Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner 2.12 - Bereinigung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.05.2013, 15:00   #1
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Hallo!

Diesmal hat es mich auch erwischt. Mit PC-Programmen komme ich recht gut klar, aber von dem "Eingemachten" habe ich nicht so viel Ahnung!

Ich habe einen ACER Laptop mit Windows 7. Beim Hochfahren zeigte sich die Seite und nix ging mehr. Habe über den abgesicherten Modung "Spybot Search & Destroy" laufen lassen. Jetzt lässt sich der Rechner zumindest wieder starten. Avira hat mehrere Dateien gefunden und eine in die Quarantäne gesteckt. Habe dann gemerkt, dass ich an meine Grenze gekommen bin und war froh, eure Seite gefunden zu haben.

Schritt 1 "defogger" habe ich ausgeführt:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:47 on 06/05/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


Schritt 2 OTL

LOG Dateien im Anhang. OTL in 2 Teilen da zu groß (hoffe, dass das ok ist)

Ich hoffe, dass ihr mir weiterhelfen könnt und ein wenig Geduld mit mir habt

Vielen Dank schonmal im Voraus

cheekylisa

Alt 06.05.2013, 15:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 06.05.2013, 16:07   #3
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Hallo,

vielen Dank für die Antwort. Danke für den Hinweis mit den Code-Tag - bin wohl doch etwas raus...

Habe noch einen LOG von AVIRA:

Code:
ATTFilter
06.05.2013,09:17:49 [INFO] ---------------------------------------------------------
06.05.2013,09:17:49 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
06.05.2013,09:18:42 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.12.34, VDF Version: 7.11.75.242
06.05.2013,09:18:44 [INFO] Online-Dienste stehen zur Verfügung.
06.05.2013,09:18:44 [INFO] Echtzeit Scanner wurde aktiviert
06.05.2013,09:18:44 [INFO] Verwendete Konfiguration der Echtzeitsuche:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Alle Dateien
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
06.05.2013,09:23:36 [INFO] Update-Auftrag gestartet!
06.05.2013,09:23:45 [INFO] Aktuelle Engine Version: 8.2.12.34
06.05.2013,09:23:45 [INFO] Aktuelle Version der VDF-Datei: 7.11.76.90
06.05.2013,09:40:31 [INFO] Verwendete Konfiguration der Echtzeitsuche:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Alle Dateien
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
06.05.2013,13:33:22 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: UNSER\***
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,13:36:25 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,13:38:46 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,13:39:17 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:15:31 [FUND] Enthält Erkennungsmuster der Anwendung APPL/InstallBrain.Gen5!
  C:\Program Files (x86)\Uninstall Information\ib_uninst_455\uninstall.exe
      [INFO] Benutzer: UNSER\***
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:15:35 [FUND] Enthält Erkennungsmuster der Anwendung APPL/InstallBrain.Gen5!
  C:\Program Files (x86)\Uninstall Information\ib_uninst_518\uninstall.exe
      [INFO] Benutzer: UNSER\***
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:15:38 [FUND] Enthält Erkennungsmuster der Anwendung APPL/InstallBrain.Gen5!
  C:\Program Files (x86)\Uninstall Information\ib_uninst_519\uninstall.exe
      [INFO] Benutzer: UNSER\***
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:17:18 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412!
  C:\ProgramData\2eooc.js
      [INFO] Benutzer: UNSER\***
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:17:18 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: UNSER\***
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:19:06 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412!
  C:\ProgramData\2eooc.js
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:19:06 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:21:53 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:21:53 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412!
  C:\ProgramData\2eooc.js
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:22:22 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:23:49 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:26:38 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
  C:\ProgramData\cooe2.dat
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:44:01 [FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Malicious.Flash.Gen!
  C:\Windows\Temp\00000041-40475A2E.av$
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:49:07 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
06.05.2013,14:50:53 [INFO] ---------------------------------------------------------
06.05.2013,14:50:53 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
06.05.2013,14:51:35 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.12.34, VDF Version: 7.11.76.90
06.05.2013,14:51:37 [INFO] Online-Dienste stehen zur Verfügung.
06.05.2013,14:51:37 [INFO] Echtzeit Scanner wurde aktiviert
06.05.2013,14:51:37 [INFO] Verwendete Konfiguration der Echtzeitsuche:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Alle Dateien
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
06.05.2013,14:53:49 [INFO] ---------------------------------------------------------
06.05.2013,14:53:49 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
06.05.2013,14:54:31 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.12.34, VDF Version: 7.11.76.90
06.05.2013,14:54:32 [INFO] Online-Dienste stehen zur Verfügung.
06.05.2013,14:54:32 [INFO] Echtzeit Scanner wurde aktiviert
06.05.2013,14:54:32 [INFO] Verwendete Konfiguration der Echtzeitsuche:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Alle Dateien
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
06.05.2013,14:57:05 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3402!
  C:\Windows\Fonts\gulim.ttc
      [INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
      [INFO] Auf diese Datei wird keine Aktion ausgeführt.
         
TR/Reveton.A.186 hat er jetzt in die Quarantäne verschoben.
__________________

Alt 06.05.2013, 16:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.05.2013, 16:53   #5
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Scan durchgeführt. Hier die Log-Datei:

Code:
ATTFilter
ComboFix 13-05-06.01 - *** 06.05.2013  17:36:17.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.2387 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
c:\programdata\2eooc.bat
c:\programdata\2eooc.pad
c:\programdata\rundll32.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-06 bis 2013-05-06  ))))))))))))))))))))))))))))))
.
.
2013-05-06 15:43 . 2013-05-06 15:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-06 11:31 . 2013-05-06 11:31	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-05-06 11:31 . 2013-05-06 11:31	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-06 11:31 . 2013-05-06 11:31	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-06 11:31 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-06 09:20 . 2013-05-06 12:55	--------	d-----w-	c:\users\***\AppData\Local\Vidalia
2013-05-06 09:20 . 2013-05-06 10:13	--------	d-----w-	c:\program files (x86)\Vidalia Bridge Bundle
2013-05-06 08:46 . 2013-05-06 12:58	--------	d-----w-	c:\users\***\AppData\Roaming\KeePass
2013-05-06 08:43 . 2013-05-06 15:42	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
2013-05-06 08:07 . 2013-05-06 08:07	--------	d-----w-	c:\windows\system32\IO
2013-05-03 15:34 . 2013-05-03 15:34	151	----a-w-	c:\programdata\2eooc.reg
2013-04-24 16:57 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 11:33 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 11:33 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-04-10 11:33 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 11:33 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 11:33 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 11:33 . 2013-02-15 03:25	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-04-10 11:31 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 11:31 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-10 11:31 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 11:31 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 11:59 . 2010-03-22 11:26	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 19:53 . 2012-07-06 19:52	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 19:53 . 2011-07-19 09:52	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 04:12 . 2013-03-26 16:50	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45	2355224	----a-w-	c:\program files (x86)\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
"Vidalia"="c:\program files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe" [2012-12-02 6239727]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
R2 0316241367853593mcinstcleanup;McAfee Application Installer Cleanup (0316241367853593);c:\windows\TEMP\031624~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-26 219136]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-30 828912]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-12-04 103472]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 19:53]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 20:19]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 20:19]
.
2010-03-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-21 11:22]
.
2013-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-21 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-19 8306208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchplusnetwork.com/?sp=vit4
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.searchplusnetwork.com/?sp=vit4&q=
FF - ExtSQL: 2013-05-06 10:31; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-Locked - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-KeePass Password Safe 2 - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe
Wow6432Node-HKLM-Run-KeePass 2 PreLoad - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-06  17:47:45
ComboFix-quarantined-files.txt  2013-05-06 15:47
.
Vor Suchlauf: 11 Verzeichnis(se), 41.221.144.576 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 41.638.592.512 Bytes frei
.
- - End Of File - - 2B9B1F13316147368681D738B60EF51E
         


Alt 06.05.2013, 20:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Hm, CF hat deine Keepass2-Installation gelöscht, falls du es noch brauchst wäre es wohl sauberer das Programm neu zu installieren. Aber das ist erstmal nebensächlich.

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> GVU Trojaner 2.12 - Bereinigung

Alt 06.05.2013, 22:10   #7
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Rootkitscan mit Gmer:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-06 22:20:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22A23T0 rev.01.01A01 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***&~1\AppData\Local\Temp\pgldapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                             fffff80002fba000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624                                                             fffff80002fba040 1 byte [01]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074f91465 2 bytes [F9, 74]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074f914bb 2 bytes [F9, 74]
.text     ...                                                                                                                            * 2

---- EOF - GMER 2.1 ----
         

Malwarebytes Anti-Rootkit:

4 Funde danach Clean up. Programm hat von sich aus keinen Neustart gemacht. Haben einen manuellen Neustart gemacht und das Programm nochmals durchlaufen lassen - nix mehr gefunden.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: UNSER [administrator]

06.05.2013 22:33:04
mbar-log-2013-05-06 (22-33-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28757
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Files Detected: 1
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.

(end)
         
Besten Dank bis hier hin...

Alt 07.05.2013, 10:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Zitat:
Database version: v2013.03.22.01
Warum wurde MBAR vorher nicht aktualisiert?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2013, 10:23   #9
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



???

Soll ich es nochmals durchlaufen lassen? Vielleicht habe ich etwas übersehen, nachdem ich gestern den ganzen Tag vor dem Pc saß...

Jepp - habe mir dir Anleitung NICHT durchgelesen!

Alt 07.05.2013, 10:32   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Natürlich musst du MBAR mit aktuellen Signaturen nochma laufen lassen....
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2013, 10:58   #11
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Ist durch - nix gefunden.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: UNSER [administrator]

07.05.2013 11:52:18
mbar-log-2013-05-07 (11-52-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28808
Time elapsed: 14 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 07.05.2013, 11:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2013, 12:41   #13
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



aswMBR ist durch:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 12:56:14
-----------------------------
12:56:14.275    OS Version: Windows x64 6.1.7601 Service Pack 1
12:56:14.275    Number of processors: 2 586 0x602
12:56:14.275    ComputerName: UNSER  UserName: 
12:56:15.757    Initialize success
13:00:11.825    AVAST engine defs: 13050601
13:00:27.612    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:00:27.612    Disk 0 Vendor: WDC_WD3200BEVT-22A23T0 01.01A01 Size: 305245MB BusType: 11
13:00:27.768    Disk 0 MBR read successfully
13:00:27.783    Disk 0 MBR scan
13:00:27.799    Disk 0 Windows 7 default MBR code
13:00:27.815    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
13:00:27.908    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 25173855
13:00:27.924    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       292850 MB offset 25382700
13:00:28.095    Disk 0 scanning C:\Windows\system32\drivers
13:00:44.616    Service scanning
13:01:23.709    Modules scanning
13:01:23.725    Disk 0 trace - called modules:
13:01:23.756    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
13:01:24.271    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004526060]
13:01:24.271    3 CLASSPNP.SYS[fffff880011a943f] -> nt!IofCallDriver -> [0xfffffa8003fedbe0]
13:01:24.287    5 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044fb060]
13:01:26.268    AVAST engine scan C:\Windows
13:01:30.636    AVAST engine scan C:\Windows\system32
13:05:50.610    AVAST engine scan C:\Windows\system32\drivers
13:06:09.424    AVAST engine scan C:\Users\***
13:09:50.055    File: C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\19000cac-7ff681f2  **INFECTED** Win32:Malware-gen
13:20:20.842    AVAST engine scan C:\ProgramData
13:28:33.850    Scan finished successfully
13:35:45.144    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
13:35:45.144    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
TDSS-Killer:

Code:
ATTFilter
14:09:01.0082 4608  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:09:01.0348 4608  ============================================================
14:09:01.0348 4608  Current date / time: 2013/05/07 14:09:01.0348
14:09:01.0348 4608  SystemInfo:
14:09:01.0348 4608  
14:09:01.0348 4608  OS Version: 6.1.7601 ServicePack: 1.0
14:09:01.0348 4608  Product type: Workstation
14:09:01.0348 4608  ComputerName: UNSER
14:09:01.0348 4608  UserName: ***
14:09:01.0348 4608  Windows directory: C:\Windows
14:09:01.0348 4608  System windows directory: C:\Windows
14:09:01.0348 4608  Running under WOW64
14:09:01.0348 4608  Processor architecture: Intel x64
14:09:01.0348 4608  Number of processors: 2
14:09:01.0348 4608  Page size: 0x1000
14:09:01.0348 4608  Boot type: Normal boot
14:09:01.0348 4608  ============================================================
14:09:02.0954 4608  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:02.0954 4608  ============================================================
14:09:02.0954 4608  \Device\Harddisk0\DR0:
14:09:02.0954 4608  MBR partitions:
14:09:02.0954 4608  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
14:09:02.0954 4608  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384
14:09:02.0954 4608  ============================================================
14:09:02.0986 4608  C: <-> \Device\Harddisk0\DR0\Partition2
14:09:02.0986 4608  ============================================================
14:09:02.0986 4608  Initialize success
14:09:02.0986 4608  ============================================================
14:09:20.0598 3408  ============================================================
14:09:20.0598 3408  Scan started
14:09:20.0598 3408  Mode: Manual; SigCheck; TDLFS; 
14:09:20.0598 3408  ============================================================
14:09:21.0331 3408  ================ Scan system memory ========================
14:09:21.0331 3408  System memory - ok
14:09:21.0331 3408  ================ Scan services =============================
14:09:21.0472 3408  0265251367922272mcinstcleanup - ok
14:09:21.0643 3408  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:09:21.0737 3408  1394ohci - ok
14:09:21.0815 3408  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:09:21.0862 3408  ACPI - ok
14:09:21.0940 3408  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:09:22.0033 3408  AcpiPmi - ok
14:09:22.0158 3408  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:09:22.0189 3408  AdobeARMservice - ok
14:09:22.0392 3408  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:09:22.0423 3408  AdobeFlashPlayerUpdateSvc - ok
14:09:22.0470 3408  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:09:22.0501 3408  adp94xx - ok
14:09:22.0548 3408  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:09:22.0564 3408  adpahci - ok
14:09:22.0579 3408  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:09:22.0610 3408  adpu320 - ok
14:09:22.0642 3408  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:09:22.0704 3408  AeLookupSvc - ok
14:09:22.0938 3408  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:09:23.0016 3408  AFD - ok
14:09:23.0078 3408  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:09:23.0110 3408  agp440 - ok
14:09:23.0125 3408  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:09:23.0203 3408  ALG - ok
14:09:23.0234 3408  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:09:23.0250 3408  aliide - ok
14:09:23.0312 3408  [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:09:23.0359 3408  AMD External Events Utility - ok
14:09:23.0390 3408  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:09:23.0406 3408  amdide - ok
14:09:23.0453 3408  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:09:23.0531 3408  AmdK8 - ok
14:09:23.0578 3408  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:09:23.0640 3408  AmdPPM - ok
14:09:23.0702 3408  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:09:23.0749 3408  amdsata - ok
14:09:23.0796 3408  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:09:23.0812 3408  amdsbs - ok
14:09:23.0843 3408  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:09:23.0843 3408  amdxata - ok
14:09:23.0983 3408  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:09:23.0999 3408  AntiVirSchedulerService - ok
14:09:24.0061 3408  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:09:24.0077 3408  AntiVirService - ok
14:09:24.0139 3408  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:09:24.0217 3408  AppID - ok
14:09:24.0264 3408  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:09:24.0342 3408  AppIDSvc - ok
14:09:24.0389 3408  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:09:24.0451 3408  Appinfo - ok
14:09:24.0514 3408  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:09:24.0529 3408  arc - ok
14:09:24.0560 3408  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:09:24.0576 3408  arcsas - ok
14:09:24.0607 3408  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:24.0670 3408  AsyncMac - ok
14:09:24.0732 3408  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:09:24.0763 3408  atapi - ok
14:09:24.0935 3408  [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:25.0200 3408  atikmdag - ok
14:09:25.0278 3408  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
14:09:25.0309 3408  AtiPcie - ok
14:09:25.0418 3408  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:09:25.0590 3408  AudioEndpointBuilder - ok
14:09:25.0606 3408  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:09:25.0637 3408  AudioSrv - ok
14:09:25.0762 3408  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:09:25.0793 3408  avgntflt - ok
14:09:25.0871 3408  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:09:25.0902 3408  avipbb - ok
14:09:25.0933 3408  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:09:25.0949 3408  avkmgr - ok
14:09:26.0011 3408  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:09:26.0058 3408  AxInstSV - ok
14:09:26.0105 3408  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:09:26.0183 3408  b06bdrv - ok
14:09:26.0230 3408  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:26.0308 3408  b57nd60a - ok
14:09:26.0448 3408  [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
14:09:26.0573 3408  BCM43XX - ok
14:09:26.0620 3408  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:09:26.0682 3408  BDESVC - ok
14:09:26.0744 3408  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:09:26.0854 3408  Beep - ok
14:09:26.0947 3408  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:09:27.0072 3408  BFE - ok
14:09:27.0134 3408  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:09:27.0244 3408  BITS - ok
14:09:27.0290 3408  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:09:27.0353 3408  blbdrive - ok
14:09:27.0431 3408  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:09:27.0493 3408  bowser - ok
14:09:27.0524 3408  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:09:27.0602 3408  BrFiltLo - ok
14:09:27.0602 3408  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:09:27.0649 3408  BrFiltUp - ok
14:09:27.0680 3408  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:09:27.0790 3408  BridgeMP - ok
14:09:27.0961 3408  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:09:28.0039 3408  Browser - ok
14:09:28.0070 3408  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:09:28.0180 3408  Brserid - ok
14:09:28.0211 3408  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:28.0242 3408  BrSerWdm - ok
14:09:28.0273 3408  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:28.0351 3408  BrUsbMdm - ok
14:09:28.0351 3408  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:28.0382 3408  BrUsbSer - ok
14:09:28.0414 3408  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:09:28.0460 3408  BTHMODEM - ok
14:09:28.0476 3408  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:09:28.0570 3408  bthserv - ok
14:09:28.0570 3408  catchme - ok
14:09:28.0601 3408  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:09:28.0694 3408  cdfs - ok
14:09:28.0788 3408  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:09:28.0850 3408  cdrom - ok
14:09:28.0928 3408  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:09:29.0006 3408  CertPropSvc - ok
14:09:29.0053 3408  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:09:29.0116 3408  circlass - ok
14:09:29.0162 3408  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:09:29.0209 3408  CLFS - ok
14:09:29.0287 3408  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:29.0318 3408  clr_optimization_v2.0.50727_32 - ok
14:09:29.0350 3408  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:29.0365 3408  clr_optimization_v2.0.50727_64 - ok
14:09:29.0490 3408  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:29.0521 3408  clr_optimization_v4.0.30319_32 - ok
14:09:29.0568 3408  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:29.0568 3408  clr_optimization_v4.0.30319_64 - ok
14:09:29.0599 3408  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:09:29.0599 3408  CmBatt - ok
14:09:29.0662 3408  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:09:29.0677 3408  cmdide - ok
14:09:29.0740 3408  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:09:29.0771 3408  CNG - ok
14:09:29.0818 3408  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:09:29.0833 3408  Compbatt - ok
14:09:29.0880 3408  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:09:29.0958 3408  CompositeBus - ok
14:09:29.0974 3408  COMSysApp - ok
14:09:29.0989 3408  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:09:30.0005 3408  crcdisk - ok
14:09:30.0083 3408  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:09:30.0176 3408  CryptSvc - ok
14:09:30.0254 3408  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:09:30.0364 3408  DcomLaunch - ok
14:09:30.0410 3408  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:09:30.0473 3408  defragsvc - ok
14:09:30.0520 3408  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:09:30.0629 3408  DfsC - ok
14:09:30.0707 3408  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:09:30.0785 3408  Dhcp - ok
14:09:30.0816 3408  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:09:30.0925 3408  discache - ok
14:09:31.0003 3408  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:09:31.0034 3408  Disk - ok
14:09:31.0097 3408  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\SysWOW64\Drivers\DKbFltr.sys
14:09:31.0128 3408  DKbFltr - ok
14:09:31.0190 3408  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:09:31.0268 3408  Dnscache - ok
14:09:31.0315 3408  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:09:31.0409 3408  dot3svc - ok
14:09:31.0456 3408  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:09:31.0549 3408  DPS - ok
14:09:31.0596 3408  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:09:31.0658 3408  drmkaud - ok
14:09:31.0721 3408  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:09:31.0814 3408  DXGKrnl - ok
14:09:31.0830 3408  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:09:31.0877 3408  EapHost - ok
14:09:31.0986 3408  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:09:32.0142 3408  ebdrv - ok
14:09:32.0220 3408  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:09:32.0314 3408  EFS - ok
14:09:32.0423 3408  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:09:32.0516 3408  ehRecvr - ok
14:09:32.0532 3408  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:09:32.0610 3408  ehSched - ok
14:09:32.0672 3408  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:09:32.0704 3408  elxstor - ok
14:09:32.0797 3408  [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:09:32.0828 3408  ePowerSvc - ok
14:09:32.0844 3408  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:09:32.0891 3408  ErrDev - ok
14:09:32.0938 3408  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:09:32.0984 3408  EventSystem - ok
14:09:33.0031 3408  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:09:33.0094 3408  exfat - ok
14:09:33.0250 3408  Fabs - ok
14:09:33.0265 3408  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:09:33.0374 3408  fastfat - ok
14:09:33.0468 3408  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:09:33.0593 3408  Fax - ok
14:09:33.0624 3408  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:09:33.0686 3408  fdc - ok
14:09:33.0718 3408  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:09:33.0811 3408  fdPHost - ok
14:09:33.0842 3408  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:09:33.0936 3408  FDResPub - ok
14:09:33.0967 3408  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:09:33.0983 3408  FileInfo - ok
14:09:33.0998 3408  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:09:34.0108 3408  Filetrace - ok
14:09:34.0248 3408  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:09:34.0404 3408  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:09:34.0404 3408  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:09:34.0435 3408  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:09:34.0482 3408  flpydisk - ok
14:09:34.0576 3408  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:09:34.0607 3408  FltMgr - ok
14:09:34.0685 3408  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
14:09:34.0825 3408  FontCache - ok
14:09:34.0903 3408  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:34.0919 3408  FontCache3.0.0.0 - ok
14:09:34.0950 3408  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:09:34.0966 3408  FsDepends - ok
14:09:35.0012 3408  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:09:35.0028 3408  Fs_Rec - ok
14:09:35.0122 3408  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:09:35.0153 3408  fvevol - ok
14:09:35.0184 3408  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:09:35.0184 3408  gagp30kx - ok
14:09:35.0215 3408  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:09:35.0293 3408  gpsvc - ok
14:09:35.0387 3408  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
14:09:35.0434 3408  Greg_Service - ok
14:09:35.0512 3408  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:35.0543 3408  gupdate - ok
14:09:35.0574 3408  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:35.0574 3408  gupdatem - ok
14:09:35.0605 3408  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:09:35.0621 3408  gusvc - ok
14:09:35.0652 3408  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:09:35.0730 3408  hcw85cir - ok
14:09:35.0808 3408  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:35.0855 3408  HdAudAddService - ok
14:09:35.0886 3408  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:09:35.0933 3408  HDAudBus - ok
14:09:35.0964 3408  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:09:36.0011 3408  HidBatt - ok
14:09:36.0011 3408  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:09:36.0042 3408  HidBth - ok
14:09:36.0073 3408  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:09:36.0136 3408  HidIr - ok
14:09:36.0167 3408  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:09:36.0260 3408  hidserv - ok
14:09:36.0338 3408  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:09:36.0370 3408  HidUsb - ok
14:09:36.0432 3408  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:09:36.0510 3408  hkmsvc - ok
14:09:36.0557 3408  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:36.0635 3408  HomeGroupListener - ok
14:09:36.0713 3408  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:36.0775 3408  HomeGroupProvider - ok
14:09:36.0822 3408  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:09:36.0853 3408  HpSAMD - ok
14:09:36.0931 3408  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:09:37.0087 3408  HTTP - ok
14:09:37.0150 3408  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:09:37.0181 3408  hwpolicy - ok
14:09:37.0259 3408  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:09:37.0290 3408  i8042prt - ok
14:09:37.0368 3408  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:09:37.0415 3408  iaStorV - ok
14:09:37.0508 3408  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:37.0586 3408  idsvc - ok
14:09:37.0618 3408  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:09:37.0633 3408  iirsp - ok
14:09:37.0711 3408  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:09:37.0805 3408  IKEEXT - ok
14:09:37.0914 3408  [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:38.0008 3408  IntcAzAudAddService - ok
14:09:38.0054 3408  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:09:38.0086 3408  intelide - ok
14:09:38.0117 3408  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:09:38.0148 3408  intelppm - ok
14:09:38.0179 3408  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:09:38.0242 3408  IPBusEnum - ok
14:09:38.0320 3408  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:38.0413 3408  IpFilterDriver - ok
14:09:38.0507 3408  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:09:38.0616 3408  iphlpsvc - ok
14:09:38.0678 3408  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:09:38.0725 3408  IPMIDRV - ok
14:09:38.0788 3408  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:09:38.0881 3408  IPNAT - ok
14:09:38.0912 3408  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:09:38.0959 3408  IRENUM - ok
14:09:38.0990 3408  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:09:39.0006 3408  isapnp - ok
14:09:39.0068 3408  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:09:39.0115 3408  iScsiPrt - ok
14:09:39.0131 3408  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:09:39.0146 3408  kbdclass - ok
14:09:39.0209 3408  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:09:39.0271 3408  kbdhid - ok
14:09:39.0302 3408  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:09:39.0334 3408  KeyIso - ok
14:09:39.0380 3408  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:09:39.0412 3408  KSecDD - ok
14:09:39.0427 3408  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:09:39.0443 3408  KSecPkg - ok
14:09:39.0474 3408  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:09:39.0568 3408  ksthunk - ok
14:09:39.0599 3408  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:09:39.0661 3408  KtmRm - ok
14:09:39.0692 3408  [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
14:09:39.0739 3408  L1C - ok
14:09:39.0786 3408  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:09:39.0848 3408  LanmanServer - ok
14:09:39.0926 3408  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:40.0036 3408  LanmanWorkstation - ok
14:09:40.0098 3408  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:09:40.0160 3408  lltdio - ok
14:09:40.0207 3408  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:09:40.0301 3408  lltdsvc - ok
14:09:40.0332 3408  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:09:40.0410 3408  lmhosts - ok
14:09:40.0457 3408  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:09:40.0488 3408  LSI_FC - ok
14:09:40.0504 3408  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:09:40.0519 3408  LSI_SAS - ok
14:09:40.0535 3408  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:09:40.0550 3408  LSI_SAS2 - ok
14:09:40.0566 3408  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:09:40.0582 3408  LSI_SCSI - ok
14:09:40.0597 3408  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:09:40.0691 3408  luafv - ok
14:09:40.0784 3408  [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
14:09:40.0816 3408  McAfee SiteAdvisor Service - ok
14:09:40.0862 3408  [ 0FC36E77D779F8D021D338BDC7368181 ] mcmscsvc        C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
14:09:40.0894 3408  mcmscsvc - ok
14:09:41.0003 3408  [ 2988E515570E4F8B9D9B256137F8E8F4 ] McNASvc         c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
14:09:41.0096 3408  McNASvc - ok
14:09:41.0143 3408  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:09:41.0206 3408  Mcx2Svc - ok
14:09:41.0237 3408  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:09:41.0252 3408  megasas - ok
14:09:41.0268 3408  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:09:41.0299 3408  MegaSR - ok
14:09:41.0330 3408  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:09:41.0408 3408  MMCSS - ok
14:09:41.0408 3408  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:09:41.0455 3408  Modem - ok
14:09:41.0502 3408  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:09:41.0533 3408  monitor - ok
14:09:41.0611 3408  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:09:41.0642 3408  mouclass - ok
14:09:41.0689 3408  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:09:41.0752 3408  mouhid - ok
14:09:41.0830 3408  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:09:41.0861 3408  mountmgr - ok
14:09:42.0001 3408  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:42.0032 3408  MozillaMaintenance - ok
14:09:42.0095 3408  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:09:42.0126 3408  mpio - ok
14:09:42.0157 3408  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:09:42.0220 3408  mpsdrv - ok
14:09:42.0298 3408  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:09:42.0407 3408  MpsSvc - ok
14:09:42.0438 3408  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:09:42.0469 3408  MRxDAV - ok
14:09:42.0516 3408  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:42.0578 3408  mrxsmb - ok
14:09:42.0625 3408  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:42.0656 3408  mrxsmb10 - ok
14:09:42.0703 3408  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:42.0750 3408  mrxsmb20 - ok
14:09:42.0781 3408  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:09:42.0797 3408  msahci - ok
14:09:42.0812 3408  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:09:42.0828 3408  msdsm - ok
14:09:42.0844 3408  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:09:42.0890 3408  MSDTC - ok
14:09:42.0953 3408  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:09:43.0031 3408  Msfs - ok
14:09:43.0062 3408  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:09:43.0140 3408  mshidkmdf - ok
14:09:43.0187 3408  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:09:43.0218 3408  msisadrv - ok
14:09:43.0249 3408  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:09:43.0358 3408  MSiSCSI - ok
14:09:43.0358 3408  msiserver - ok
14:09:43.0390 3408  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:09:43.0483 3408  MSKSSRV - ok
14:09:43.0514 3408  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:43.0577 3408  MSPCLOCK - ok
14:09:43.0592 3408  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:09:43.0655 3408  MSPQM - ok
14:09:43.0717 3408  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:09:43.0764 3408  MsRPC - ok
14:09:43.0811 3408  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:09:43.0842 3408  mssmbios - ok
14:09:43.0858 3408  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:09:43.0951 3408  MSTEE - ok
14:09:43.0951 3408  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:09:43.0967 3408  MTConfig - ok
14:09:43.0998 3408  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:09:44.0014 3408  Mup - ok
14:09:44.0045 3408  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:09:44.0060 3408  mwlPSDFilter - ok
14:09:44.0060 3408  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:09:44.0076 3408  mwlPSDNServ - ok
14:09:44.0092 3408  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:09:44.0107 3408  mwlPSDVDisk - ok
14:09:44.0170 3408  [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
14:09:44.0201 3408  MWLService - ok
14:09:44.0263 3408  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:09:44.0310 3408  napagent - ok
14:09:44.0357 3408  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:09:44.0419 3408  NativeWifiP - ok
14:09:44.0466 3408  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:09:44.0497 3408  NDIS - ok
14:09:44.0528 3408  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:44.0591 3408  NdisCap - ok
14:09:44.0638 3408  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:44.0731 3408  NdisTapi - ok
14:09:44.0794 3408  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:44.0887 3408  Ndisuio - ok
14:09:44.0950 3408  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:45.0043 3408  NdisWan - ok
14:09:45.0121 3408  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:09:45.0215 3408  NDProxy - ok
14:09:45.0246 3408  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:09:45.0293 3408  NetBIOS - ok
14:09:45.0355 3408  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:09:45.0418 3408  NetBT - ok
14:09:45.0449 3408  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:09:45.0464 3408  Netlogon - ok
14:09:45.0511 3408  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:09:45.0574 3408  Netman - ok
14:09:45.0589 3408  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:09:45.0636 3408  netprofm - ok
14:09:45.0683 3408  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:09:45.0698 3408  NetTcpPortSharing - ok
14:09:45.0730 3408  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:09:45.0745 3408  nfrd960 - ok
14:09:45.0823 3408  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:09:45.0886 3408  NlaSvc - ok
14:09:45.0886 3408  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:09:45.0932 3408  Npfs - ok
14:09:45.0964 3408  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:09:46.0026 3408  nsi - ok
14:09:46.0057 3408  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:09:46.0120 3408  nsiproxy - ok
14:09:46.0213 3408  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:09:46.0291 3408  Ntfs - ok
14:09:46.0369 3408  [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
14:09:46.0400 3408  NTIBackupSvc - ok
14:09:46.0432 3408  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
14:09:46.0447 3408  NTIDrvr - ok
14:09:46.0463 3408  [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
14:09:46.0478 3408  NTISchedulerSvc - ok
14:09:46.0510 3408  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:09:46.0556 3408  Null - ok
14:09:46.0619 3408  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:09:46.0666 3408  nvraid - ok
14:09:46.0681 3408  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:09:46.0697 3408  nvstor - ok
14:09:46.0759 3408  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:09:46.0790 3408  nv_agp - ok
14:09:46.0853 3408  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:09:46.0884 3408  odserv - ok
14:09:46.0946 3408  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:09:47.0009 3408  ohci1394 - ok
14:09:47.0040 3408  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:47.0087 3408  ose - ok
14:09:47.0102 3408  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:09:47.0180 3408  p2pimsvc - ok
14:09:47.0212 3408  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:09:47.0243 3408  p2psvc - ok
14:09:47.0274 3408  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:09:47.0290 3408  Parport - ok
14:09:47.0336 3408  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:09:47.0368 3408  partmgr - ok
14:09:47.0383 3408  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:09:47.0446 3408  PcaSvc - ok
14:09:47.0477 3408  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:09:47.0508 3408  pci - ok
14:09:47.0555 3408  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:09:47.0570 3408  pciide - ok
14:09:47.0586 3408  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:09:47.0617 3408  pcmcia - ok
14:09:47.0633 3408  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:09:47.0648 3408  pcw - ok
14:09:47.0664 3408  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:09:47.0742 3408  PEAUTH - ok
14:09:47.0867 3408  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:09:47.0929 3408  PerfHost - ok
14:09:48.0007 3408  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:09:48.0163 3408  pla - ok
14:09:48.0257 3408  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:09:48.0350 3408  PlugPlay - ok
14:09:48.0382 3408  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:09:48.0444 3408  PNRPAutoReg - ok
14:09:48.0475 3408  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:09:48.0506 3408  PNRPsvc - ok
14:09:48.0584 3408  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:09:48.0678 3408  PolicyAgent - ok
14:09:48.0725 3408  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:09:48.0772 3408  Power - ok
14:09:48.0818 3408  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:09:48.0896 3408  PptpMiniport - ok
14:09:48.0928 3408  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:09:48.0974 3408  Processor - ok
14:09:49.0052 3408  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
14:09:49.0130 3408  ProfSvc - ok
14:09:49.0146 3408  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:49.0162 3408  ProtectedStorage - ok
14:09:49.0224 3408  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:09:49.0333 3408  Psched - ok
14:09:49.0411 3408  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:09:49.0505 3408  ql2300 - ok
14:09:49.0536 3408  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:09:49.0552 3408  ql40xx - ok
14:09:49.0583 3408  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:09:49.0598 3408  QWAVE - ok
14:09:49.0630 3408  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:09:49.0661 3408  QWAVEdrv - ok
14:09:49.0708 3408  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:09:49.0801 3408  RasAcd - ok
14:09:49.0848 3408  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:49.0957 3408  RasAgileVpn - ok
14:09:50.0035 3408  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:09:50.0098 3408  RasAuto - ok
14:09:50.0176 3408  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:50.0269 3408  Rasl2tp - ok
14:09:50.0332 3408  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:09:50.0425 3408  RasMan - ok
14:09:50.0456 3408  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:50.0519 3408  RasPppoe - ok
14:09:50.0566 3408  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:09:50.0644 3408  RasSstp - ok
14:09:50.0706 3408  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:09:50.0753 3408  rdbss - ok
14:09:50.0768 3408  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:09:50.0800 3408  rdpbus - ok
14:09:50.0831 3408  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:50.0893 3408  RDPCDD - ok
14:09:50.0909 3408  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:09:50.0956 3408  RDPENCDD - ok
14:09:50.0987 3408  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:09:51.0049 3408  RDPREFMP - ok
14:09:51.0080 3408  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:09:51.0174 3408  RDPWD - ok
14:09:51.0236 3408  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:09:51.0283 3408  rdyboost - ok
14:09:51.0314 3408  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:09:51.0439 3408  RemoteAccess - ok
14:09:51.0486 3408  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:09:51.0548 3408  RemoteRegistry - ok
14:09:51.0595 3408  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:09:51.0689 3408  RpcEptMapper - ok
14:09:51.0720 3408  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:09:51.0767 3408  RpcLocator - ok
14:09:51.0829 3408  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:09:51.0907 3408  RpcSs - ok
14:09:51.0938 3408  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:09:52.0001 3408  rspndr - ok
14:09:52.0063 3408  [ B1D04ED92D148B54169499D9568A3C55 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:09:52.0094 3408  RSUSBSTOR - ok
14:09:52.0110 3408  RtsUIR - ok
14:09:52.0126 3408  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:09:52.0141 3408  SamSs - ok
14:09:52.0188 3408  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:09:52.0219 3408  sbp2port - ok
14:09:52.0266 3408  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:09:52.0344 3408  SCardSvr - ok
14:09:52.0375 3408  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:09:52.0484 3408  scfilter - ok
14:09:52.0578 3408  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:09:52.0672 3408  Schedule - ok
14:09:52.0734 3408  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:09:52.0781 3408  SCPolicySvc - ok
14:09:52.0843 3408  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:09:52.0906 3408  SDRSVC - ok
14:09:52.0952 3408  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:09:53.0062 3408  secdrv - ok
14:09:53.0124 3408  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:09:53.0218 3408  seclogon - ok
14:09:53.0280 3408  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:09:53.0342 3408  SENS - ok
14:09:53.0374 3408  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:09:53.0452 3408  SensrSvc - ok
14:09:53.0483 3408  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:09:53.0530 3408  Serenum - ok
14:09:53.0561 3408  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:09:53.0623 3408  Serial - ok
14:09:53.0654 3408  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:09:53.0701 3408  sermouse - ok
14:09:53.0764 3408  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:09:53.0826 3408  SessionEnv - ok
14:09:53.0857 3408  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:09:53.0904 3408  sffdisk - ok
14:09:53.0935 3408  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:09:53.0998 3408  sffp_mmc - ok
14:09:54.0029 3408  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:09:54.0091 3408  sffp_sd - ok
14:09:54.0138 3408  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:09:54.0200 3408  sfloppy - ok
14:09:54.0247 3408  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:09:54.0372 3408  SharedAccess - ok
14:09:54.0419 3408  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:54.0512 3408  ShellHWDetection - ok
14:09:54.0544 3408  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:09:54.0544 3408  SiSRaid2 - ok
14:09:54.0575 3408  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:09:54.0590 3408  SiSRaid4 - ok
14:09:54.0653 3408  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:09:54.0684 3408  SkypeUpdate - ok
14:09:54.0700 3408  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:09:54.0762 3408  Smb - ok
14:09:54.0809 3408  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:09:54.0840 3408  SNMPTRAP - ok
14:09:54.0887 3408  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:09:54.0918 3408  spldr - ok
14:09:54.0980 3408  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
14:09:55.0043 3408  Spooler - ok
14:09:55.0168 3408  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:09:55.0355 3408  sppsvc - ok
14:09:55.0402 3408  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:09:55.0495 3408  sppuinotify - ok
14:09:55.0604 3408  [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd            C:\Windows\System32\Drivers\sptd.sys
14:09:55.0667 3408  sptd - ok
14:09:55.0745 3408  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:09:55.0792 3408  srv - ok
14:09:55.0838 3408  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:09:55.0885 3408  srv2 - ok
14:09:55.0916 3408  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:09:55.0948 3408  srvnet - ok
14:09:56.0010 3408  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:09:56.0072 3408  SSDPSRV - ok
14:09:56.0104 3408  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:09:56.0150 3408  SstpSvc - ok
14:09:56.0166 3408  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:09:56.0182 3408  stexstor - ok
14:09:56.0244 3408  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:09:56.0306 3408  stisvc - ok
14:09:56.0353 3408  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:09:56.0369 3408  swenum - ok
14:09:56.0384 3408  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:09:56.0431 3408  swprv - ok
14:09:56.0478 3408  [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:09:56.0494 3408  SynTP - ok
14:09:56.0587 3408  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:09:56.0712 3408  SysMain - ok
14:09:56.0759 3408  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:56.0790 3408  TabletInputService - ok
14:09:56.0806 3408  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:09:56.0884 3408  TapiSrv - ok
14:09:56.0930 3408  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:09:57.0055 3408  TBS - ok
14:09:57.0164 3408  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:09:57.0242 3408  Tcpip - ok
14:09:57.0305 3408  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:09:57.0352 3408  TCPIP6 - ok
14:09:57.0414 3408  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:09:57.0492 3408  tcpipreg - ok
14:09:57.0539 3408  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:09:57.0617 3408  TDPIPE - ok
14:09:57.0679 3408  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:09:57.0726 3408  TDTCP - ok
14:09:57.0804 3408  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:09:57.0851 3408  tdx - ok
14:09:57.0913 3408  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:09:57.0944 3408  TermDD - ok
14:09:58.0007 3408  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:09:58.0085 3408  TermService - ok
14:09:58.0116 3408  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:09:58.0194 3408  Themes - ok
14:09:58.0241 3408  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:09:58.0303 3408  THREADORDER - ok
14:09:58.0319 3408  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:09:58.0381 3408  TrkWks - ok
14:09:58.0475 3408  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:58.0553 3408  TrustedInstaller - ok
14:09:58.0600 3408  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:58.0662 3408  tssecsrv - ok
14:09:58.0740 3408  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:09:58.0802 3408  TsUsbFlt - ok
14:09:58.0880 3408  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:09:58.0990 3408  tunnel - ok
14:09:59.0021 3408  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:09:59.0068 3408  uagp35 - ok
14:09:59.0083 3408  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
14:09:59.0099 3408  UBHelper - ok
14:09:59.0161 3408  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:09:59.0255 3408  udfs - ok
14:09:59.0302 3408  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:09:59.0364 3408  UI0Detect - ok
14:09:59.0411 3408  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:09:59.0426 3408  uliagpkx - ok
14:09:59.0473 3408  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:09:59.0536 3408  umbus - ok
14:09:59.0598 3408  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:09:59.0645 3408  UmPass - ok
14:09:59.0723 3408  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:09:59.0770 3408  Updater Service - ok
14:09:59.0816 3408  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:09:59.0879 3408  upnphost - ok
14:09:59.0941 3408  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
14:09:59.0988 3408  usbccgp - ok
14:10:00.0004 3408  USBCCID - ok
14:10:00.0050 3408  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:10:00.0128 3408  usbcir - ok
14:10:00.0160 3408  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:10:00.0175 3408  usbehci - ok
14:10:00.0206 3408  [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:10:00.0222 3408  usbfilter - ok
14:10:00.0253 3408  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:10:00.0316 3408  usbhub - ok
14:10:00.0362 3408  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:10:00.0425 3408  usbohci - ok
14:10:00.0456 3408  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:10:00.0487 3408  usbprint - ok
14:10:00.0503 3408  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:10:00.0565 3408  usbscan - ok
14:10:00.0596 3408  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:00.0659 3408  USBSTOR - ok
14:10:00.0706 3408  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:10:00.0752 3408  usbuhci - ok
14:10:00.0784 3408  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:10:00.0799 3408  usbvideo - ok
14:10:00.0846 3408  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:10:00.0893 3408  UxSms - ok
14:10:00.0893 3408  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:10:00.0908 3408  VaultSvc - ok
14:10:00.0924 3408  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:10:00.0940 3408  vdrvroot - ok
14:10:01.0002 3408  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:10:01.0049 3408  vds - ok
14:10:01.0080 3408  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:01.0111 3408  vga - ok
14:10:01.0142 3408  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:10:01.0205 3408  VgaSave - ok
14:10:01.0267 3408  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:10:01.0298 3408  vhdmp - ok
14:10:01.0345 3408  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:10:01.0376 3408  viaide - ok
14:10:01.0392 3408  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:10:01.0423 3408  volmgr - ok
14:10:01.0486 3408  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:10:01.0517 3408  volmgrx - ok
14:10:01.0548 3408  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:10:01.0564 3408  volsnap - ok
14:10:01.0595 3408  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:10:01.0610 3408  vsmraid - ok
14:10:01.0704 3408  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:10:01.0860 3408  VSS - ok
14:10:01.0891 3408  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:10:01.0938 3408  vwifibus - ok
14:10:01.0969 3408  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:10:02.0032 3408  vwififlt - ok
14:10:02.0078 3408  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:10:02.0125 3408  vwifimp - ok
14:10:02.0156 3408  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:10:02.0234 3408  W32Time - ok
14:10:02.0266 3408  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:10:02.0312 3408  WacomPen - ok
14:10:02.0375 3408  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:10:02.0437 3408  WANARP - ok
14:10:02.0437 3408  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:10:02.0484 3408  Wanarpv6 - ok
14:10:02.0578 3408  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:10:02.0640 3408  WatAdminSvc - ok
14:10:02.0734 3408  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:10:02.0827 3408  wbengine - ok
14:10:02.0858 3408  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:10:02.0890 3408  WbioSrvc - ok
14:10:02.0952 3408  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:10:02.0999 3408  wcncsvc - ok
14:10:03.0014 3408  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:03.0092 3408  WcsPlugInService - ok
14:10:03.0124 3408  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:10:03.0139 3408  Wd - ok
14:10:03.0186 3408  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:10:03.0202 3408  WDC_SAM - ok
14:10:03.0264 3408  [ 334E5ED94D3FAFF3C44F4D36B1FE1C90 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:10:03.0295 3408  WDDMService ( UnsignedFile.Multi.Generic ) - warning
14:10:03.0295 3408  WDDMService - detected UnsignedFile.Multi.Generic (1)
14:10:03.0358 3408  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:10:03.0404 3408  Wdf01000 - ok
14:10:03.0404 3408  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:10:03.0498 3408  WdiServiceHost - ok
14:10:03.0498 3408  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:10:03.0529 3408  WdiSystemHost - ok
14:10:03.0592 3408  [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:10:03.0623 3408  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
14:10:03.0623 3408  WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
14:10:03.0685 3408  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:10:03.0748 3408  WebClient - ok
14:10:03.0794 3408  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:10:03.0888 3408  Wecsvc - ok
14:10:03.0919 3408  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:10:03.0982 3408  wercplsupport - ok
14:10:04.0028 3408  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:10:04.0075 3408  WerSvc - ok
14:10:04.0091 3408  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:04.0122 3408  WfpLwf - ok
14:10:04.0153 3408  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:10:04.0153 3408  WIMMount - ok
14:10:04.0184 3408  WinDefend - ok
14:10:04.0200 3408  WinHttpAutoProxySvc - ok
14:10:04.0247 3408  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:10:04.0356 3408  Winmgmt - ok
14:10:04.0450 3408  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:10:04.0574 3408  WinRM - ok
14:10:04.0684 3408  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:10:04.0699 3408  WinUsb - ok
14:10:04.0746 3408  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:10:04.0777 3408  Wlansvc - ok
14:10:04.0840 3408  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:10:04.0886 3408  WmiAcpi - ok
14:10:04.0949 3408  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:10:04.0996 3408  wmiApSrv - ok
14:10:05.0027 3408  WMPNetworkSvc - ok
14:10:05.0058 3408  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:10:05.0089 3408  WPCSvc - ok
14:10:05.0136 3408  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:10:05.0152 3408  WPDBusEnum - ok
14:10:05.0183 3408  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:10:05.0261 3408  ws2ifsl - ok
14:10:05.0292 3408  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:10:05.0354 3408  wscsvc - ok
14:10:05.0354 3408  WSearch - ok
14:10:05.0464 3408  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:10:05.0573 3408  wuauserv - ok
14:10:05.0588 3408  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:10:05.0651 3408  WudfPf - ok
14:10:05.0713 3408  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:05.0791 3408  WUDFRd - ok
14:10:05.0822 3408  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:10:05.0885 3408  wudfsvc - ok
14:10:05.0916 3408  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:10:05.0994 3408  WwanSvc - ok
14:10:06.0041 3408  ================ Scan global ===============================
14:10:06.0072 3408  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:10:06.0134 3408  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0150 3408  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0181 3408  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:10:06.0212 3408  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:10:06.0212 3408  [Global] - ok
14:10:06.0228 3408  ================ Scan MBR ==================================
14:10:06.0244 3408  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:10:07.0133 3408  \Device\Harddisk0\DR0 - ok
14:10:07.0133 3408  ================ Scan VBR ==================================
14:10:07.0180 3408  [ 43D10C8A701FE2AE33CB41AD4C40F808 ] \Device\Harddisk0\DR0\Partition1
14:10:07.0180 3408  \Device\Harddisk0\DR0\Partition1 - ok
14:10:07.0226 3408  [ 14DD15F13795B58BB155E9730F137D85 ] \Device\Harddisk0\DR0\Partition2
14:10:07.0226 3408  \Device\Harddisk0\DR0\Partition2 - ok
14:10:07.0226 3408  ============================================================
14:10:07.0226 3408  Scan finished
14:10:07.0226 3408  ============================================================
14:10:07.0258 4792  Detected object count: 3
14:10:07.0258 4792  Actual detected object count: 3
14:10:45.0696 4792  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:45.0696 4792  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:10:45.0696 4792  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:45.0696 4792  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:10:45.0712 4792  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:45.0712 4792  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Geändert von cheekylisa (07.05.2013 um 13:15 Uhr)

Alt 07.05.2013, 13:34   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



Das ist noch ein Fund im Java-Cache, machen wir später weg

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2013, 13:51   #15
cheekylisa
 
GVU Trojaner 2.12 - Bereinigung - Standard

GVU Trojaner 2.12 - Bereinigung



JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2521884591-20305894-1218270197-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\blabbers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savings sidekick_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savings sidekick_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\***‚\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\wi3c8a~1"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"

user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2319825.CTID", "CT2319825");
user_pref("CT2319825.CurrentServerDate", "12-12-2010");
user_pref("CT2319825.DialogsAlignMode", "LTR");
user_pref("CT2319825.EMailNotifierPollDate", "Sun Dec 12 2010 16:02:34 GMT+0100");
user_pref("CT2319825.FeedPollDate11908299", "Sun Dec 12 2010 15:52:36 GMT+0100");
user_pref("CT2319825.FirstServerDate", "12-12-2010");
user_pref("CT2319825.FirstTime", true);
user_pref("CT2319825.FirstTimeFF3", true);
user_pref("CT2319825.FixPageNotFoundErrors", true);
user_pref("CT2319825.GroupingServerCheckInterval", 1440);
user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2319825.Initialize", true);
user_pref("CT2319825.InitializeCommonPrefs", true);
user_pref("CT2319825.InstalledDate", "Sun Dec 12 2010 09:22:27 GMT+0100");
user_pref("CT2319825.InvalidateCache", false);
user_pref("CT2319825.IsGrouping", false);
user_pref("CT2319825.IsMulticommunity", false);
user_pref("CT2319825.IsOpenThankYouPage", false);
user_pref("CT2319825.IsOpenUninstallPage", true);
user_pref("CT2319825.LanguagePackLastCheckTime", "Sun Dec 12 2010 09:22:30 GMT+0100");
user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2319825.LastLogin_2.5.8.6", "Sun Dec 12 2010 13:22:31 GMT+0100");
user_pref("CT2319825.LatestVersion", "2.7.2.0");
user_pref("CT2319825.Locale", "de");
user_pref("CT2319825.LoginCache", 4);
user_pref("CT2319825.MCDetectTooltipHeight", "83");
user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2319825.MCDetectTooltipWidth", "295");
user_pref("CT2319825.RadioIsPodcast", false);
user_pref("CT2319825.RadioLastCheckTime", "Sun Dec 12 2010 09:22:31 GMT+0100");
user_pref("CT2319825.RadioLastUpdateIPServer", "3");
user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
user_pref("CT2319825.RadioMediaID", "11949532");
user_pref("CT2319825.RadioMediaType", "Media Player");
user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
user_pref("CT2319825.RadioStationName", "1Live");
user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
user_pref("CT2319825.SHRINK_TOOLBAR", 1);
user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2319825.SearchFromAddressBarIsInit", true);
user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
user_pref("CT2319825.SearchInNewTabEnabled", true);
user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Dec 12 2010 09:22:30 GMT+0100");
user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SettingsCheckIntervalMin", 120);
user_pref("CT2319825.SettingsLastCheckTime", "Sun Dec 12 2010 09:22:25 GMT+0100");
user_pref("CT2319825.SettingsLastUpdate", "1291980849");
user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun Dec 12 2010 09:22:20 GMT+0100");
user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2319825.Uninstall", true);
user_pref("CT2319825.UserID", "UN52104729979919363");
user_pref("CT2319825.WeatherNetwork", "");
user_pref("CT2319825.WeatherPollDate", "Sun Dec 12 2010 15:52:37 GMT+0100");
user_pref("CT2319825.WeatherUnit", "C");
user_pref("CT2319825.alertChannelId", "715912");
user_pref("CT2319825.backendstorage.id", "32343438333530");
user_pref("CT2319825.clientLogIsEnabled", true);
user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2319825.myStuffEnabled", true);
user_pref("CT2319825.myStuffPublihserMinWidth", 400);
user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2724386.CTID", "ct2724407");
user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Wed Mar 16 2011 20:26:12 GMT+0100");
user_pref("CT2724386.CurrentServerDate", "16-3-2011");
user_pref("CT2724386.DialogsAlignMode", "LTR");
user_pref("CT2724386.DownloadReferralCookieData", "");
user_pref("CT2724386.FirstServerDate", "16-3-2011");
user_pref("CT2724386.FirstTime", true);
user_pref("CT2724386.FirstTimeFF3", true);
user_pref("CT2724386.FirstTimeSettingsDone", true);
user_pref("CT2724386.FixPageNotFoundErrors", true);
user_pref("CT2724386.GroupingLastCheckTime", "Wed Mar 16 2011 20:26:14 GMT+0100");
user_pref("CT2724386.GroupingLastErrorCode", "");
user_pref("CT2724386.GroupingLastResponse", true);
user_pref("CT2724386.GroupingLastServerUpdateTime", "129440657457670000");
user_pref("CT2724386.GroupingServerCheckInterval", 1440);
user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2724386.Initialize", true);
user_pref("CT2724386.InitializeCommonPrefs", true);
user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
user_pref("CT2724386.InstallationType", "ConduitIntegration");
user_pref("CT2724386.InstalledDate", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.IsGrouping", true);
user_pref("CT2724386.IsMulticommunity", false);
user_pref("CT2724386.IsOpenThankYouPage", false);
user_pref("CT2724386.IsOpenUninstallPage", true);
user_pref("CT2724386.LanguagePackLastCheckTime", "Wed Mar 16 2011 20:26:15 GMT+0100");
user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2724386.LastLogin_2.7.2.0", "Wed Mar 16 2011 20:26:16 GMT+0100");
user_pref("CT2724386.LatestVersion", "3.2.5.2");
user_pref("CT2724386.Locale", "en");
user_pref("CT2724386.LoginCache", 4);
user_pref("CT2724386.MCDetectTooltipHeight", "83");
user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2724386.MCDetectTooltipWidth", "295");
user_pref("CT2724386.RadioIsPodcast", false);
user_pref("CT2724386.RadioMediaID", "21080119");
user_pref("CT2724386.RadioMediaType", "Media Player");
user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119");
user_pref("CT2724386.RadioStationName", "Royal-Radio%20");
user_pref("CT2724386.RadioStationURL", "");
user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2724386&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2724386.SearchFromAddressBarIsInit", true);
user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&q=");
user_pref("CT2724386.SearchInNewTabEnabled", true);
user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
user_pref("CT2724386.SearchInNewTabLastCheckTime", "Wed Mar 16 2011 20:26:15 GMT+0100");
user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2724386.SettingsCheckIntervalMin", 120);
user_pref("CT2724386.SettingsLastCheckTime", "Wed Mar 16 2011 20:26:12 GMT+0100");
user_pref("CT2724386.SettingsLastUpdate", "1299584945");
user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 20:26:11 GMT+0100");
user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
user_pref("CT2724386.Uninstall", true);
user_pref("CT2724386.UserID", "UN00772594986752139");
user_pref("CT2724386.WeatherNetwork", "");
user_pref("CT2724386.WeatherPollDate", "Wed Mar 16 2011 20:26:15 GMT+0100");
user_pref("CT2724386.WeatherUnit", "C");
user_pref("CT2724386.clientLogIsEnabled", true);
user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR");
user_pref("CT2724386.ct2724407.FirstTimeSettingsDone", true);
user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false);
user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.ct2724407.GroupingLastErrorCode", "");
user_pref("CT2724386.ct2724407.GroupingLastResponse", true);
user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129436467272530000");
user_pref("CT2724386.ct2724407.InvalidateCache", false);
user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Wed Mar 16 2011 20:26:20 GMT+0100");
user_pref("CT2724386.ct2724407.Locale", "de");
user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Wed Mar 16 2011 20:26:14 GMT+0100");
user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3");
user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000");
user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2724407&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2724386.ct2724407.SettingsCheckIntervalMin", 120);
user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1299165927");
user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2724386.myStuffEnabled", true);
user_pref("CT2724386.myStuffPublihserMinWidth", 400);
user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2319825,CT2724386");
user_pref("CommunityToolbar.ToolbarsList2", "CT2319825,CT2724386");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("browser.search.order.1", "iLivid Web Search");
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAASCwAAEgsAAAAAAAAAAAAA9IVCS
user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");
Emptied folder: C:\Users\***‚\AppData\Roaming\mozilla\firefox\profiles\kjmn017r.default\minidumps [106 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2013 at 14:46:05,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

adwCleaner:

Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 07/05/2013 um 14:51:43 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - UNSER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Users\Katja & René\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Katja & René\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Katja & René\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Katja & René\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\Katja & René\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\Conduit
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\jetpack
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB58C757-0291-4A3C-AD39-8330384952DA}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB58C757-0291-4A3C-AD39-8330384952DA}
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB58C757-0291-4A3C-AD39-8330384952DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [13266 octets] - [07/05/2013 14:51:43]

########## EOF - C:\AdwCleaner[S1].txt - [13327 octets] ##########
         
Und OTL:

Code:
ATTFilter
OTL logfile created on: 07.05.2013 14:59:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,58% Memory free
7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 39,19 Gb Free Space | 13,70% Space Free | Partition Type: NTFS
 
Computer Name: UNSER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Katja & René\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{34EE7CA7-4446-4B1B-ABFE-2443F6A64566}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371DE371
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.08 17:35:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 18:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 18:54:20 | 000,000,000 | ---D | M]
 
[2013.04.13 18:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.13 18:54:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2013.01.27 18:28:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.27 18:28:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.27 18:28:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.27 18:28:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.27 18:28:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.27 18:28:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.06 17:45:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B03E39-C5F3-4B3F-ACD5-159C4444188B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.07 14:39:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.07 14:39:05 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.07 12:38:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI
[2013.05.07 12:38:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI
[2013.05.07 12:38:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western_Digital
[2013.05.07 12:38:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital
[2013.05.07 12:38:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2013.05.07 12:38:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2013.05.07 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\EgisTec
[2013.05.07 12:37:38 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.07 12:37:38 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2013.05.07 12:37:38 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.07 12:37:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2013.05.07 12:37:21 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2013.05.07 12:37:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2013.05.07 12:37:15 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2013.05.07 12:37:15 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2013.05.06 20:53:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.06 17:32:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.06 17:32:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.06 17:32:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.06 17:28:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.06 17:28:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.06 13:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.06 13:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.06 13:31:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.06 13:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.06 11:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
[2013.05.06 11:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bridge Bundle
[2013.05.06 10:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.05.06 10:07:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.04.13 18:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 13:33:34 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 13:33:34 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 13:33:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 13:33:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 13:33:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 13:33:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 13:32:24 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 13:32:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 13:32:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 13:32:16 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 13:32:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 13:32:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 13:32:16 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 13:32:01 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 13:32:00 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 13:31:59 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 13:31:59 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 13:31:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 13:31:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2009.11.13 05:12:26 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.07 15:05:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.07 15:02:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 15:02:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 14:55:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.07 14:53:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.07 14:53:34 | 3218,239,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.07 14:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.06 17:45:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.03 17:34:30 | 000,000,151 | ---- | M] () -- C:\ProgramData\2eooc.reg
[2013.05.01 20:38:49 | 004,614,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.01 20:38:49 | 001,808,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.01 20:38:49 | 001,395,536 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.01 20:38:49 | 001,247,030 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.01 20:38:48 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 17:02:40 | 000,491,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.07 12:37:43 | 000,001,409 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.05.07 12:37:39 | 000,001,443 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.06 17:32:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.06 17:32:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.06 17:32:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.06 17:32:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.06 17:32:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.06 10:43:04 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.05.03 17:34:30 | 000,000,151 | ---- | C] () -- C:\ProgramData\2eooc.reg
[2012.08.17 15:05:00 | 000,000,030 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2012.06.10 13:08:40 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI
[2012.06.05 17:33:52 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.06.05 17:33:52 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.06.05 17:33:52 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.06.05 17:33:52 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.06.05 17:33:52 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.06.05 17:33:52 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.06.05 17:33:52 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.06.05 17:33:52 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.06.05 17:33:52 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.06.05 17:33:52 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.06.05 17:33:52 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.06.05 17:33:52 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.06.05 17:33:52 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.06.05 17:33:52 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.06.05 17:33:52 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.06.05 17:33:52 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.06.05 17:33:52 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.06.05 17:33:52 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.06.05 17:33:52 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.04.06 19:28:43 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.09.06 22:11:39 | 000,000,546 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.12 17:25:17 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
EXTRA:

Code:
ATTFilter
OTL Extras logfile created on: 07.05.2013 14:59:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,58% Memory free
7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 39,19 Gb Free Space | 13,70% Space Free | Partition Type: NTFS
 
Computer Name: UNSER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07534515-4279-4838-BD48-4D4DDEEDA884}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0B7730F5-B2F2-44C0-B214-6B9CBBBFC1AF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{133B9DE5-2A29-4951-89CE-7775289C0E85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{191E8D47-85D0-42C6-872E-17C27CAD250B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C007015-2BE6-41B6-BC06-A0CF071F0F69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{207D4850-34EE-4D27-A570-74164F1080F8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2CE54D45-D94B-4D7D-A03F-E56C78892E28}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3A3EBD31-AF94-4D81-B66A-C5419A5718FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3BF0A70D-8038-4E98-8957-501B24E7F8F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44E67230-445A-48F3-AB86-5D56655669C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4B3CC7FF-FC19-42AD-9AA3-5853795DF9DF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7E00DE80-2D82-4FEB-A61B-5DF30208DFCC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A352118-FDE2-41A9-B9FC-51E260D2F3E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C469BE9-CE17-420F-A1CA-3DC555FFE2D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EECA039-F83F-4B82-8455-58DA841C4D0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9327967D-E982-4B29-9FF0-6A3ECCE21FB7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{99FAD311-814A-47E9-B477-05B0F0BDFC09}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9EA2AF58-75E0-4DE7-A3C7-0494732445CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F36B42A-24E9-44A6-A339-0C8A8E13FDFB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BD91E892-A647-44FB-B8C2-0E4D4B3C151C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E8FFF986-5E1C-4EAF-955E-B1DB6102F110}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E941B719-93DF-4BEF-BBA9-AB2041E04180}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EBA5494E-949B-405D-AE93-18F522A6AA96}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC39760-B939-4D8D-8BF3-D19735D575F6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{105F5115-E1BC-4A2F-B105-8CC34D6AD6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{1660CA06-A496-4C5F-A698-D54A16CE0EF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1ABAD61B-0D56-463E-AD29-0676A11EC839}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E5961BC-E566-41E6-832C-5BCB6F159321}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3722EA27-DB3C-4A06-9C67-3A5F18AE94DF}" = protocol=6 | dir=out | app=system | 
"{3AD9B905-6803-4E4D-A795-47F96E7B9B83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{438D9107-B0AC-417C-BEFE-FC270A888614}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{688CFD35-CAE3-4A87-A757-18AFC6063682}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{69229A09-D2AD-4BE0-B46B-C1F1941D305F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{70F5E9E8-7A23-43A8-BB2B-1642D364188E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{74C0F224-D910-487C-9986-CE234E68FABD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79A326D3-AED1-4575-A5FE-D9A93C9A2AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8235029C-9976-414E-809B-8DA51F5AA86A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8665B50B-6C74-4AA8-BB2E-4A2B915A30AB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{8BD04A67-F7A9-4ADC-A495-79A8D1CE7934}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F91C5D4-B05A-4D1E-B107-DD3C45B00F12}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{9963926C-2B3C-410E-9DF4-88C2FB616127}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe | 
"{9D211442-0201-46B6-8AF7-2D04D0DF6F69}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A3151905-03DC-4600-BF30-342000778DC0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{B096BB4E-1132-4B21-98B1-6CC9F2F9C94D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B291B333-9746-492D-A44D-766FADA2085B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4A3E470-F60E-48C3-9023-5DC82D051079}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BB9D3704-A975-4835-A737-F85307936EDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BD0E1DAD-7CE4-4FB0-AAB2-03BBBCDA32C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C2690B41-2300-4F38-B603-D70A7C6EADD8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CDD782A4-A608-4A9C-8BAF-209BAEB9BA1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CF39EC34-126E-4DD7-AD15-64C45C945C51}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{D0108FE4-FA7B-461C-A566-2ACCE20D5606}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{D1C8EFAD-94B5-45B0-A036-5B319D0F23FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E5EE7649-398D-42F6-9595-046F5A966DE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EC965FD0-8B29-4CD6-8032-1D47F6B353EF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ED056FDE-4FB8-45F9-A210-0D249CB9F9E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F61BE9BE-804C-41C6-9EEA-968334009315}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9E664F5-95A6-42A4-8751-7EF2AB1DCDB2}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe | 
"{FD0F438C-D8F4-4F52-B9B0-344C0055A9BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF3D9B6F-D127-4D94-976F-D8544B6D3997}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D3F8B55-8FA8-449B-7346-56C3ADC3142A}" = ccc-utility64
"{44FEBA86-D067-06F1-F757-B25388B75193}" = ATI Catalyst Install Manager
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{078979DD-66FF-959F-A5B6-B1D7F6320745}" = CCC Help Portuguese
"{083C4FD4-067E-4ABF-2A73-A3B8F00BBF7B}" = CCC Help Korean
"{0BC37DE4-25DA-423A-11D4-847BB417CA52}" = CCC Help Chinese Traditional
"{0BCC9771-828D-431D-E231-1E4DA226FB40}" = CCC Help Polish
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{129D4434-B9AB-4C09-BCE1-110E6C8E10E9}" = MAGIX Screenshare
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27C72889-599F-0A6E-53BF-C4753F12FDDE}" = CCC Help Turkish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31298826-074C-E85A-7193-17FE295B1CB4}" = Catalyst Control Center InstallProxy
"{340912AA-1A68-4D7F-9604-E3520FF69B98}" = MAGIX Fotos auf CD & DVD 10 Deluxe (Sonderedition)
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{390290B2-48D6-4C31-91DC-C4CB9D4CF769}" = MAGIX Speed burnR (MSI)
"{39BFD171-B593-94EE-A24F-E76C00068828}" = CCC Help Dutch
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A38C722-30A9-6319-B84D-EC121CE4E99B}" = CCC Help Chinese Standard
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5E705C6F-7163-9FAC-E599-79769775BED0}" = CCC Help Greek
"{5F2380C8-5443-40E4-8FD5-DE0AEC16B4BC}" = MAGIX Foto Manager 10
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64804F29-8AA2-2FF6-1A54-DAAA0FDC0DC9}" = CCC Help Finnish
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CE0A58B-DA52-8FB2-C255-794813218282}" = Catalyst Control Center Graphics Full Existing
"{6CFCC49A-EBED-749B-C99A-D87D7B2DFFA9}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E10F391-997D-1AA1-E256-EA1721AA1FA9}" = CCC Help Italian
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A26B0A-9185-4F3B-3361-E1F0CC3234B2}" = Catalyst Control Center Localization All
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96282E21-99B9-8009-2508-9BC91BA92E17}" = CCC Help English
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99799EBC-1A17-18CA-85B8-9ED05996FB77}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDCAB7E-6350-EF0B-E631-617FF1F03617}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A7FC0026-B0D5-F858-A751-47147FAF3EA0}" = CCC Help Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD5E481C-B8DA-8E0D-09EC-788C8CB43934}" = Catalyst Control Center Graphics Full New
"{AE03B427-F9F5-7222-061D-F637DFC762DE}" = CCC Help Hungarian
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B73AE5A2-3996-18BE-8A26-3351D3A82A52}" = CCC Help German
"{BBD80A22-43DA-E54F-E119-26EA6C6028F7}" = CCC Help Norwegian
"{C0BCA6DF-438D-6EE0-E7E8-1BC30D372E45}" = ccc-core-static
"{C32EE986-EBF6-7CC1-2B62-9D643AB85A64}" = CCC Help Spanish
"{C433CD2B-B9C6-B4F4-4169-52DF40B8F1D3}" = Catalyst Control Center Graphics Light
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CF9E6971-FCAB-E64D-F76D-EED1DF868631}" = CCC Help Swedish
"{DBD53C08-3BFD-2680-100A-6664F21015E6}" = CCC Help Czech
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4BEC5A4-7851-B0A2-F5E2-88924950F481}" = Catalyst Control Center Core Implementation
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD11E520-80B5-31C4-3CAF-704ECEEA0141}" = CCC Help Russian
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.6
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"EOS Utility" = Canon Utilities EOS Utility
"Free Video Dub_is1" = Free Video Dub version 2.0.12.706
"FTP Commander" = FTP Commander
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"KompoZer_is1" = KompoZer 0.77
"LManager" = Launch Manager
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx_SE" = MAGIX Fotos auf CD & DVD 10 Deluxe (Sonderedition)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Woodcutter Simulator 2012" = Holzfäller Simulator 2012
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"PhotoFiltre" = PhotoFiltre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.05.2013 08:54:02 | Computer Name = Unser | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 07.05.2013 08:58:39 | Computer Name = Unser | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x1198  Startzeit der fehlerhaften Anwendung: 0x01ce4b225ca54028  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 d6149e0d-b715-11e2-b393-93ecb321eaab
 
[ System Events ]
Error - 07.05.2013 08:51:31 | Computer Name = Unser | Source = DCOM | ID = 10010
Description = 
 
Error - 07.05.2013 08:53:37 | Computer Name = Unser | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.05.2013 08:56:30 | Computer Name = Unser | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         
Bin ich den jetzt los ?

Geändert von cheekylisa (07.05.2013 um 13:58 Uhr)

Antwort

Themen zu GVU Trojaner 2.12 - Bereinigung
abgesicherten, acer, ahnung, autostart, avira, dateien, destroy, hochfahren, hoffe, laptop, laufen, mehrere dateien, quarantäne, reboot, rechner, recht, required, schonmal, search, seite, spybot, starte, teilen, trojaner, weiterhelfen, windows




Ähnliche Themen: GVU Trojaner 2.12 - Bereinigung


  1. Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich
    Log-Analyse und Auswertung - 20.03.2014 (11)
  2. Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich
    Mülltonne - 11.03.2014 (0)
  3. Trojaner-Bereinigung hat super geklappt!
    Lob, Kritik und Wünsche - 21.08.2013 (0)
  4. Bereinigung GVU Trojaner SSD
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (4)
  5. Groupon Trojaner. Windows 7. Keine offensichtlichen Probleme. Bereinigung gewünscht (keine Formatierung).
    Log-Analyse und Auswertung - 16.03.2013 (7)
  6. Ausreichende Bereinigung nach GVU-Trojaner
    Log-Analyse und Auswertung - 14.03.2013 (13)
  7. Groupon Trojaner-Bereinigung
    Log-Analyse und Auswertung - 14.03.2013 (72)
  8. BKA Trojaner - Datensicherung - Bereinigung
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (127)
  9. System-Bereinigung nach GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (22)
  10. GVU-Trojaner - vollständige Bereinigung
    Log-Analyse und Auswertung - 20.01.2013 (41)
  11. pc bereinigung nach "GVU"-Trojaner
    Log-Analyse und Auswertung - 18.12.2012 (12)
  12. PC bereinigung nach BKA Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (10)
  13. Vollständige Bereinigung nach dem Trojaner vom System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (11)
  14. Möglichkeit zur Datensicherung und evtl. bereinigung GEMA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (3)
  15. Backdoor Trojaner, JAVA Virus? Nach AntiVir Bereinigung und Malewarebites wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (18)
  16. c:\windows\system32\userinit.exe mit Trojaner (Generic 18.BESH) infiziert, Bereinigung ohne Erfolg
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (8)

Zum Thema GVU Trojaner 2.12 - Bereinigung - Hallo! Diesmal hat es mich auch erwischt. Mit PC-Programmen komme ich recht gut klar, aber von dem "Eingemachten" habe ich nicht so viel Ahnung! Ich habe einen ACER Laptop mit - GVU Trojaner 2.12 - Bereinigung...
Archiv
Du betrachtest: GVU Trojaner 2.12 - Bereinigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.