC3C-1BDFDEF8CDD2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{BE14A660-4AE6-447A-9377-7579304F9107}" = protocol=6 | dir=out | app=system | 
"{C4C6F009-98D4-424A-8F7F-C1C183FE460D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | 
"{C730C92F-CA6F-4974-A60A-6CF23FF16645}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D050891F-188D-41D9-99FA-CA78DD02B6B1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D41253E9-1564-496A-9502-A457CA8D547E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | 
"{E0548279-56F5-475E-B7AF-DFE4DAA5BFB6}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe | 
"{E0A4E70E-9C6D-437E-A00F-57BA5FA998CB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | 
"{E7324672-143E-4819-B789-35D128EB691F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E96F7E0B-D41D-4DC1-9A6C-D0E9054266DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA5305BD-870A-4865-9E0E-8ABEAC6F9F9B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{EFC36208-2A49-49B6-BFFC-1C7398153E9F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F71069A8-8831-4015-BE9F-4516B2DE0451}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"TCP Query User{598E906D-F675-4918-8C17-23C3FA7B5082}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{ACC874A9-59AC-48A3-BBA4-3F46AB9F47F7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}" = HP Deskjet 3520 series - Grundlegende Software für das Gerät
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{A5BB6A58-BC1A-48A7-BB19-1768A80CF9C9}" = Studie zur Verbesserung von HP Deskjet 3520 series Produkten
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{176393FB-D9CA-4829-8921-D471F833912C}" = DJ3525FWUpdateAlert
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3DF497D8-C37F-4BFF-B8A3-DA6D6E967EC9}" = Sibelius 5 Student
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B953497-169C-4929-9AA9-A9F510347468}" = HP Deskjet 3520 series Hilfe
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch (all browsers)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.9
"BookSmart® 3.4.3 3.4.3" = BookSmart® 3.4.3 3.4.3
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"Free Studio_is1" = Free Studio version 2013
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GeoKLIMA 2.01" = GeoKLIMA 2.01
"GeoKLIMA 2.1c" = GeoKLIMA 2.1c
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"MyCamera" = Canon Utilities MyCamera
"NotenBox7_is1" = AWIN NotenBox 7
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RarZilla Free Unrar" = RarZilla Free Unrar
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1163813797-2419015131-2533885825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.03.2013 08:17:04 | Computer Name = Christiane-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.03.2013 07:50:03 | Computer Name = Christiane-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a1d3  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a0ed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00172818  ID des fehlerhaften
 Prozesses: 0x768  Startzeit der fehlerhaften Anwendung: 0x01ce2e05aa0aa195  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 1f04f1a9-99f9-11e2-94dd-1c7508d4a3a7
 
Error - 31.03.2013 11:42:34 | Computer Name = Christiane-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.04.2013 06:20:51 | Computer Name = Christiane-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a1d3  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a0ed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00172818  ID des fehlerhaften
 Prozesses: 0x116c  Startzeit der fehlerhaften Anwendung: 0x01ce310faf75f929  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 52c95c5a-9d11-11e2-b0b6-1c7508d4a3a7
 
Error - 06.04.2013 04:09:43 | Computer Name = Christiane-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 06.04.2013 04:09:44 | Computer Name = Christiane-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.04.2013 11:25:02 | Computer Name = Christiane-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.0.4833,
 Zeitstempel: 0x5152542c  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.0.4833,
 Zeitstempel: 0x51525346  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000973d8  ID des fehlerhaften
 Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01ce346cca21a2ae  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 7ae16d85-a060-11e2-adea-1c7508d4a3a7
 
Error - 08.04.2013 11:26:00 | Computer Name = Christiane-PC | Source = MsiInstaller | ID = 11721
Description = 
 
Error - 08.04.2013 13:21:10 | Computer Name = Christiane-PC | Source = MsiInstaller | ID = 11721
Description = 
 
Error - 09.04.2013 14:48:40 | Computer Name = Christiane-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.0.4833 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1614    Startzeit:
 01ce355132ce8b30    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 0a24cbe7-a146-11e2-bc51-1c7508d4a3a7  
 
Error - 10.04.2013 05:10:51 | Computer Name = Christiane-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BackupManagerTray.exe, Version: 3.0.0.100,
 Zeitstempel: 0x4f053c75  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000e31f  ID des fehlerhaften
 Prozesses: 0x12bc  Startzeit der fehlerhaften Anwendung: 0x01ce35bd76757a21  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 8a15c41c-a1be-11e2-87c6-1c7508d4a3a7
 
[ System Events ]
Error - 04.04.2013 04:54:49 | Computer Name = Christiane-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 05.04.2013 05:05:53 | Computer Name = Christiane-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 06.04.2013 05:05:19 | Computer Name = Christiane-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.04.2013 08:30:26 | Computer Name = Christiane-PC | Source = Microsoft Antimalware | ID = 2001
Description = 
 
Error - 08.04.2013 08:30:26 | Computer Name = Christiane-PC | Source = Microsoft Antimalware | ID = 2001
Description = 
 
Error - 08.04.2013 08:30:26 | Computer Name = Christiane-PC | Source = Microsoft Antimalware | ID = 2001
Description = 
 
Error - 09.04.2013 12:37:37 | Computer Name = Christiane-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.04.2013 12:37:36 | Computer Name = Christiane-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%109
 
Error - 10.04.2013 02:41:50 | Computer Name = Christiane-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 10.04.2013 03:34:19 | Computer Name = Christiane-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
 9 für Windows 7 für x64-Systeme (KB2817183)
 
 
< End of report >
         


Alt 10.04.2013, 15:06   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Browse2save, spyhunter

Alt 10.04.2013, 17:00   #7
Talpa
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



gmer:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 15:59:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\awlyiaow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey         00000000775efa88 5 bytes JMP 0000000174b5139e
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  00000000775f0018 5 bytes JMP 0000000174b51a54
.text   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      00000000750a1465 2 bytes [0A, 75]
.text   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000750a14bb 2 bytes [0A, 75]
.text   ...                                                                                                                                * 2
.text   C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000750a1465 2 bytes [0A, 75]
.text   C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000750a14bb 2 bytes [0A, 75]
.text   ...                                                                                                                                * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3444:3460]                                                             0000000075ef7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3444:3488]                                                             00000000727c0cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3444:3512]                                                             0000000077622e25
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3444:6648]                                                             0000000077623e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3444:4328]                                                             0000000077623e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3444:5168]                                                             0000000077623e45

---- EOF - GMER 2.1 ----
         

dann mbar gemacht. beim ersten start hat es sich nach ca 10 sekunden zerschossen und es kam ein bluescreen. nach neustart ging es problemlos.
eine malware gefunden.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Christiane :: CHRISTIANE-PC [administrator]

10.04.2013 16:29:57
mbar-log-2013-04-10 (16-29-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30457
Time elapsed: 19 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\ProgramData\BRowsE2soave\515d3b89d599b.dll (Adware.MultiPlug) -> Delete on reboot.

(end)
         
nach neustart dann nix mehr:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Christiane :: CHRISTIANE-PC [administrator]

10.04.2013 16:58:10
mbar-log-2013-04-10 (16-58-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30452
Time elapsed: 19 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
noch ein edit:

diese 2 updates soll ich immer und immer wieder herunterladen. wenn ich den rechner herunterfahre, installieren sie sich von selbst - nur um dann beim nächsten start wieder neu installiert werden zu wollen.

häh?


Alt 10.04.2013, 22:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2013, 14:45   #9
Talpa
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



aswmbr:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 13:54:16
-----------------------------
13:54:16.944    OS Version: Windows x64 6.1.7601 Service Pack 1
13:54:16.945    Number of processors: 4 586 0x2A07
13:54:16.946    ComputerName: CHRISTIANE-PC  UserName: Christiane
13:54:19.008    Initialize success
13:55:25.639    AVAST engine defs: 13041100
13:55:38.821    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:55:38.836    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
13:55:38.946    Disk 0 MBR read successfully
13:55:38.946    Disk 0 MBR scan
13:55:38.946    Disk 0 Windows 7 default MBR code
13:55:38.946    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
13:55:38.961    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
13:55:38.977    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461478 MB offset 31664128
13:55:39.008    Disk 0 scanning C:\Windows\system32\drivers
13:55:50.536    Service scanning
13:56:13.359    Modules scanning
13:56:13.375    Disk 0 trace - called modules:
13:56:13.406    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
13:56:13.406    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800817f060]
13:56:13.422    3 CLASSPNP.SYS[fffff88001dc343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006300050]
13:56:15.309    AVAST engine scan C:\Windows
13:56:18.476    AVAST engine scan C:\Windows\system32
13:59:26.660    AVAST engine scan C:\Windows\system32\drivers
13:59:40.840    AVAST engine scan C:\Users\Christiane
14:32:27.624    AVAST engine scan C:\ProgramData
14:37:37.970    Scan finished successfully
14:42:10.291    Disk 0 MBR has been saved successfully to "C:\Users\Christiane\Desktop\MBR.dat"
14:42:10.307    The log file has been saved successfully to "C:\Users\Christiane\Desktop\aswMBR.txt"
         


TDSS:

Code:
ATTFilter
14:43:28.0028 8160  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:43:28.0097 8160  ============================================================
14:43:28.0097 8160  Current date / time: 2013/04/11 14:43:28.0097
14:43:28.0097 8160  SystemInfo:
14:43:28.0097 8160  
14:43:28.0097 8160  OS Version: 6.1.7601 ServicePack: 1.0
14:43:28.0097 8160  Product type: Workstation
14:43:28.0097 8160  ComputerName: CHRISTIANE-PC
14:43:28.0097 8160  UserName: Christiane
14:43:28.0097 8160  Windows directory: C:\Windows
14:43:28.0097 8160  System windows directory: C:\Windows
14:43:28.0097 8160  Running under WOW64
14:43:28.0097 8160  Processor architecture: Intel x64
14:43:28.0097 8160  Number of processors: 4
14:43:28.0097 8160  Page size: 0x1000
14:43:28.0097 8160  Boot type: Normal boot
14:43:28.0097 8160  ============================================================
14:43:28.0477 8160  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:43:28.0517 8160  ============================================================
14:43:28.0518 8160  \Device\Harddisk0\DR0:
14:43:28.0536 8160  MBR partitions:
14:43:28.0536 8160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
14:43:28.0536 8160  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
14:43:28.0536 8160  ============================================================
14:43:28.0576 8160  C: <-> \Device\Harddisk0\DR0\Partition2
14:43:28.0605 8160  ============================================================
14:43:28.0605 8160  Initialize success
14:43:28.0605 8160  ============================================================
14:43:49.0983 7468  ============================================================
14:43:49.0984 7468  Scan started
14:43:49.0984 7468  Mode: Manual; SigCheck; TDLFS; 
14:43:49.0984 7468  ============================================================
14:43:50.0463 7468  ================ Scan system memory ========================
14:43:50.0463 7468  System memory - ok
14:43:50.0463 7468  ================ Scan services =============================
14:43:50.0681 7468  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:43:50.0820 7468  1394ohci - ok
14:43:50.0875 7468  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:43:50.0890 7468  ACPI - ok
14:43:50.0932 7468  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:43:51.0017 7468  AcpiPmi - ok
14:43:51.0186 7468  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:43:51.0196 7468  AdobeARMservice - ok
14:43:51.0343 7468  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:43:51.0355 7468  AdobeFlashPlayerUpdateSvc - ok
14:43:51.0403 7468  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:43:51.0421 7468  adp94xx - ok
14:43:51.0454 7468  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:43:51.0470 7468  adpahci - ok
14:43:51.0503 7468  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:43:51.0516 7468  adpu320 - ok
14:43:51.0541 7468  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:43:51.0675 7468  AeLookupSvc - ok
14:43:51.0732 7468  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:43:51.0798 7468  AFD - ok
14:43:51.0841 7468  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:43:51.0852 7468  agp440 - ok
14:43:51.0866 7468  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:43:51.0905 7468  ALG - ok
14:43:51.0944 7468  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:43:51.0954 7468  aliide - ok
14:43:51.0994 7468  [ 9CB927E76D3F65A02741A4D9A690178C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:43:52.0063 7468  AMD External Events Utility - ok
14:43:52.0088 7468  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:43:52.0103 7468  amdide - ok
14:43:52.0120 7468  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:43:52.0176 7468  AmdK8 - ok
14:43:52.0420 7468  [ B8660FB5431F136635FB6446AC67FAAE ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:52.0685 7468  amdkmdag - ok
14:43:52.0698 7468  [ 5FC9D833F726383D9D60205F5A3CF16B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:43:52.0769 7468  amdkmdap - ok
14:43:52.0777 7468  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:43:52.0829 7468  AmdPPM - ok
14:43:52.0894 7468  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:43:52.0928 7468  amdsata - ok
14:43:52.0960 7468  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:43:52.0983 7468  amdsbs - ok
14:43:53.0003 7468  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:43:53.0022 7468  amdxata - ok
14:43:53.0066 7468  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:43:53.0139 7468  AppID - ok
14:43:53.0159 7468  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:43:53.0215 7468  AppIDSvc - ok
14:43:53.0295 7468  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:43:53.0397 7468  Appinfo - ok
14:43:53.0422 7468  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:43:53.0433 7468  arc - ok
14:43:53.0436 7468  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:43:53.0447 7468  arcsas - ok
14:43:53.0574 7468  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:43:53.0603 7468  aspnet_state - ok
14:43:53.0632 7468  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:53.0736 7468  AsyncMac - ok
14:43:53.0775 7468  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:43:53.0786 7468  atapi - ok
14:43:53.0869 7468  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:43:53.0957 7468  athr - ok
14:43:54.0007 7468  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
14:43:54.0032 7468  AtiHdmiService - ok
14:43:54.0096 7468  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:43:54.0223 7468  AudioEndpointBuilder - ok
14:43:54.0232 7468  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:43:54.0272 7468  AudioSrv - ok
14:43:54.0499 7468  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
14:43:54.0530 7468  AVP - ok
14:43:54.0593 7468  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:43:54.0733 7468  AxInstSV - ok
14:43:54.0796 7468  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:43:54.0874 7468  b06bdrv - ok
14:43:54.0905 7468  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:43:54.0952 7468  b57nd60a - ok
14:43:54.0998 7468  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:43:55.0061 7468  BDESVC - ok
14:43:55.0076 7468  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:43:55.0123 7468  Beep - ok
14:43:55.0217 7468  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:43:55.0326 7468  BFE - ok
14:43:55.0357 7468  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:43:55.0466 7468  BITS - ok
14:43:55.0498 7468  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:55.0529 7468  blbdrive - ok
14:43:55.0560 7468  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:43:55.0622 7468  bowser - ok
14:43:55.0638 7468  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:43:55.0669 7468  BrFiltLo - ok
14:43:55.0685 7468  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:43:55.0872 7468  BrFiltUp - ok
14:43:55.0919 7468  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:43:55.0966 7468  Browser - ok
14:43:55.0981 7468  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:43:56.0028 7468  Brserid - ok
14:43:56.0028 7468  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:56.0059 7468  BrSerWdm - ok
14:43:56.0075 7468  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:56.0090 7468  BrUsbMdm - ok
14:43:56.0106 7468  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:56.0106 7468  BrUsbSer - ok
14:43:56.0122 7468  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:56.0137 7468  BTHMODEM - ok
14:43:56.0153 7468  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:43:56.0200 7468  bthserv - ok
14:43:56.0215 7468  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:43:56.0246 7468  cdfs - ok
14:43:56.0309 7468  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:43:56.0356 7468  cdrom - ok
14:43:56.0402 7468  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:43:56.0465 7468  CertPropSvc - ok
14:43:56.0480 7468  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:43:56.0543 7468  circlass - ok
14:43:56.0558 7468  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:43:56.0574 7468  CLFS - ok
14:43:56.0621 7468  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:56.0652 7468  clr_optimization_v2.0.50727_32 - ok
14:43:56.0699 7468  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:43:56.0714 7468  clr_optimization_v2.0.50727_64 - ok
14:43:56.0839 7468  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:43:56.0870 7468  clr_optimization_v4.0.30319_32 - ok
14:43:56.0886 7468  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:43:56.0886 7468  clr_optimization_v4.0.30319_64 - ok
14:43:56.0902 7468  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:43:56.0933 7468  CmBatt - ok
14:43:56.0964 7468  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:43:56.0995 7468  cmdide - ok
14:43:57.0042 7468  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
14:43:57.0104 7468  CNG - ok
14:43:57.0167 7468  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:43:57.0182 7468  Compbatt - ok
14:43:57.0229 7468  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:43:57.0307 7468  CompositeBus - ok
14:43:57.0307 7468  COMSysApp - ok
14:43:57.0323 7468  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:43:57.0338 7468  crcdisk - ok
14:43:57.0385 7468  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:43:57.0432 7468  CryptSvc - ok
14:43:57.0479 7468  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:43:57.0526 7468  DcomLaunch - ok
14:43:57.0557 7468  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:43:57.0604 7468  defragsvc - ok
14:43:57.0650 7468  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:43:57.0760 7468  DfsC - ok
14:43:57.0822 7468  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:43:57.0884 7468  Dhcp - ok
14:43:57.0900 7468  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:43:57.0947 7468  discache - ok
14:43:57.0978 7468  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:43:57.0994 7468  Disk - ok
14:43:58.0009 7468  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:43:58.0072 7468  Dnscache - ok
14:43:58.0118 7468  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:43:58.0165 7468  dot3svc - ok
14:43:58.0212 7468  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:43:58.0274 7468  DPS - ok
14:43:58.0306 7468  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:43:58.0321 7468  drmkaud - ok
14:43:58.0399 7468  [ 470F7F19188AB45463F8B612D6DDE7C8 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:43:58.0430 7468  DsiWMIService - ok
14:43:58.0508 7468  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:43:58.0571 7468  DXGKrnl - ok
14:43:58.0602 7468  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:43:58.0649 7468  EapHost - ok
14:43:58.0742 7468  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:43:58.0914 7468  ebdrv - ok
14:43:58.0961 7468  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:43:59.0008 7468  EFS - ok
14:43:59.0054 7468  [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
14:43:59.0070 7468  EgisTec Ticket Service - ok
14:43:59.0132 7468  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:43:59.0242 7468  ehRecvr - ok
14:43:59.0273 7468  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:43:59.0288 7468  ehSched - ok
14:43:59.0320 7468  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:43:59.0351 7468  elxstor - ok
14:43:59.0429 7468  [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:43:59.0507 7468  ePowerSvc - ok
14:43:59.0538 7468  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:43:59.0569 7468  ErrDev - ok
14:43:59.0647 7468  esgiguard - ok
14:43:59.0678 7468  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:43:59.0756 7468  EventSystem - ok
14:43:59.0756 7468  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:43:59.0803 7468  exfat - ok
14:43:59.0834 7468  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:43:59.0866 7468  fastfat - ok
14:43:59.0912 7468  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:43:59.0990 7468  Fax - ok
14:44:00.0022 7468  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:44:00.0053 7468  fdc - ok
14:44:00.0084 7468  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:44:00.0131 7468  fdPHost - ok
14:44:00.0146 7468  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:44:00.0209 7468  FDResPub - ok
14:44:00.0209 7468  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:44:00.0224 7468  FileInfo - ok
14:44:00.0240 7468  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:44:00.0287 7468  Filetrace - ok
14:44:00.0334 7468  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:44:00.0349 7468  FLEXnet Licensing Service - ok
14:44:00.0349 7468  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:00.0380 7468  flpydisk - ok
14:44:00.0443 7468  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:44:00.0474 7468  FltMgr - ok
14:44:00.0536 7468  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:44:00.0646 7468  FontCache - ok
14:44:00.0708 7468  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:44:00.0739 7468  FontCache3.0.0.0 - ok
14:44:00.0770 7468  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:44:00.0786 7468  FsDepends - ok
14:44:00.0833 7468  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:44:00.0848 7468  Fs_Rec - ok
14:44:00.0864 7468  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:44:00.0895 7468  fvevol - ok
14:44:00.0911 7468  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:00.0926 7468  gagp30kx - ok
14:44:00.0973 7468  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:44:01.0098 7468  gpsvc - ok
14:44:01.0160 7468  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:44:01.0176 7468  GREGService - ok
14:44:01.0316 7468  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:44:01.0348 7468  gupdate - ok
14:44:01.0379 7468  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:44:01.0394 7468  gupdatem - ok
14:44:01.0426 7468  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:44:01.0441 7468  gusvc - ok
14:44:01.0472 7468  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:44:01.0535 7468  hcw85cir - ok
14:44:01.0597 7468  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:44:01.0628 7468  HdAudAddService - ok
14:44:01.0675 7468  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:44:01.0722 7468  HDAudBus - ok
14:44:01.0722 7468  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:01.0769 7468  HidBatt - ok
14:44:01.0769 7468  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:44:01.0831 7468  HidBth - ok
14:44:01.0862 7468  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:44:01.0894 7468  HidIr - ok
14:44:01.0925 7468  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:44:01.0972 7468  hidserv - ok
14:44:02.0034 7468  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:44:02.0050 7468  HidUsb - ok
14:44:02.0096 7468  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:44:02.0190 7468  hkmsvc - ok
14:44:02.0237 7468  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:44:02.0268 7468  HomeGroupListener - ok
14:44:02.0315 7468  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:44:02.0330 7468  HomeGroupProvider - ok
14:44:02.0362 7468  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:44:02.0377 7468  HpSAMD - ok
14:44:02.0440 7468  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:44:02.0564 7468  HTTP - ok
14:44:02.0611 7468  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:44:02.0627 7468  hwpolicy - ok
14:44:02.0689 7468  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:44:02.0736 7468  i8042prt - ok
14:44:02.0783 7468  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:44:02.0798 7468  iaStor - ok
14:44:02.0861 7468  [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:44:02.0892 7468  IAStorDataMgrSvc - ok
14:44:02.0939 7468  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:44:02.0954 7468  iaStorV - ok
14:44:03.0032 7468  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:44:03.0064 7468  idsvc - ok
14:44:03.0110 7468  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:44:03.0126 7468  iirsp - ok
14:44:03.0157 7468  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:44:03.0251 7468  IKEEXT - ok
14:44:03.0360 7468  [ F4C031439501F6C1D336A36D7CB58F4F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:44:03.0485 7468  IntcAzAudAddService - ok
14:44:03.0485 7468  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:44:03.0500 7468  intelide - ok
14:44:03.0532 7468  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:44:03.0547 7468  intelppm - ok
14:44:03.0578 7468  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:44:03.0610 7468  IPBusEnum - ok
14:44:03.0656 7468  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:03.0719 7468  IpFilterDriver - ok
14:44:03.0781 7468  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:44:03.0844 7468  iphlpsvc - ok
14:44:03.0875 7468  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:44:03.0922 7468  IPMIDRV - ok
14:44:03.0922 7468  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:44:03.0984 7468  IPNAT - ok
14:44:04.0000 7468  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:44:04.0062 7468  IRENUM - ok
14:44:04.0093 7468  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:44:04.0109 7468  isapnp - ok
14:44:04.0140 7468  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:44:04.0156 7468  iScsiPrt - ok
14:44:04.0202 7468  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:44:04.0234 7468  kbdclass - ok
14:44:04.0280 7468  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:44:04.0327 7468  kbdhid - ok
14:44:04.0358 7468  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:44:04.0374 7468  KeyIso - ok
14:44:04.0436 7468  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
14:44:04.0483 7468  kl1 - ok
14:44:04.0592 7468  [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
14:44:04.0624 7468  KLIF - ok
14:44:04.0748 7468  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
14:44:04.0764 7468  KLIM6 - ok
14:44:04.0858 7468  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
14:44:04.0889 7468  klkbdflt - ok
14:44:04.0936 7468  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
14:44:04.0967 7468  klmouflt - ok
14:44:04.0982 7468  [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
14:44:04.0998 7468  kltdi - ok
14:44:05.0045 7468  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
14:44:05.0060 7468  kneps - ok
14:44:05.0092 7468  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:44:05.0107 7468  KSecDD - ok
14:44:05.0138 7468  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:44:05.0154 7468  KSecPkg - ok
14:44:05.0170 7468  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:44:05.0232 7468  ksthunk - ok
14:44:05.0263 7468  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:44:05.0310 7468  KtmRm - ok
14:44:05.0341 7468  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
14:44:05.0357 7468  L1C - ok
14:44:05.0404 7468  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:44:05.0450 7468  LanmanServer - ok
14:44:05.0497 7468  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:44:05.0591 7468  LanmanWorkstation - ok
14:44:05.0622 7468  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:44:05.0669 7468  lltdio - ok
14:44:05.0700 7468  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:44:05.0747 7468  lltdsvc - ok
14:44:05.0794 7468  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:44:05.0872 7468  lmhosts - ok
14:44:05.0903 7468  [ 926EBA26A8B49D1597751CED06B50862 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:44:05.0950 7468  LMS - ok
14:44:05.0965 7468  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:05.0981 7468  LSI_FC - ok
14:44:05.0996 7468  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:06.0012 7468  LSI_SAS - ok
14:44:06.0028 7468  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:06.0043 7468  LSI_SAS2 - ok
14:44:06.0043 7468  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:06.0059 7468  LSI_SCSI - ok
14:44:06.0059 7468  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:44:06.0090 7468  luafv - ok
14:44:06.0137 7468  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:44:06.0199 7468  Mcx2Svc - ok
14:44:06.0215 7468  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:44:06.0246 7468  megasas - ok
14:44:06.0262 7468  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:06.0262 7468  MegaSR - ok
14:44:06.0293 7468  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:44:06.0293 7468  MEIx64 - ok
14:44:06.0324 7468  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:44:06.0402 7468  MMCSS - ok
14:44:06.0418 7468  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:44:06.0449 7468  Modem - ok
14:44:06.0480 7468  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:44:06.0496 7468  monitor - ok
14:44:06.0511 7468  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:44:06.0527 7468  mouclass - ok
14:44:06.0542 7468  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:44:06.0558 7468  mouhid - ok
14:44:06.0620 7468  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:44:06.0636 7468  mountmgr - ok
14:44:06.0730 7468  [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:44:06.0761 7468  MozillaMaintenance - ok
14:44:06.0776 7468  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:44:06.0823 7468  mpio - ok
14:44:06.0839 7468  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:44:06.0870 7468  mpsdrv - ok
14:44:06.0932 7468  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:44:07.0042 7468  MpsSvc - ok
14:44:07.0088 7468  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:44:07.0104 7468  MRxDAV - ok
14:44:07.0151 7468  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:07.0213 7468  mrxsmb - ok
14:44:07.0244 7468  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:07.0291 7468  mrxsmb10 - ok
14:44:07.0322 7468  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:07.0354 7468  mrxsmb20 - ok
14:44:07.0400 7468  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:44:07.0416 7468  msahci - ok
14:44:07.0463 7468  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:44:07.0478 7468  msdsm - ok
14:44:07.0494 7468  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:44:07.0525 7468  MSDTC - ok
14:44:07.0556 7468  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:44:07.0588 7468  Msfs - ok
14:44:07.0603 7468  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:44:07.0681 7468  mshidkmdf - ok
14:44:07.0697 7468  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:44:07.0697 7468  msisadrv - ok
14:44:07.0728 7468  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:44:07.0806 7468  MSiSCSI - ok
14:44:07.0806 7468  msiserver - ok
14:44:07.0837 7468  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:44:07.0884 7468  MSKSSRV - ok
14:44:07.0900 7468  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:07.0931 7468  MSPCLOCK - ok
14:44:07.0931 7468  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:44:07.0978 7468  MSPQM - ok
14:44:08.0024 7468  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:44:08.0056 7468  MsRPC - ok
14:44:08.0102 7468  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:44:08.0134 7468  mssmbios - ok
14:44:08.0149 7468  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:44:08.0258 7468  MSTEE - ok
14:44:08.0258 7468  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:08.0290 7468  MTConfig - ok
14:44:08.0321 7468  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:44:08.0321 7468  Mup - ok
14:44:08.0336 7468  [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:44:08.0352 7468  mwlPSDFilter - ok
14:44:08.0352 7468  [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:44:08.0368 7468  mwlPSDNServ - ok
14:44:08.0383 7468  [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:44:08.0399 7468  mwlPSDVDisk - ok
14:44:08.0446 7468  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:44:08.0524 7468  napagent - ok
14:44:08.0570 7468  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:44:08.0602 7468  NativeWifiP - ok
14:44:08.0648 7468  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:44:08.0680 7468  NDIS - ok
14:44:08.0695 7468  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:08.0742 7468  NdisCap - ok
14:44:08.0773 7468  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:08.0804 7468  NdisTapi - ok
14:44:08.0867 7468  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:08.0898 7468  Ndisuio - ok
14:44:08.0945 7468  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:09.0038 7468  NdisWan - ok
14:44:09.0101 7468  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:44:09.0179 7468  NDProxy - ok
14:44:09.0194 7468  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:44:09.0272 7468  NetBIOS - ok
14:44:09.0288 7468  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:44:09.0335 7468  NetBT - ok
14:44:09.0350 7468  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:44:09.0366 7468  Netlogon - ok
14:44:09.0397 7468  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:44:09.0475 7468  Netman - ok
14:44:09.0538 7468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:44:09.0569 7468  NetMsmqActivator - ok
14:44:09.0584 7468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:44:09.0616 7468  NetPipeActivator - ok
14:44:09.0616 7468  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:44:09.0678 7468  netprofm - ok
14:44:09.0678 7468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:44:09.0694 7468  NetTcpActivator - ok
14:44:09.0694 7468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:44:09.0694 7468  NetTcpPortSharing - ok
14:44:09.0725 7468  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:09.0725 7468  nfrd960 - ok
14:44:09.0787 7468  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:44:09.0834 7468  NlaSvc - ok
14:44:09.0850 7468  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:44:09.0896 7468  Npfs - ok
14:44:09.0928 7468  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:44:09.0974 7468  nsi - ok
14:44:09.0990 7468  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:44:10.0037 7468  nsiproxy - ok
14:44:10.0115 7468  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:44:10.0224 7468  Ntfs - ok
14:44:10.0318 7468  [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
14:44:10.0364 7468  NTI IScheduleSvc - ok
14:44:10.0396 7468  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
14:44:10.0427 7468  NTIDrvr - ok
14:44:10.0442 7468  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:44:10.0536 7468  Null - ok
14:44:10.0567 7468  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
14:44:10.0598 7468  nusb3hub - ok
14:44:10.0630 7468  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:44:10.0676 7468  nusb3xhc - ok
14:44:10.0739 7468  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:44:10.0770 7468  nvraid - ok
14:44:10.0832 7468  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:44:10.0879 7468  nvstor - ok
14:44:10.0942 7468  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:44:10.0973 7468  nv_agp - ok
14:44:11.0082 7468  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:44:11.0113 7468  odserv - ok
14:44:11.0160 7468  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:44:11.0191 7468  ohci1394 - ok
14:44:11.0223 7468  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:11.0238 7468  ose - ok
14:44:11.0269 7468  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:44:11.0332 7468  p2pimsvc - ok
14:44:11.0363 7468  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:44:11.0410 7468  p2psvc - ok
14:44:11.0425 7468  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:44:11.0457 7468  Parport - ok
14:44:11.0503 7468  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:44:11.0535 7468  partmgr - ok
14:44:11.0550 7468  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:44:11.0597 7468  PcaSvc - ok
14:44:11.0613 7468  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:44:11.0628 7468  pci - ok
14:44:11.0644 7468  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:44:11.0659 7468  pciide - ok
14:44:11.0675 7468  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:11.0691 7468  pcmcia - ok
14:44:11.0706 7468  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:44:11.0722 7468  pcw - ok
14:44:11.0737 7468  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:44:11.0784 7468  PEAUTH - ok
14:44:11.0878 7468  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:44:11.0909 7468  PerfHost - ok
14:44:11.0987 7468  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:44:12.0081 7468  pla - ok
14:44:12.0127 7468  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:44:12.0205 7468  PlugPlay - ok
14:44:12.0221 7468  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:44:12.0252 7468  PNRPAutoReg - ok
14:44:12.0268 7468  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:44:12.0283 7468  PNRPsvc - ok
14:44:12.0330 7468  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:44:12.0377 7468  PolicyAgent - ok
14:44:12.0408 7468  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:44:12.0439 7468  Power - ok
14:44:12.0455 7468  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:44:12.0549 7468  PptpMiniport - ok
14:44:12.0564 7468  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:44:12.0595 7468  Processor - ok
14:44:12.0642 7468  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:44:12.0673 7468  ProfSvc - ok
14:44:12.0689 7468  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:44:12.0705 7468  ProtectedStorage - ok
14:44:12.0751 7468  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:44:12.0814 7468  Psched - ok
14:44:12.0861 7468  [ 595A22C4CCE855E72D475835F3DF2D53 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
14:44:12.0876 7468  pwdrvio - ok
14:44:12.0954 7468  [ 70EB529F6FEDAC79D0A8E3BB79999277 ] pwdspio         C:\Windows\system32\pwdspio.sys
14:44:12.0985 7468  pwdspio - ok
14:44:13.0063 7468  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:44:13.0141 7468  ql2300 - ok
14:44:13.0141 7468  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:13.0157 7468  ql40xx - ok
14:44:13.0173 7468  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:44:13.0188 7468  QWAVE - ok
14:44:13.0204 7468  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:44:13.0251 7468  QWAVEdrv - ok
14:44:13.0251 7468  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:44:13.0282 7468  RasAcd - ok
14:44:13.0297 7468  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:13.0391 7468  RasAgileVpn - ok
14:44:13.0407 7468  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:44:13.0453 7468  RasAuto - ok
14:44:13.0485 7468  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:13.0516 7468  Rasl2tp - ok
14:44:13.0578 7468  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:44:13.0672 7468  RasMan - ok
14:44:13.0703 7468  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:13.0781 7468  RasPppoe - ok
14:44:13.0812 7468  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:44:13.0859 7468  RasSstp - ok
14:44:13.0906 7468  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:44:13.0937 7468  rdbss - ok
14:44:13.0953 7468  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:13.0968 7468  rdpbus - ok
14:44:13.0984 7468  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:14.0031 7468  RDPCDD - ok
14:44:14.0046 7468  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:44:14.0077 7468  RDPENCDD - ok
14:44:14.0093 7468  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:44:14.0124 7468  RDPREFMP - ok
14:44:14.0171 7468  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:44:14.0202 7468  RdpVideoMiniport - ok
14:44:14.0249 7468  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:44:14.0327 7468  RDPWD - ok
14:44:14.0374 7468  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:44:14.0405 7468  rdyboost - ok
14:44:14.0421 7468  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:44:14.0483 7468  RemoteAccess - ok
14:44:14.0514 7468  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:44:14.0577 7468  RemoteRegistry - ok
14:44:14.0592 7468  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:44:14.0639 7468  RpcEptMapper - ok
14:44:14.0670 7468  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:44:14.0686 7468  RpcLocator - ok
14:44:14.0733 7468  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:44:14.0764 7468  RpcSs - ok
14:44:14.0779 7468  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:44:14.0811 7468  rspndr - ok
14:44:14.0873 7468  [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:44:14.0904 7468  RSUSBSTOR - ok
14:44:14.0920 7468  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:44:14.0935 7468  SamSs - ok
14:44:14.0967 7468  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:44:14.0982 7468  sbp2port - ok
14:44:14.0998 7468  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:44:15.0060 7468  SCardSvr - ok
14:44:15.0091 7468  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:44:15.0138 7468  scfilter - ok
14:44:15.0185 7468  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:44:15.0247 7468  Schedule - ok
14:44:15.0279 7468  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:44:15.0310 7468  SCPolicySvc - ok
14:44:15.0357 7468  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:44:15.0388 7468  SDRSVC - ok
14:44:15.0419 7468  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:44:15.0450 7468  secdrv - ok
14:44:15.0481 7468  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:44:15.0528 7468  seclogon - ok
14:44:15.0559 7468  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:44:15.0591 7468  SENS - ok
14:44:15.0606 7468  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:44:15.0669 7468  SensrSvc - ok
14:44:15.0684 7468  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:44:15.0700 7468  Serenum - ok
14:44:15.0715 7468  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:44:15.0747 7468  Serial - ok
14:44:15.0825 7468  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:44:15.0856 7468  sermouse - ok
14:44:15.0887 7468  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:44:15.0949 7468  SessionEnv - ok
14:44:16.0012 7468  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:44:16.0027 7468  sffdisk - ok
14:44:16.0059 7468  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:44:16.0074 7468  sffp_mmc - ok
14:44:16.0090 7468  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:44:16.0105 7468  sffp_sd - ok
14:44:16.0121 7468  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:16.0137 7468  sfloppy - ok
14:44:16.0183 7468  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:44:16.0261 7468  SharedAccess - ok
14:44:16.0308 7468  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:44:16.0371 7468  ShellHWDetection - ok
14:44:16.0371 7468  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:16.0386 7468  SiSRaid2 - ok
14:44:16.0386 7468  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:16.0402 7468  SiSRaid4 - ok
14:44:16.0417 7468  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:44:16.0495 7468  Smb - ok
14:44:16.0511 7468  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:44:16.0542 7468  SNMPTRAP - ok
14:44:16.0558 7468  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:44:16.0558 7468  spldr - ok
14:44:16.0605 7468  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:44:16.0683 7468  Spooler - ok
14:44:16.0839 7468  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:44:17.0073 7468  sppsvc - ok
14:44:17.0088 7468  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:44:17.0166 7468  sppuinotify - ok
14:44:17.0213 7468  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:44:17.0291 7468  srv - ok
14:44:17.0322 7468  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:44:17.0369 7468  srv2 - ok
14:44:17.0400 7468  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:44:17.0447 7468  srvnet - ok
14:44:17.0463 7468  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:44:17.0541 7468  SSDPSRV - ok
14:44:17.0541 7468  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:44:17.0603 7468  SstpSvc - ok
14:44:17.0619 7468  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:44:17.0634 7468  stexstor - ok
14:44:17.0681 7468  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:44:17.0743 7468  StillCam - ok
14:44:17.0790 7468  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:44:17.0821 7468  stisvc - ok
14:44:17.0868 7468  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:44:17.0899 7468  swenum - ok
14:44:17.0915 7468  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:44:17.0946 7468  swprv - ok
14:44:18.0040 7468  [ EF51B22706DB03F0857FADE127C804EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:44:18.0102 7468  SynTP - ok
14:44:18.0196 7468  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:44:18.0289 7468  SysMain - ok
14:44:18.0336 7468  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:44:18.0367 7468  TabletInputService - ok
14:44:18.0414 7468  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:44:18.0461 7468  TapiSrv - ok
14:44:18.0492 7468  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:44:18.0539 7468  TBS - ok
14:44:18.0633 7468  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:44:18.0711 7468  Tcpip - ok
14:44:18.0789 7468  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:44:18.0835 7468  TCPIP6 - ok
14:44:18.0882 7468  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:44:18.0929 7468  tcpipreg - ok
14:44:18.0960 7468  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:44:19.0023 7468  TDPIPE - ok
14:44:19.0054 7468  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:44:19.0101 7468  TDTCP - ok
14:44:19.0132 7468  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:44:19.0225 7468  tdx - ok
14:44:19.0225 7468  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:44:19.0241 7468  TermDD - ok
14:44:19.0288 7468  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:44:19.0319 7468  TermService - ok
14:44:19.0335 7468  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:44:19.0350 7468  Themes - ok
14:44:19.0381 7468  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:44:19.0428 7468  THREADORDER - ok
14:44:19.0459 7468  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:44:19.0522 7468  TrkWks - ok
14:44:19.0584 7468  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:44:19.0647 7468  TrustedInstaller - ok
14:44:19.0693 7468  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:19.0740 7468  tssecsrv - ok
14:44:19.0803 7468  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:44:19.0834 7468  TsUsbFlt - ok
14:44:19.0896 7468  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:44:19.0990 7468  tunnel - ok
14:44:20.0052 7468  [ 48743B69EA47C020A792D8649F753F44 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
14:44:20.0068 7468  TurboB - ok
14:44:20.0130 7468  [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:44:20.0146 7468  TurboBoost - ok
14:44:20.0177 7468  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:44:20.0177 7468  uagp35 - ok
14:44:20.0208 7468  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
14:44:20.0208 7468  UBHelper - ok
14:44:20.0271 7468  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:44:20.0333 7468  udfs - ok
14:44:20.0364 7468  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:44:20.0411 7468  UI0Detect - ok
14:44:20.0442 7468  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:44:20.0458 7468  uliagpkx - ok
14:44:20.0505 7468  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:44:20.0520 7468  umbus - ok
14:44:20.0551 7468  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:44:20.0567 7468  UmPass - ok
14:44:20.0676 7468  [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:44:20.0770 7468  UNS - ok
14:44:20.0785 7468  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:44:20.0801 7468  Updater Service - ok
14:44:20.0817 7468  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:44:20.0863 7468  upnphost - ok
14:44:20.0910 7468  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:20.0973 7468  usbccgp - ok
14:44:21.0019 7468  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:44:21.0066 7468  usbcir - ok
14:44:21.0082 7468  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:44:21.0113 7468  usbehci - ok
14:44:21.0144 7468  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:44:21.0160 7468  usbhub - ok
14:44:21.0207 7468  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:44:21.0253 7468  usbohci - ok
14:44:21.0269 7468  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:44:21.0300 7468  usbprint - ok
14:44:21.0347 7468  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:44:21.0363 7468  usbscan - ok
14:44:21.0409 7468  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:21.0472 7468  USBSTOR - ok
14:44:21.0519 7468  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:44:21.0550 7468  usbuhci - ok
14:44:21.0628 7468  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:44:21.0675 7468  usbvideo - ok
14:44:21.0784 7468  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
14:44:21.0831 7468  usb_rndisx - ok
14:44:21.0862 7468  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:44:21.0909 7468  UxSms - ok
14:44:21.0924 7468  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:44:21.0940 7468  VaultSvc - ok
14:44:21.0987 7468  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:44:22.0002 7468  vdrvroot - ok
14:44:22.0049 7468  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:44:22.0080 7468  vds - ok
14:44:22.0111 7468  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:22.0127 7468  vga - ok
14:44:22.0143 7468  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:44:22.0174 7468  VgaSave - ok
14:44:22.0205 7468  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:44:22.0236 7468  vhdmp - ok
14:44:22.0267 7468  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:44:22.0283 7468  viaide - ok
14:44:22.0314 7468  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:44:22.0330 7468  volmgr - ok
14:44:22.0377 7468  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:44:22.0392 7468  volmgrx - ok
14:44:22.0408 7468  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:44:22.0423 7468  volsnap - ok
14:44:22.0439 7468  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:22.0455 7468  vsmraid - ok
14:44:22.0533 7468  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:44:22.0642 7468  VSS - ok
14:44:22.0657 7468  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:44:22.0673 7468  vwifibus - ok
14:44:22.0704 7468  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:44:22.0735 7468  vwififlt - ok
14:44:22.0751 7468  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:44:22.0782 7468  W32Time - ok
14:44:22.0798 7468  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:44:22.0813 7468  WacomPen - ok
14:44:22.0829 7468  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:44:22.0876 7468  WANARP - ok
14:44:22.0876 7468  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:44:22.0907 7468  Wanarpv6 - ok
14:44:22.0985 7468  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:44:23.0079 7468  wbengine - ok
14:44:23.0110 7468  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:44:23.0141 7468  WbioSrvc - ok
14:44:23.0188 7468  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:44:23.0250 7468  wcncsvc - ok
14:44:23.0266 7468  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:44:23.0297 7468  WcsPlugInService - ok
14:44:23.0297 7468  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:44:23.0297 7468  Wd - ok
14:44:23.0328 7468  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:44:23.0359 7468  WDC_SAM - ok
14:44:23.0422 7468  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:44:23.0469 7468  Wdf01000 - ok
14:44:23.0484 7468  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:44:23.0593 7468  WdiServiceHost - ok
14:44:23.0593 7468  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:44:23.0625 7468  WdiSystemHost - ok
14:44:23.0671 7468  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:44:23.0718 7468  WebClient - ok
14:44:23.0734 7468  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:44:23.0796 7468  Wecsvc - ok
14:44:23.0827 7468  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:44:23.0859 7468  wercplsupport - ok
14:44:23.0890 7468  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:44:23.0921 7468  WerSvc - ok
14:44:23.0952 7468  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:23.0983 7468  WfpLwf - ok
14:44:23.0983 7468  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:44:23.0999 7468  WIMMount - ok
14:44:24.0030 7468  WinDefend - ok
14:44:24.0046 7468  WinHttpAutoProxySvc - ok
14:44:24.0108 7468  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:44:24.0171 7468  Winmgmt - ok
14:44:24.0264 7468  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:44:24.0389 7468  WinRM - ok
14:44:24.0451 7468  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:44:24.0498 7468  WinUsb - ok
14:44:24.0529 7468  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:44:24.0576 7468  Wlansvc - ok
14:44:24.0607 7468  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:44:24.0607 7468  wlcrasvc - ok
14:44:24.0748 7468  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:44:24.0841 7468  wlidsvc - ok
14:44:24.0888 7468  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:44:24.0919 7468  WmiAcpi - ok
14:44:24.0951 7468  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:44:24.0997 7468  wmiApSrv - ok
14:44:25.0044 7468  WMPNetworkSvc - ok
14:44:25.0060 7468  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:44:25.0075 7468  WPCSvc - ok
14:44:25.0122 7468  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:44:25.0153 7468  WPDBusEnum - ok
14:44:25.0185 7468  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:44:25.0247 7468  ws2ifsl - ok
14:44:25.0247 7468  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:44:25.0263 7468  wscsvc - ok
14:44:25.0263 7468  WSearch - ok
14:44:25.0372 7468  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:44:25.0497 7468  wuauserv - ok
14:44:25.0528 7468  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:44:25.0590 7468  WudfPf - ok
14:44:25.0621 7468  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:25.0684 7468  WUDFRd - ok
14:44:25.0715 7468  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:44:25.0777 7468  wudfsvc - ok
14:44:25.0824 7468  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:44:25.0871 7468  WwanSvc - ok
14:44:25.0871 7468  ================ Scan global ===============================
14:44:25.0902 7468  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:44:25.0933 7468  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:44:25.0949 7468  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:44:25.0980 7468  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:44:26.0011 7468  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:44:26.0027 7468  [Global] - ok
14:44:26.0027 7468  ================ Scan MBR ==================================
14:44:26.0043 7468  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:44:26.0526 7468  \Device\Harddisk0\DR0 - ok
14:44:26.0526 7468  ================ Scan VBR ==================================
14:44:26.0542 7468  [ 9CED5164521D0F8A4B2D703EEBB3E0D0 ] \Device\Harddisk0\DR0\Partition1
14:44:26.0542 7468  \Device\Harddisk0\DR0\Partition1 - ok
14:44:26.0573 7468  [ 6787BF3AC664C93303008FBD19DFE2DD ] \Device\Harddisk0\DR0\Partition2
14:44:26.0573 7468  \Device\Harddisk0\DR0\Partition2 - ok
14:44:26.0573 7468  ============================================================
14:44:26.0573 7468  Scan finished
14:44:26.0573 7468  ============================================================
14:44:26.0604 5280  Detected object count: 0
14:44:26.0604 5280  Actual detected object count: 0
         

Alt 11.04.2013, 15:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2013, 15:34   #11
Talpa
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Code:
ATTFilter
ComboFix 13-04-10.02 - Christiane 11.04.2013  15:05:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.4042 [GMT 2:00]
ausgeführt von:: c:\users\Christiane\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BRowsE2soave
c:\programdata\BRowsE2soave\515d3b89d599b.tlb
c:\programdata\BRowsE2soave\settings.ini
c:\programdata\FullRemove.exe
c:\users\Christiane\videos\bagpipe video.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-11 bis 2013-04-11  ))))))))))))))))))))))))))))))
.
.
2013-04-11 13:16 . 2013-04-11 13:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-10 14:03 . 2013-04-10 14:03	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-10 13:51 . 2013-04-11 13:13	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DD25D03-228F-47EC-846B-E5F48B531056}\offreg.dll
2013-04-10 11:58 . 2013-04-10 15:23	--------	d-----w-	c:\users\Christiane\AppData\Roaming\QuickScan
2013-04-10 07:11 . 2012-08-23 15:09	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-04-10 07:00 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-04-09 18:39 . 2013-03-19 03:50	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DD25D03-228F-47EC-846B-E5F48B531056}\mpengine.dll
2013-04-09 18:13 . 2012-07-11 15:09	64856	----a-w-	c:\windows\system32\klfphc.dll
2013-04-09 18:12 . 2013-04-09 18:12	--------	d-----w-	c:\windows\ELAMBKUP
2013-04-09 18:12 . 2013-04-11 12:06	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-04-09 18:12 . 2013-04-09 18:12	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2013-04-09 18:12 . 2013-04-09 18:25	613720	----a-w-	c:\windows\system32\drivers\klif.sys
2013-04-09 18:12 . 2012-08-13 16:24	89432	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-04-09 17:40 . 2013-04-09 17:40	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2013-04-08 17:20 . 2013-04-08 17:21	--------	d-----w-	c:\windows\D4EFA08DA1924007987D71BFF23B2F8F.TMP
2013-04-08 14:18 . 2013-04-08 15:25	--------	d-----w-	c:\program files\Enigma Software Group
2013-04-08 14:17 . 2013-04-09 17:44	--------	d-----w-	c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-08 14:17 . 2013-04-08 15:24	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-07 10:40 . 2013-04-07 10:40	--------	d-----w-	c:\users\Christiane\AppData\Local\FreeOCR
2013-04-07 09:23 . 2007-03-10 07:11	2680320	----a-w-	c:\windows\SysWow64\ImageEnXLibrary.ocx
2013-04-07 09:23 . 2013-04-08 13:42	--------	dc----w-	C:\FreeOCR
2013-04-06 16:30 . 2013-04-06 16:30	--------	dc----w-	C:\HP
2013-04-04 08:40 . 2013-04-04 08:40	--------	d-----w-	c:\programdata\SoftSafe
2013-04-04 08:36 . 2013-04-04 08:40	--------	d-----w-	c:\programdata\InstallMate
2013-04-03 18:31 . 2013-04-04 06:37	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-04-02 18:06 . 2013-04-02 18:06	--------	d-----w-	c:\users\Christiane\AppData\Roaming\com.dansl.QRreader
2013-03-26 07:45 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-20 17:59 . 2013-03-20 17:59	--------	d-----w-	c:\users\Christiane\AppData\Roaming\OpenCandy
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 07:21 . 2011-05-21 09:17	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-09 18:25 . 2012-06-08 09:38	54104	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-03-13 18:12 . 2012-04-09 14:29	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 18:12 . 2011-05-20 18:32	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2011-05-20 18:32	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-03-08 08:20 . 2013-03-08 08:20	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 08:20 . 2012-05-15 17:24	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-08 08:20 . 2011-12-18 19:39	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 11:35	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 11:35	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 11:35	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 11:35	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 11:35	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 11:35	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-28 10:50	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 10:50	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 10:50	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 10:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 10:50	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 10:50	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 10:50	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 10:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 10:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 10:50	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 10:50	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 10:50	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 10:50	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 10:50	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 10:50	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 10:50	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 10:50	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 10:50	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 10:50	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 10:50	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 10:50	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 10:50	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 10:50	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 10:50	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 10:50	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 10:50	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 10:50	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 10:50	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 10:51	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 10:50	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 10:50	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 10:50	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 10:50	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 10:50	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 10:50	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 10:50	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 10:50	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 10:50	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 10:50	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 10:50	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 10:51	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 10:50	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 10:50	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 10:50	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 10:50	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 10:50	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 10:50	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 10:50	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 10:50	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 10:50	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 10:50	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-03-19 16:28	280224	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Christiane\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-09 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-04-09 356376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Christiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-09-02 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-09-02 13280]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 247400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-09 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2010-12-10 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2010-12-10 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2010-12-10 62584]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 58841515
*NewlyCreated* - ASWMBR
*Deregistered* - 58841515
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:12]
.
2013-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1163813797-2419015131-2533885825-1001Core.job
- c:\users\Christiane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 16:55]
.
2013-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1163813797-2419015131-2533885825-1001UA.job
- c:\users\Christiane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-03 16:55]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 19:42]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 19:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-03-19 16:28	339104	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-26 11619432]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-26 2185832]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\oo1xj4j2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - ExtSQL: 2013-04-09 20:12; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-04-09 20:13; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-04-09 20:13; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-04-10 11:41; amznUWL2@amazon.com; c:\users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\oo1xj4j2.default\extensions\amznUWL2@amazon.com.xpi
FF - ExtSQL: !HIDDEN! 2013-03-20 18:59; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-11  15:33:05
ComboFix-quarantined-files.txt  2013-04-11 13:33
.
Vor Suchlauf: 14 Verzeichnis(se), 275.742.416.896 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 279.257.309.184 Bytes frei
.
- - End Of File - - 84F538C686B15EF197B4E89D3A695FC6
         
ich bin beleidigt, dass er mein dudelsackvideo gelöscht hat. das einzige, was ich noch als erinnerung und beweis an meinen schottlandaufenthalt vor 12 jahre habe *schluchz*

Alt 11.04.2013, 16:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Zitat:
c:\users\Christiane\videos\bagpipe video.exe
Das ist eine EXE-Datei, also ausführbar. Warum bitte sollen Video ausführbare Programme sein? Sry macht keinen Sinn und es ist eigentlich folgerichtig, dass CF sowas aus Sicherheitsgründen löscht!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2013, 16:03   #13
Talpa
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



keine ahnung, wieso. mein gastvater hatte mir das damals so überspielt.

aber wir schweifen ab

Alt 11.04.2013, 16:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



Nö, das Teil ist Bestandteil der Auswertung, schließlich wurde es von CF ja gelöscht

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2013, 16:16   #15
Talpa
 
Browse2save, spyhunter - Standard

Browse2save, spyhunter



JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Christiane on 11.04.2013 at 16:07:52,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\sprotector
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sp global
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3281675



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\Users\Christiane\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Christiane\AppData\Roaming\opencandy"
Successfully deleted: [Empty Folder] C:\Users\Christiane\appdata\local\{2F6FD03E-54FB-4936-96EF-9A5F7C8BC0C3}
Successfully deleted: [Empty Folder] C:\Users\Christiane\appdata\local\{3FB72B7B-EE23-4C50-93E8-7C9739C18182}
Successfully deleted: [Empty Folder] C:\Users\Christiane\appdata\local\{59E055DB-5041-4603-90E4-15BCCE59343D}
Successfully deleted: [Empty Folder] C:\Users\Christiane\appdata\local\{DAF0AD59-8D2A-4F95-9736-F1E99D6EEE49}
Successfully deleted: [Empty Folder] C:\Users\Christiane\appdata\local\{E9C56CA0-89CD-4B10-8988-97F02D652EE9}
Successfully deleted: [Empty Folder] C:\Users\Christiane\appdata\local\{EB7C9107-DB64-4112-A6B7-2EF4FA16BE4E}



~~~ FireFox

Successfully deleted: [File] C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\user.js
Successfully deleted: [Folder] C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\jetpack
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\prefs.js

user_pref("extensions.515d3b89d58b2.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.displayNotification", false);
Emptied folder: C:\Users\Christiane\AppData\Roaming\mozilla\firefox\profiles\oo1xj4j2.default\minidumps [566 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 16:15:52,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adw:

Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 11/04/2013 um 16:17:38 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christiane - CHRISTIANE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christiane\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\oo1xj4j2.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\oo1xj4j2.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\oo1xj4j2.default\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\Christiane\AppData\Roaming\Mozilla\Firefox\Profiles\oo1xj4j2.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Christiane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1398 octets] - [11/04/2013 16:17:38]

########## EOF - C:\AdwCleaner[S1].txt - [1458 octets] ##########
         
otl läuft noch

Geändert von Talpa (11.04.2013 um 16:22 Uhr)

Antwort

Themen zu Browse2save, spyhunter
festgestellt, firefoxeinstellungen, folge, forum, gelöscht, herunterfahren, internet, internetseite, links, loswerden, maus, namen, neustart, ordner, programm, scan, seite, seiten, start, suche, systemsteuerung, updates, werbung, windows, windows update, wörter



Ähnliche Themen: Browse2save, spyhunter


  1. Spyhunter 4 deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (15)
  2. PROBLEME mit Spyhunter und mystart! Wie bekomme ich Spyhunter wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (13)
  3. SpyHunter
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (3)
  4. Spyhunter 4
    Lob, Kritik und Wünsche - 09.01.2014 (0)
  5. Mit Spyhunter 47 Bedrohungen gefunden, Spyhunter wurde aber wieder deinstalliert.
    Log-Analyse und Auswertung - 25.10.2013 (9)
  6. qv06 und SpyHunter
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (21)
  7. Spyhunter 4 Problem
    Plagegeister aller Art und deren Bekämpfung - 24.06.2013 (5)
  8. SpyHunter entfernen
    Log-Analyse und Auswertung - 22.06.2013 (7)
  9. Spyhunter und SafeCart
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (3)
  10. Verdacht auf Spyhunter
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (53)
  11. SpyHunter entfernen
    Log-Analyse und Auswertung - 27.05.2013 (7)
  12. Trojaner + SpyHunter
    Log-Analyse und Auswertung - 15.05.2013 (1)
  13. SpyHunter 4 + Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (59)
  14. spyhunter 4 entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (32)
  15. Spyhunter 4 los werden
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (18)
  16. Spyhunter
    Antiviren-, Firewall- und andere Schutzprogramme - 14.09.2007 (4)

Zum Thema Browse2save, spyhunter - guten morgen, vorneweg gleich: ich habe das forum bei meiner suche im internet gefunden und hoffe, dass ich hier hilfe bekommen kann. leider kenne ich mich mit den meisten begriffen, - Browse2save, spyhunter...
Archiv
Du betrachtest: Browse2save, spyhunter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.