Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.05.2013, 10:47   #1
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Hallo,

ich hatte gestern auch eine Mail mit einer Mahnung/Inkassoforderung im Postfach. Da sie meine Daten korrekt hatten war ich unsicher und hab die angebliche Rechnungsdatei im Zip-Format dann doch entpackt/geöffnet. Es kam dann aber die Meldung, dass sie nicht geöffnet werden kann. Leider habe ich erst danach gegoogelt...

Mir ist danach am Abend Modzilla zwei mal abgestürzt, was ich sonst nicht kenne. Ich habe gestern noch Antivir durchlaufen lassen, das Programm hat aber nichts gefunden.

siehe hier:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 13. Mai 2013 21:17

Es wird nach 4589920 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : HAINSI

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 21:02:24
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 20:19:46
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 20:19:46
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 20:19:47
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 20:19:25
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:48:31
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 09:11:35
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 09:11:35
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 09:11:36
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 09:11:36
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 09:11:36
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 09:11:36
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 09:11:36
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 09:11:36
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 09:11:36
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 09:11:36
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 09:11:36
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 09:11:36
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 09:11:36
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 18:53:56
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 20:39:07
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 20:39:06
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 20:39:05
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 09:45:55
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 09:45:57
VBASE020.VDF : 7.11.77.145 141312 Bytes 10.05.2013 14:25:19
VBASE021.VDF : 7.11.77.225 155648 Bytes 12.05.2013 15:36:53
VBASE022.VDF : 7.11.78.21 202752 Bytes 13.05.2013 18:28:58
VBASE023.VDF : 7.11.78.22 2048 Bytes 13.05.2013 18:28:58
VBASE024.VDF : 7.11.78.23 2048 Bytes 13.05.2013 18:28:58
VBASE025.VDF : 7.11.78.24 2048 Bytes 13.05.2013 18:28:58
VBASE026.VDF : 7.11.78.25 2048 Bytes 13.05.2013 18:28:58
VBASE027.VDF : 7.11.78.26 2048 Bytes 13.05.2013 18:28:58
VBASE028.VDF : 7.11.78.27 2048 Bytes 13.05.2013 18:28:58
VBASE029.VDF : 7.11.78.28 2048 Bytes 13.05.2013 18:28:58
VBASE030.VDF : 7.11.78.29 2048 Bytes 13.05.2013 18:28:58
VBASE031.VDF : 7.11.78.62 77824 Bytes 13.05.2013 18:28:59
Engineversion : 8.2.12.42
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 19:30:57
AESCRIPT.DLL : 8.1.4.114 483709 Bytes 10.05.2013 14:25:24
AESCN.DLL : 8.1.10.4 131446 Bytes 30.03.2013 14:14:34
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:33:24
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:45:28
AEPACK.DLL : 8.3.2.12 754040 Bytes 09.05.2013 09:46:10
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 10.03.2013 13:49:07
AEHEUR.DLL : 8.1.4.358 5898617 Bytes 13.05.2013 18:29:03
AEHELP.DLL : 8.1.25.10 258425 Bytes 09.05.2013 09:46:00
AEGEN.DLL : 8.1.7.4 442741 Bytes 09.05.2013 09:45:59
AEEXP.DLL : 8.4.0.28 201078 Bytes 10.05.2013 14:25:25
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 19:30:56
AECORE.DLL : 8.1.31.2 201080 Bytes 20.02.2013 10:25:33
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:32:45
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 20:19:46
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 21:02:24
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 20:19:47
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 21:02:23
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 20:19:46
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 20:19:47
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 19:05:02
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 20:19:46
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 19:04:59
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 21:02:23

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 13. Mai 2013 21:17

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdate.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Rainlendar2.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4893' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>


Ende des Suchlaufs: Dienstag, 14. Mai 2013 00:19
Benötigte Zeit: 3:02:06 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

46911 Verzeichnisse wurden überprüft
895894 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
895894 Dateien ohne Befall
6142 Archive wurden durchsucht
0 Warnungen
0 Hinweise
893490 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden



Heute habe ich Malware-Bytes installiert und den Quick-Check gemacht und siehe da, er wurde fündig.

Hier der Log:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Sasha :: HAINSI [Administrator]

Schutz: Aktiviert

14.05.2013 08:58:48
mbam-log-2013-05-14 (08-58-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 273401
Laufzeit: 6 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Claudi\AppData\Local\Temp\leugaeaugu.pre (Trojan.Fakenero.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-2127498475-2954064385-2103805440-1003\$R7W3SWE\tjfotxxn.exe (Trojan.Fakenero.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm\oqdfgrsuul.exe (Trojan.Fakenero.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudi\Downloads\SoftonicDownloader_fuer_mp3directcut.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Dann habe ich den Rechner neu gestartet, was auch problemlos ging und nochmal einen Suchlauf gestartet, der ohne Funde beendet wurde. Siehe hier:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Claudi :: HAINSI [limitiert]

Schutz: Aktiviert

14.05.2013 10:53:07
mbam-log-2013-05-14 (10-53-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199382
Laufzeit: 10 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Ist das so ok mit den Logs, da sie in anderen Einträgen immer in einem Extra-Feld zum Scrollen angezeigt werden. Ich weiß aber nicht, wie ich das anders einfügen soll...

Sollte ich noch weitere Maßnahmen ergreifen, um wirklich sicher zu gehen, dass der Rechner clean ist, wenn ja welche?? Vielen Dank schon mal im Voraus für Antworten.

Alt 14.05.2013, 10:51   #2
smeenk
/// Malwareteam / Visitor
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Hi Malwarto

Ich bin Smeenk und ich werde versuchen Dir zu helfen


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    emptyclsid;
    chromelook;
    autoclean;
    startupall;
    filesrcm;
    firefoxlook;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code]
__________________


Alt 14.05.2013, 11:35   #3
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Hallo Smeenk,

danke für die schnelle Antwort.
Zoek ist durch, hier der Log. Ich mach jetzt weiter mit TDSSKiller.

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by Administrator on 14.05.2013 at 12:03:22,91.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0} deleted successfully

==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default

user.js not found
---- Lines searchnu removed from prefs.js ----


---- Lines searchnu modified from prefs.js ----


---- Lines searchqu removed from prefs.js ----


---- Lines searchqu modified from prefs.js ----


---- Lines ICQ Search removed from prefs.js ----


---- Lines ICQ Search modified from prefs.js ----


---- Lines icq.com removed from prefs.js ----


---- Lines icq.com modified from prefs.js ----


---- Lines Search Results removed from prefs.js ----


---- Lines Search Results modified from prefs.js ----


---- Lines Search-Results removed from prefs.js ----


---- Lines Search-Results modified from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----


---- Lines mybrowserbar removed from prefs.js ----


---- Lines mybrowserbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__1210_.backup

ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen

user.js not found
---- Lines searchnu removed from prefs.js ----


---- Lines searchnu modified from prefs.js ----


---- Lines searchqu removed from prefs.js ----


---- Lines searchqu modified from prefs.js ----


---- Lines ICQ Search removed from prefs.js ----

user_pref("browser.search.defaultenginename", "ICQ Search");

---- Lines ICQ Search modified from prefs.js ----


---- Lines icq.com removed from prefs.js ----

user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");

---- Lines icq.com modified from prefs.js ----


---- Lines Search Results removed from prefs.js ----


---- Lines Search Results modified from prefs.js ----


---- Lines Search-Results removed from prefs.js ----


---- Lines Search-Results modified from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----


---- Lines mybrowserbar removed from prefs.js ----


---- Lines mybrowserbar modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,jqs@sun.com:1.0,pdfforge@mybrowserbar.com:4.1,extension@virtusdesigns.com:3.6.6,wtxpcom@mybrowserbar.com:4.1,{3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1,{5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.6,CrystalFox_Qute@BigRedBrent:3.7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13,{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.13");

---- FireFox user.js and prefs.js backups ---- 

prefs__1210_.backup

ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default

user.js not found
---- Lines searchnu removed from prefs.js ----


---- Lines searchnu modified from prefs.js ----


---- Lines searchqu removed from prefs.js ----


---- Lines searchqu modified from prefs.js ----


---- Lines ICQ Search removed from prefs.js ----


---- Lines ICQ Search modified from prefs.js ----


---- Lines icq.com removed from prefs.js ----


---- Lines icq.com modified from prefs.js ----


---- Lines Search Results removed from prefs.js ----


---- Lines Search Results modified from prefs.js ----


---- Lines Search-Results removed from prefs.js ----

user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

---- Lines Search-Results modified from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----


---- Lines mybrowserbar removed from prefs.js ----


---- Lines mybrowserbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__1210_.backup

ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default

user.js not found
---- Lines searchnu removed from prefs.js ----

user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/410");

---- Lines searchnu modified from prefs.js ----


---- Lines searchqu removed from prefs.js ----


---- Lines searchqu modified from prefs.js ----


---- Lines ICQ Search removed from prefs.js ----


---- Lines ICQ Search modified from prefs.js ----


---- Lines icq.com removed from prefs.js ----


---- Lines icq.com modified from prefs.js ----


---- Lines Search Results removed from prefs.js ----

user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "Search Results");

---- Lines Search Results modified from prefs.js ----


---- Lines Search-Results removed from prefs.js ----

user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

---- Lines Search-Results modified from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----


---- Lines mybrowserbar removed from prefs.js ----


---- Lines mybrowserbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__1210_.backup

ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff

user.js not found
---- Lines searchnu removed from prefs.js ----


---- Lines searchnu modified from prefs.js ----


---- Lines searchqu removed from prefs.js ----


---- Lines searchqu modified from prefs.js ----


---- Lines ICQ Search removed from prefs.js ----

user_pref("browser.search.defaultenginename", "ICQ Search");

---- Lines ICQ Search modified from prefs.js ----


---- Lines icq.com removed from prefs.js ----

user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");

---- Lines icq.com modified from prefs.js ----


---- Lines Search Results removed from prefs.js ----


---- Lines Search Results modified from prefs.js ----


---- Lines Search-Results removed from prefs.js ----


---- Lines Search-Results modified from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----


---- Lines mybrowserbar removed from prefs.js ----


---- Lines mybrowserbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs__1210_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml" deleted
"C:\ProgramData\xml99D2.tmp" deleted
"C:\ProgramData\xmlA798.tmp" deleted
"C:\ProgramData\xmlA7E7.tmp" deleted
"C:\ProgramData\xmlC37E.tmp" deleted
"C:\ProgramData\xmlC459.tmp" deleted
"C:\ProgramData\xmlC4A8.tmp" deleted
"C:\ProgramData\hpothb07.dat" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-1.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-2.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-3.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-4.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-5.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-6.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-7.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin-8.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icqplugin.xml" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchplugins\icq-search.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\searchplugins\Search_Results.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-1.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-2.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-3.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-4.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-5.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-6.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-7.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin-8.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icqplugin.xml" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchplugins\icq-search.xml" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Program Files (x86)\Windows Searchqu Toolbar" deleted
"C:\ProgramData\Partner" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default\searchqutoolbar" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\searchqutoolbar" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default\searchqutoolbar" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\searchqutoolbar" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\searchqutoolbar" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-04-26 10:00:18	079AA86246996F5192821A6FFD2ADC61	303171855	----a-w-	C:\Windows\MEMORY.DMP
====== C:\Users\ADMINI~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-05-14 06:52:45	0BB97D43299910CBFBA59C461B99B910	25928	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2013-04-24 14:17:26	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-01 09:26:00	--------	d-----w-	C:\Program Files\iPod
2013-05-01 09:25:59	--------	d-----w-	C:\Program Files\iTunes
======= C:\Program Files (x86) =====
2013-05-11 17:53:04	--------	d-----w-	C:\Program Files (x86)\Easy Phone Sync
2013-05-09 09:49:37	--------	d-----w-	C:\Program Files (x86)\ipswDownloader
2013-05-01 09:25:59	--------	d-----w-	C:\Program Files (x86)\iTunes
2013-05-01 09:18:30	--------	d-----w-	C:\Program Files (x86)\QuickTime
2013-04-17 15:56:40	--------	d-----w-	C:\Program Files (x86)\Mozilla Thunderbird
=======  =====
====== C:\Users\Administrator\AppData\Roaming ======
2013-05-11 17:51:45	--------	d-----w-	C:\users\Sasha\AppData\Roaming\Media Mushroom Limited
2013-05-09 09:49:37	--------	d-----w-	C:\users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipswDownloader
2013-04-21 11:40:10	F2CA2FDD46962F324402C71D99A0E996	5632	----a-w-	C:\users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
====== C:\Users\Administrator ======
2013-05-11 17:57:09	--------	d-----w-	C:\Users\Sasha\MSYNC
2013-05-11 17:53:13	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Sync
2013-05-01 09:26:51	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-05-01 09:25:59	--------	d-----w-	C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-01 09:18:33	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

====== C: exe-files ==
2013-05-09 09:49:37	BB5064687226107A4F60995FE083B370	53074	----a-w-	C:\Program Files (x86)\ipswDownloader\uninst.exe
=== C: other files ==
2013-05-13 22:00:04	9344D34E2CD574121F8E31C0946ABDAF	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130514-Rainlendar2Backup.zip
2013-05-12 22:00:00	B43A2DBCBC2D36CC138CDCF656ECFF2D	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130513-Rainlendar2Backup.zip
2013-05-11 22:00:00	280C1C5F44DC2328252C126B0BF2A891	1825	----a-w-	C:\Users\Sasha\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 22:00:00	09829C49058FD2DD40B741F2A7725832	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 17:45:42	CB0B99F926B5EFBF08CEEEE672572E2B	1825	----a-w-	C:\Users\Sasha\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-11 09:43:52	9EF915D7E1DAA17409E4F2F59AD56423	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-10 07:26:52	9FEEC725FB04DBB233B32282FBD9039D	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130510-Rainlendar2Backup.zip
2013-05-09 16:10:51	D1B8B1ED186473754F919BC2C13649AF	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130509-Rainlendar2Backup.zip
2013-05-09 09:59:16	25323177557A26701152598B21EE7D55	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2127498475-2954064385-2103805440-1001\$I8FPQCB.zip
2013-05-09 09:47:39	037B3525B8C257A80C10FD588C5623B0	487707	----a-w-	C:\$Recycle.Bin\S-1-5-21-2127498475-2954064385-2103805440-1001\$R8FPQCB.zip
2013-05-09 09:41:15	5D41C9C507D9959A28BFF50E708DE4B6	1825	----a-w-	C:\Users\Sasha\.rainlendar2\backups\20130509-Rainlendar2Backup.zip
2013-05-07 22:00:01	8A54EEAA0CCA3DA094967660AC66F5DA	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130508-Rainlendar2Backup.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe"
"cxrvtxxn"="C:\Users\Claudi\Zzrhrhb\tjfotxxn.exe"
"iuxksuul"="C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm\oqdfgrsuul.exe"
"mixeren"="C:\Users\Claudi\AppData\Roaming\mixeren.exe -autorun"

[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-500\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DATAMNGR"="C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
" Malwarebytes Anti-Malware  (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFPrint]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDFPrint"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF24\\pdf24.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMBVolumeWatcher"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PureSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PureSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\PureSync\\PureSyncTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpqtra08.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\Windows\\pss\\hp psc 2000 Series.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\Windows\\pss\\hpoddt01.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sasha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
"item"="OneNote 2010 Bildschirmausschnitt- und Startprogramm"
"path"="C:\\Users\\Sasha\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~2\\Office14\\ONENOTEM.EXE"


==== Startup Folders ======================

2013-02-20 09:57:58	1052	----a-w-	C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-01-06 22:01:14	1348	----a-w-	C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12.03.2013 21:38]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen
- Undetermined - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Undetermined - C:\Programme\Java\jre6\lib\deploy\jqs\ff
- Undetermined - C:\Programme\pdfforge Toolbar\FF
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\extension@virtusdesigns.com
- Undetermined - C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\CrystalFox_Qute@BigRedBrent
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}

ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- HS-Fulda Theme - %ProfilePath%\extensions\{08198ea0-e430-11df-bccf-0800200c9a66}.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi

ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
- Stealthy - %ProfilePath%\extensions\stealthyextension@gmail.com.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- FXChrome - %ProfilePath%\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Deleting Files \ Folders ======================

"C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted
"C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}" deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582"
"Default_Page_URL"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE413DE413"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Claudi\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sasha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zmz3mvt4.default\Cache emptied successfully
C:\users\Claudi\AppData\Local\Mozilla\Firefox\Profiles\sde4qaok.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully
         
So, hier ist der Log vom TDSSKiller:

Code:
ATTFilter
12:41:20.0195 2676  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:41:20.0476 2676  ============================================================
12:41:20.0476 2676  Current date / time: 2013/05/14 12:41:20.0476
12:41:20.0476 2676  SystemInfo:
12:41:20.0476 2676  
12:41:20.0476 2676  OS Version: 6.1.7601 ServicePack: 1.0
12:41:20.0476 2676  Product type: Workstation
12:41:20.0476 2676  ComputerName: HAINSI
12:41:20.0476 2676  UserName: Administrator
12:41:20.0476 2676  Windows directory: C:\Windows
12:41:20.0476 2676  System windows directory: C:\Windows
12:41:20.0476 2676  Running under WOW64
12:41:20.0476 2676  Processor architecture: Intel x64
12:41:20.0476 2676  Number of processors: 4
12:41:20.0476 2676  Page size: 0x1000
12:41:20.0476 2676  Boot type: Normal boot
12:41:20.0476 2676  ============================================================
12:41:21.0240 2676  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:41:21.0240 2676  ============================================================
12:41:21.0240 2676  \Device\Harddisk0\DR0:
12:41:21.0240 2676  MBR partitions:
12:41:21.0240 2676  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
12:41:21.0240 2676  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
12:41:21.0240 2676  ============================================================
12:41:21.0256 2676  C: <-> \Device\Harddisk0\DR0\Partition2
12:41:21.0256 2676  ============================================================
12:41:21.0256 2676  Initialize success
12:41:21.0256 2676  ============================================================
12:42:14.0842 4476  ============================================================
12:42:14.0842 4476  Scan started
12:42:14.0842 4476  Mode: Manual; SigCheck; TDLFS; 
12:42:14.0842 4476  ============================================================
12:42:15.0544 4476  ================ Scan system memory ========================
12:42:15.0544 4476  System memory - ok
12:42:15.0544 4476  ================ Scan services =============================
12:42:15.0762 4476  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:42:15.0918 4476  1394ohci - ok
12:42:15.0981 4476  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:42:16.0012 4476  ACPI - ok
12:42:16.0090 4476  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:42:16.0137 4476  AcpiPmi - ok
12:42:16.0293 4476  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:42:16.0355 4476  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:42:16.0355 4476  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:42:16.0480 4476  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:42:16.0495 4476  AdobeARMservice - ok
12:42:16.0683 4476  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:42:16.0714 4476  AdobeFlashPlayerUpdateSvc - ok
12:42:16.0761 4476  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:42:16.0807 4476  adp94xx - ok
12:42:16.0839 4476  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:42:16.0870 4476  adpahci - ok
12:42:16.0917 4476  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:42:16.0948 4476  adpu320 - ok
12:42:16.0995 4476  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:42:17.0073 4476  AeLookupSvc - ok
12:42:17.0119 4476  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:42:17.0182 4476  AFD - ok
12:42:17.0197 4476  AFS - ok
12:42:17.0244 4476  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:42:17.0275 4476  agp440 - ok
12:42:17.0307 4476  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:42:17.0400 4476  ALG - ok
12:42:17.0463 4476  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:42:17.0494 4476  aliide - ok
12:42:17.0525 4476  [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:42:17.0587 4476  AMD External Events Utility - ok
12:42:17.0603 4476  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:42:17.0619 4476  amdide - ok
12:42:17.0665 4476  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:42:17.0728 4476  AmdK8 - ok
12:42:17.0899 4476  [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:42:18.0180 4476  amdkmdag - ok
12:42:18.0243 4476  [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:42:18.0305 4476  amdkmdap - ok
12:42:18.0336 4476  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:42:18.0383 4476  AmdPPM - ok
12:42:18.0461 4476  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:42:18.0492 4476  amdsata - ok
12:42:18.0555 4476  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:42:18.0586 4476  amdsbs - ok
12:42:18.0601 4476  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:42:18.0633 4476  amdxata - ok
12:42:18.0726 4476  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:42:18.0742 4476  AntiVirSchedulerService - ok
12:42:18.0804 4476  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:42:18.0820 4476  AntiVirService - ok
12:42:18.0882 4476  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:42:18.0976 4476  AppID - ok
12:42:19.0023 4476  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:42:19.0116 4476  AppIDSvc - ok
12:42:19.0194 4476  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:42:19.0288 4476  Appinfo - ok
12:42:19.0444 4476  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:42:19.0459 4476  Apple Mobile Device - ok
12:42:19.0491 4476  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:42:19.0522 4476  arc - ok
12:42:19.0537 4476  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:42:19.0569 4476  arcsas - ok
12:42:19.0693 4476  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:42:19.0740 4476  aspnet_state - ok
12:42:19.0771 4476  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:42:19.0849 4476  AsyncMac - ok
12:42:19.0912 4476  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:42:19.0927 4476  atapi - ok
12:42:20.0021 4476  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:42:20.0130 4476  athr - ok
12:42:20.0193 4476  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
12:42:20.0239 4476  atksgt - ok
12:42:20.0333 4476  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:42:20.0427 4476  AudioEndpointBuilder - ok
12:42:20.0458 4476  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:42:20.0505 4476  AudioSrv - ok
12:42:20.0583 4476  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:42:20.0598 4476  avgntflt - ok
12:42:20.0645 4476  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:42:20.0676 4476  avipbb - ok
12:42:20.0692 4476  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:42:20.0707 4476  avkmgr - ok
12:42:20.0801 4476  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:42:20.0926 4476  AxInstSV - ok
12:42:20.0988 4476  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:42:21.0097 4476  b06bdrv - ok
12:42:21.0113 4476  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:42:21.0175 4476  b57nd60a - ok
12:42:21.0222 4476  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:42:21.0300 4476  BDESVC - ok
12:42:21.0331 4476  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:42:21.0425 4476  Beep - ok
12:42:21.0519 4476  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:42:21.0612 4476  BFE - ok
12:42:21.0675 4476  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:42:21.0784 4476  BITS - ok
12:42:21.0831 4476  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:42:21.0877 4476  blbdrive - ok
12:42:22.0002 4476  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:42:22.0033 4476  Bonjour Service - ok
12:42:22.0096 4476  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:42:22.0158 4476  bowser - ok
12:42:22.0205 4476  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:42:22.0267 4476  BrFiltLo - ok
12:42:22.0283 4476  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:42:22.0345 4476  BrFiltUp - ok
12:42:22.0408 4476  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:42:22.0486 4476  Browser - ok
12:42:22.0501 4476  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:42:22.0579 4476  Brserid - ok
12:42:22.0595 4476  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:42:22.0642 4476  BrSerWdm - ok
12:42:22.0689 4476  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:42:22.0735 4476  BrUsbMdm - ok
12:42:22.0767 4476  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:42:22.0813 4476  BrUsbSer - ok
12:42:22.0845 4476  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:42:22.0891 4476  BTHMODEM - ok
12:42:22.0923 4476  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:42:23.0001 4476  bthserv - ok
12:42:23.0032 4476  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:42:23.0110 4476  cdfs - ok
12:42:23.0188 4476  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:42:23.0250 4476  cdrom - ok
12:42:23.0328 4476  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:42:23.0422 4476  CertPropSvc - ok
12:42:23.0469 4476  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:42:23.0500 4476  circlass - ok
12:42:23.0593 4476  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:42:23.0640 4476  CLFS - ok
12:42:23.0718 4476  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:42:23.0749 4476  clr_optimization_v2.0.50727_32 - ok
12:42:23.0859 4476  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:42:23.0890 4476  clr_optimization_v2.0.50727_64 - ok
12:42:23.0983 4476  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:42:24.0046 4476  clr_optimization_v4.0.30319_32 - ok
12:42:24.0077 4476  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:42:24.0093 4476  clr_optimization_v4.0.30319_64 - ok
12:42:24.0124 4476  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:42:24.0186 4476  CmBatt - ok
12:42:24.0233 4476  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:42:24.0264 4476  cmdide - ok
12:42:24.0327 4476  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:42:24.0389 4476  CNG - ok
12:42:24.0436 4476  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:42:24.0467 4476  Compbatt - ok
12:42:24.0498 4476  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:42:24.0576 4476  CompositeBus - ok
12:42:24.0592 4476  COMSysApp - ok
12:42:24.0607 4476  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:42:24.0639 4476  crcdisk - ok
12:42:24.0701 4476  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:42:24.0763 4476  CryptSvc - ok
12:42:24.0841 4476  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:42:24.0919 4476  DcomLaunch - ok
12:42:24.0966 4476  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:42:25.0013 4476  defragsvc - ok
12:42:25.0060 4476  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:42:25.0153 4476  DfsC - ok
12:42:25.0247 4476  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:42:25.0325 4476  Dhcp - ok
12:42:25.0356 4476  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:42:25.0403 4476  discache - ok
12:42:25.0434 4476  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:42:25.0465 4476  Disk - ok
12:42:25.0512 4476  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:42:25.0606 4476  Dnscache - ok
12:42:25.0653 4476  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:42:25.0746 4476  dot3svc - ok
12:42:25.0793 4476  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:42:25.0887 4476  DPS - ok
12:42:25.0933 4476  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:42:25.0996 4476  drmkaud - ok
12:42:26.0089 4476  [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:42:26.0121 4476  DsiWMIService - ok
12:42:26.0214 4476  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:42:26.0245 4476  dtsoftbus01 - ok
12:42:26.0323 4476  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:42:26.0417 4476  DXGKrnl - ok
12:42:26.0448 4476  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:42:26.0511 4476  EapHost - ok
12:42:26.0620 4476  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:42:26.0823 4476  ebdrv - ok
12:42:26.0854 4476  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:42:26.0932 4476  EFS - ok
12:42:27.0010 4476  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:42:27.0119 4476  ehRecvr - ok
12:42:27.0150 4476  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:42:27.0228 4476  ehSched - ok
12:42:27.0291 4476  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:42:27.0337 4476  elxstor - ok
12:42:27.0447 4476  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:42:27.0493 4476  ePowerSvc - ok
12:42:27.0556 4476  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:42:27.0587 4476  ErrDev - ok
12:42:27.0665 4476  [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
12:42:27.0696 4476  ETD - ok
12:42:27.0727 4476  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:42:27.0774 4476  EventSystem - ok
12:42:27.0790 4476  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:42:27.0868 4476  exfat - ok
12:42:27.0899 4476  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:42:27.0977 4476  fastfat - ok
12:42:28.0055 4476  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:42:28.0149 4476  Fax - ok
12:42:28.0180 4476  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:42:28.0242 4476  fdc - ok
12:42:28.0289 4476  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:42:28.0367 4476  fdPHost - ok
12:42:28.0398 4476  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:42:28.0476 4476  FDResPub - ok
12:42:28.0507 4476  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:42:28.0523 4476  FileInfo - ok
12:42:28.0554 4476  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:42:28.0648 4476  Filetrace - ok
12:42:28.0741 4476  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:42:28.0804 4476  FLEXnet Licensing Service - ok
12:42:28.0835 4476  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:42:28.0882 4476  flpydisk - ok
12:42:28.0975 4476  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:42:29.0007 4476  FltMgr - ok
12:42:29.0085 4476  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:42:29.0209 4476  FontCache - ok
12:42:29.0272 4476  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:42:29.0303 4476  FontCache3.0.0.0 - ok
12:42:29.0334 4476  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:42:29.0350 4476  FsDepends - ok
12:42:29.0397 4476  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:42:29.0428 4476  Fs_Rec - ok
12:42:29.0506 4476  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:42:29.0568 4476  fvevol - ok
12:42:29.0584 4476  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:42:29.0599 4476  gagp30kx - ok
12:42:29.0646 4476  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:42:29.0677 4476  GEARAspiWDM - ok
12:42:29.0740 4476  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:42:29.0833 4476  gpsvc - ok
12:42:29.0927 4476  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:42:29.0943 4476  GREGService - ok
12:42:30.0067 4476  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:42:30.0083 4476  gupdate - ok
12:42:30.0114 4476  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:42:30.0130 4476  gupdatem - ok
12:42:30.0177 4476  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:42:30.0223 4476  gusvc - ok
12:42:30.0255 4476  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:42:30.0348 4476  hcw85cir - ok
12:42:30.0426 4476  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:42:30.0504 4476  HdAudAddService - ok
12:42:30.0535 4476  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:42:30.0582 4476  HDAudBus - ok
12:42:30.0629 4476  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
12:42:30.0660 4476  HECIx64 - ok
12:42:30.0691 4476  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:42:30.0723 4476  HidBatt - ok
12:42:30.0754 4476  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:42:30.0816 4476  HidBth - ok
12:42:30.0847 4476  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:42:30.0894 4476  HidIr - ok
12:42:30.0925 4476  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:42:31.0003 4476  hidserv - ok
12:42:31.0097 4476  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:42:31.0128 4476  HidUsb - ok
12:42:31.0191 4476  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:42:31.0284 4476  hkmsvc - ok
12:42:31.0331 4476  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:42:31.0378 4476  HomeGroupListener - ok
12:42:31.0440 4476  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:42:31.0471 4476  HomeGroupProvider - ok
12:42:31.0581 4476  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
12:42:37.0415 4476  hpqcxs08 - ok
12:42:37.0493 4476  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
12:42:37.0524 4476  hpqddsvc - ok
12:42:37.0571 4476  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:42:37.0602 4476  HpSAMD - ok
12:42:37.0696 4476  [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC        C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL
12:42:37.0789 4476  HPSLPSVC - ok
12:42:37.0867 4476  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:42:37.0992 4476  HTTP - ok
12:42:38.0039 4476  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:42:38.0070 4476  hwpolicy - ok
12:42:38.0117 4476  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:42:38.0164 4476  i8042prt - ok
12:42:38.0195 4476  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:42:38.0226 4476  iaStor - ok
12:42:38.0304 4476  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:42:38.0320 4476  IAStorDataMgrSvc - ok
12:42:38.0398 4476  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:42:38.0445 4476  iaStorV - ok
12:42:38.0585 4476  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:42:38.0601 4476  IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:42:38.0601 4476  IDriverT - detected UnsignedFile.Multi.Generic (1)
12:42:38.0741 4476  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:42:38.0819 4476  idsvc - ok
12:42:38.0881 4476  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:42:38.0928 4476  iirsp - ok
12:42:38.0975 4476  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:42:39.0115 4476  IKEEXT - ok
12:42:39.0193 4476  [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:42:39.0334 4476  IntcAzAudAddService - ok
12:42:39.0365 4476  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:42:39.0381 4476  intelide - ok
12:42:39.0412 4476  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:42:39.0459 4476  intelppm - ok
12:42:39.0505 4476  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:42:39.0583 4476  IPBusEnum - ok
12:42:39.0646 4476  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:42:39.0724 4476  IpFilterDriver - ok
12:42:39.0771 4476  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:42:39.0817 4476  iphlpsvc - ok
12:42:39.0880 4476  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:42:39.0942 4476  IPMIDRV - ok
12:42:39.0973 4476  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:42:40.0067 4476  IPNAT - ok
12:42:40.0176 4476  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:42:40.0223 4476  iPod Service - ok
12:42:40.0239 4476  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:42:40.0285 4476  IRENUM - ok
12:42:40.0332 4476  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:42:40.0348 4476  isapnp - ok
12:42:40.0395 4476  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:42:40.0441 4476  iScsiPrt - ok
12:42:40.0488 4476  [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
12:42:40.0551 4476  k57nd60a - ok
12:42:40.0613 4476  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:42:40.0644 4476  kbdclass - ok
12:42:40.0707 4476  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:42:40.0753 4476  kbdhid - ok
12:42:40.0785 4476  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:42:40.0800 4476  KeyIso - ok
12:42:40.0863 4476  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:42:40.0894 4476  KSecDD - ok
12:42:40.0909 4476  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:42:40.0925 4476  KSecPkg - ok
12:42:40.0972 4476  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:42:41.0065 4476  ksthunk - ok
12:42:41.0112 4476  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:42:41.0159 4476  KtmRm - ok
12:42:41.0253 4476  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:42:41.0331 4476  LanmanServer - ok
12:42:41.0409 4476  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:42:41.0471 4476  LanmanWorkstation - ok
12:42:41.0518 4476  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
12:42:41.0549 4476  lirsgt - ok
12:42:41.0580 4476  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:42:41.0643 4476  lltdio - ok
12:42:41.0689 4476  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:42:41.0799 4476  lltdsvc - ok
12:42:41.0814 4476  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:42:41.0908 4476  lmhosts - ok
12:42:41.0986 4476  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:42:42.0017 4476  LMS - ok
12:42:42.0064 4476  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:42:42.0079 4476  LSI_FC - ok
12:42:42.0095 4476  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:42:42.0111 4476  LSI_SAS - ok
12:42:42.0142 4476  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:42:42.0157 4476  LSI_SAS2 - ok
12:42:42.0189 4476  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:42:42.0204 4476  LSI_SCSI - ok
12:42:42.0235 4476  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:42:42.0313 4476  luafv - ok
12:42:42.0376 4476  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:42:42.0407 4476  MBAMProtector - ok
12:42:42.0516 4476  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:42:42.0547 4476  MBAMScheduler - ok
12:42:42.0610 4476  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:42:42.0657 4476  MBAMService - ok
12:42:42.0719 4476  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:42:42.0766 4476  Mcx2Svc - ok
12:42:42.0797 4476  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:42:42.0813 4476  megasas - ok
12:42:42.0828 4476  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:42:42.0859 4476  MegaSR - ok
12:42:42.0906 4476  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:42:42.0984 4476  MMCSS - ok
12:42:43.0015 4476  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:42:43.0093 4476  Modem - ok
12:42:43.0125 4476  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:42:43.0156 4476  monitor - ok
12:42:43.0203 4476  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
12:42:43.0218 4476  mouclass - ok
12:42:43.0249 4476  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:42:43.0296 4476  mouhid - ok
12:42:43.0343 4476  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:42:43.0390 4476  mountmgr - ok
12:42:43.0483 4476  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:42:43.0515 4476  MozillaMaintenance - ok
12:42:43.0530 4476  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:42:43.0561 4476  mpio - ok
12:42:43.0577 4476  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:42:43.0639 4476  mpsdrv - ok
12:42:43.0686 4476  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:42:43.0827 4476  MpsSvc - ok
12:42:43.0905 4476  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:42:43.0998 4476  MRxDAV - ok
12:42:44.0029 4476  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:42:44.0076 4476  mrxsmb - ok
12:42:44.0123 4476  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:42:44.0185 4476  mrxsmb10 - ok
12:42:44.0217 4476  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:42:44.0263 4476  mrxsmb20 - ok
12:42:44.0295 4476  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:42:44.0310 4476  msahci - ok
12:42:44.0373 4476  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:42:44.0404 4476  msdsm - ok
12:42:44.0435 4476  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:42:44.0466 4476  MSDTC - ok
12:42:44.0529 4476  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:42:44.0575 4476  Msfs - ok
12:42:44.0591 4476  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:42:44.0638 4476  mshidkmdf - ok
12:42:44.0700 4476  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:42:44.0731 4476  msisadrv - ok
12:42:44.0763 4476  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:42:44.0856 4476  MSiSCSI - ok
12:42:44.0872 4476  msiserver - ok
12:42:44.0903 4476  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:42:44.0997 4476  MSKSSRV - ok
12:42:45.0028 4476  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:42:45.0090 4476  MSPCLOCK - ok
12:42:45.0090 4476  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:42:45.0153 4476  MSPQM - ok
12:42:45.0199 4476  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:42:45.0215 4476  MsRPC - ok
12:42:45.0277 4476  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:42:45.0293 4476  mssmbios - ok
12:42:45.0309 4476  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:42:45.0371 4476  MSTEE - ok
12:42:45.0402 4476  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:42:45.0449 4476  MTConfig - ok
12:42:45.0480 4476  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:42:45.0511 4476  Mup - ok
12:42:45.0543 4476  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:42:45.0558 4476  mwlPSDFilter - ok
12:42:45.0574 4476  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:42:45.0589 4476  mwlPSDNServ - ok
12:42:45.0605 4476  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:42:45.0621 4476  mwlPSDVDisk - ok
12:42:45.0683 4476  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
12:42:45.0714 4476  MWLService - ok
12:42:45.0777 4476  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:42:45.0886 4476  napagent - ok
12:42:45.0933 4476  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:42:45.0995 4476  NativeWifiP - ok
12:42:46.0104 4476  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:42:46.0167 4476  NDIS - ok
12:42:46.0198 4476  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:42:46.0260 4476  NdisCap - ok
12:42:46.0291 4476  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:42:46.0385 4476  NdisTapi - ok
12:42:46.0463 4476  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:42:46.0541 4476  Ndisuio - ok
12:42:46.0619 4476  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:42:46.0744 4476  NdisWan - ok
12:42:46.0837 4476  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:42:46.0931 4476  NDProxy - ok
12:42:47.0040 4476  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:42:47.0071 4476  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:42:47.0071 4476  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:42:47.0118 4476  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:42:47.0212 4476  NetBIOS - ok
12:42:47.0259 4476  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:42:47.0368 4476  NetBT - ok
12:42:47.0399 4476  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:42:47.0399 4476  Netlogon - ok
12:42:47.0446 4476  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:42:47.0539 4476  Netman - ok
12:42:47.0571 4476  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0602 4476  NetMsmqActivator - ok
12:42:47.0602 4476  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0617 4476  NetPipeActivator - ok
12:42:47.0649 4476  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:42:47.0711 4476  netprofm - ok
12:42:47.0727 4476  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0727 4476  NetTcpActivator - ok
12:42:47.0727 4476  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:42:47.0742 4476  NetTcpPortSharing - ok
12:42:47.0789 4476  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:42:47.0805 4476  nfrd960 - ok
12:42:47.0867 4476  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:42:47.0929 4476  NlaSvc - ok
12:42:48.0007 4476  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:42:48.0085 4476  Npfs - ok
12:42:48.0132 4476  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:42:48.0226 4476  nsi - ok
12:42:48.0257 4476  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:42:48.0319 4476  nsiproxy - ok
12:42:48.0413 4476  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:42:48.0522 4476  Ntfs - ok
12:42:48.0616 4476  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
12:42:48.0631 4476  NTI IScheduleSvc - ok
12:42:48.0678 4476  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
12:42:48.0694 4476  NTIDrvr - ok
12:42:48.0772 4476  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:42:48.0850 4476  Null - ok
12:42:48.0897 4476  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:42:48.0928 4476  nvraid - ok
12:42:49.0006 4476  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:42:49.0037 4476  nvstor - ok
12:42:49.0131 4476  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:42:49.0162 4476  nv_agp - ok
12:42:49.0224 4476  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:42:49.0271 4476  ohci1394 - ok
12:42:49.0333 4476  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:42:49.0365 4476  ose - ok
12:42:49.0552 4476  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:42:49.0645 4476  osppsvc - ok
12:42:49.0692 4476  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:42:49.0755 4476  p2pimsvc - ok
12:42:49.0801 4476  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:42:49.0848 4476  p2psvc - ok
12:42:49.0879 4476  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:42:49.0926 4476  Parport - ok
12:42:49.0989 4476  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:42:50.0004 4476  partmgr - ok
12:42:50.0051 4476  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:42:50.0082 4476  PcaSvc - ok
12:42:50.0113 4476  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:42:50.0129 4476  pci - ok
12:42:50.0191 4476  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:42:50.0223 4476  pciide - ok
12:42:50.0254 4476  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:42:50.0301 4476  pcmcia - ok
12:42:50.0316 4476  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:42:50.0332 4476  pcw - ok
12:42:50.0363 4476  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:42:50.0472 4476  PEAUTH - ok
12:42:50.0581 4476  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:42:50.0644 4476  PerfHost - ok
12:42:50.0722 4476  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:42:50.0862 4476  pla - ok
12:42:50.0940 4476  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:42:51.0018 4476  PlugPlay - ok
12:42:51.0159 4476  [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
12:42:51.0190 4476  PMBDeviceInfoProvider - ok
12:42:51.0268 4476  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:42:51.0283 4476  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:42:51.0283 4476  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:42:51.0315 4476  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:42:51.0330 4476  PNRPAutoReg - ok
12:42:51.0346 4476  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:42:51.0361 4476  PNRPsvc - ok
12:42:51.0424 4476  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:42:51.0486 4476  PolicyAgent - ok
12:42:51.0517 4476  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:42:51.0564 4476  Power - ok
12:42:51.0627 4476  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:42:51.0736 4476  PptpMiniport - ok
12:42:51.0783 4476  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:42:51.0814 4476  Processor - ok
12:42:51.0907 4476  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:42:51.0970 4476  ProfSvc - ok
12:42:51.0985 4476  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:42:52.0017 4476  ProtectedStorage - ok
12:42:52.0095 4476  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:42:52.0173 4476  Psched - ok
12:42:52.0251 4476  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:42:52.0282 4476  PxHlpa64 - ok
12:42:52.0329 4476  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:42:52.0407 4476  ql2300 - ok
12:42:52.0422 4476  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:42:52.0453 4476  ql40xx - ok
12:42:52.0485 4476  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:42:52.0516 4476  QWAVE - ok
12:42:52.0531 4476  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:42:52.0578 4476  QWAVEdrv - ok
12:42:52.0609 4476  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:42:52.0641 4476  RasAcd - ok
12:42:52.0687 4476  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:42:52.0781 4476  RasAgileVpn - ok
12:42:52.0812 4476  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:42:52.0859 4476  RasAuto - ok
12:42:52.0906 4476  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:42:52.0984 4476  Rasl2tp - ok
12:42:53.0015 4476  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:42:53.0093 4476  RasMan - ok
12:42:53.0124 4476  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:42:53.0171 4476  RasPppoe - ok
12:42:53.0187 4476  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:42:53.0249 4476  RasSstp - ok
12:42:53.0296 4476  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:42:53.0374 4476  rdbss - ok
12:42:53.0389 4476  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:42:53.0405 4476  rdpbus - ok
12:42:53.0436 4476  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:42:53.0499 4476  RDPCDD - ok
12:42:53.0545 4476  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:42:53.0623 4476  RDPENCDD - ok
12:42:53.0655 4476  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:42:53.0701 4476  RDPREFMP - ok
12:42:53.0764 4476  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:42:53.0842 4476  RDPWD - ok
12:42:53.0904 4476  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:42:53.0951 4476  rdyboost - ok
12:42:53.0982 4476  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:42:54.0060 4476  RemoteAccess - ok
12:42:54.0107 4476  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:42:54.0216 4476  RemoteRegistry - ok
12:42:54.0247 4476  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:42:54.0310 4476  RpcEptMapper - ok
12:42:54.0357 4476  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:42:54.0372 4476  RpcLocator - ok
12:42:54.0435 4476  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:42:54.0497 4476  RpcSs - ok
12:42:54.0544 4476  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:42:54.0637 4476  rspndr - ok
12:42:54.0700 4476  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:42:54.0731 4476  RSUSBSTOR - ok
12:42:54.0793 4476  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:42:54.0825 4476  RTHDMIAzAudService - ok
12:42:54.0840 4476  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:42:54.0856 4476  SamSs - ok
12:42:54.0934 4476  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x64\Sandra.sys
12:42:54.0965 4476  SANDRA - ok
12:42:54.0981 4476  [ 0595DD5F0E5453C9258665B9DCB992A3 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe
12:42:55.0043 4476  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
12:42:55.0043 4476  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
12:42:55.0090 4476  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:42:55.0105 4476  sbp2port - ok
12:42:55.0137 4476  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:42:55.0183 4476  SCardSvr - ok
12:42:55.0246 4476  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:42:55.0324 4476  scfilter - ok
12:42:55.0386 4476  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:42:55.0464 4476  Schedule - ok
12:42:55.0511 4476  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:42:55.0558 4476  SCPolicySvc - ok
12:42:55.0605 4476  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:42:55.0652 4476  SDRSVC - ok
12:42:55.0808 4476  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
12:42:55.0840 4476  SDScannerService - ok
12:42:55.0933 4476  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:42:55.0964 4476  SDUpdateService - ok
12:42:56.0011 4476  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:42:56.0027 4476  SDWSCService - ok
12:42:56.0058 4476  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:42:56.0136 4476  secdrv - ok
12:42:56.0183 4476  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:42:56.0276 4476  seclogon - ok
12:42:56.0323 4476  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:42:56.0386 4476  SENS - ok
12:42:56.0401 4476  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:42:56.0432 4476  SensrSvc - ok
12:42:56.0464 4476  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:42:56.0495 4476  Serenum - ok
12:42:56.0526 4476  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:42:56.0557 4476  Serial - ok
12:42:56.0604 4476  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:42:56.0651 4476  sermouse - ok
12:42:56.0699 4476  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:42:56.0792 4476  SessionEnv - ok
12:42:56.0839 4476  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:42:56.0901 4476  sffdisk - ok
12:42:56.0933 4476  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:42:56.0964 4476  sffp_mmc - ok
12:42:56.0995 4476  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:42:57.0042 4476  sffp_sd - ok
12:42:57.0089 4476  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:42:57.0135 4476  sfloppy - ok
12:42:57.0213 4476  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:42:57.0323 4476  SharedAccess - ok
12:42:57.0369 4476  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:42:57.0432 4476  ShellHWDetection - ok
12:42:57.0479 4476  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:42:57.0494 4476  SiSRaid2 - ok
12:42:57.0525 4476  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:42:57.0541 4476  SiSRaid4 - ok
12:42:57.0603 4476  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:42:57.0697 4476  SkypeUpdate - ok
12:42:57.0713 4476  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:42:57.0791 4476  Smb - ok
12:42:57.0853 4476  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:42:57.0900 4476  SNMPTRAP - ok
12:42:57.0947 4476  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:42:57.0962 4476  spldr - ok
12:42:58.0025 4476  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:42:58.0103 4476  Spooler - ok
12:42:58.0243 4476  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:42:58.0368 4476  sppsvc - ok
12:42:58.0399 4476  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:42:58.0477 4476  sppuinotify - ok
12:42:58.0586 4476  [ 9AB59CF736981ED1F83C6AB5FAA8BA5C ] sptd            C:\Windows\system32\Drivers\sptd.sys
12:42:58.0633 4476  sptd - ok
12:42:58.0695 4476  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:42:58.0773 4476  srv - ok
12:42:58.0820 4476  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:42:58.0883 4476  srv2 - ok
12:42:58.0914 4476  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:42:58.0945 4476  srvnet - ok
12:42:58.0976 4476  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:42:59.0054 4476  SSDPSRV - ok
12:42:59.0085 4476  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:42:59.0179 4476  SstpSvc - ok
12:42:59.0241 4476  Steam Client Service - ok
12:42:59.0288 4476  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:42:59.0319 4476  stexstor - ok
12:42:59.0382 4476  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:42:59.0429 4476  StillCam - ok
12:42:59.0491 4476  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:42:59.0538 4476  stisvc - ok
12:42:59.0600 4476  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:42:59.0631 4476  swenum - ok
12:42:59.0678 4476  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:42:59.0756 4476  swprv - ok
12:42:59.0819 4476  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:42:59.0912 4476  SysMain - ok
12:42:59.0959 4476  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:43:00.0006 4476  TabletInputService - ok
12:43:00.0068 4476  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:43:00.0209 4476  TapiSrv - ok
12:43:00.0271 4476  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:43:00.0333 4476  TBS - ok
12:43:00.0443 4476  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:43:00.0552 4476  Tcpip - ok
12:43:00.0630 4476  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:43:00.0692 4476  TCPIP6 - ok
12:43:00.0739 4476  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:43:00.0801 4476  tcpipreg - ok
12:43:00.0833 4476  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:43:00.0864 4476  TDPIPE - ok
12:43:00.0926 4476  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:43:00.0973 4476  TDTCP - ok
12:43:01.0051 4476  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:43:01.0145 4476  tdx - ok
12:43:01.0191 4476  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:43:01.0223 4476  TermDD - ok
12:43:01.0285 4476  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:43:01.0394 4476  TermService - ok
12:43:01.0425 4476  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:43:01.0441 4476  Themes - ok
12:43:01.0472 4476  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:43:01.0519 4476  THREADORDER - ok
12:43:01.0535 4476  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:43:01.0597 4476  TrkWks - ok
12:43:01.0706 4476  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:43:01.0769 4476  TrustedInstaller - ok
12:43:01.0815 4476  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:43:01.0878 4476  tssecsrv - ok
12:43:01.0956 4476  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:43:02.0034 4476  TsUsbFlt - ok
12:43:02.0112 4476  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:43:02.0190 4476  tunnel - ok
12:43:02.0221 4476  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:43:02.0252 4476  uagp35 - ok
12:43:02.0283 4476  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
12:43:02.0299 4476  UBHelper - ok
12:43:02.0346 4476  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:43:02.0455 4476  udfs - ok
12:43:02.0502 4476  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:43:02.0549 4476  UI0Detect - ok
12:43:02.0595 4476  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:43:02.0627 4476  uliagpkx - ok
12:43:02.0689 4476  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:43:02.0736 4476  umbus - ok
12:43:02.0783 4476  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:43:02.0845 4476  UmPass - ok
12:43:02.0970 4476  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:43:03.0017 4476  UNS - ok
12:43:03.0079 4476  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:43:03.0095 4476  Updater Service - ok
12:43:03.0126 4476  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:43:03.0204 4476  upnphost - ok
12:43:03.0282 4476  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:43:03.0329 4476  USBAAPL64 - ok
12:43:03.0391 4476  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:43:03.0438 4476  usbaudio - ok
12:43:03.0500 4476  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:43:03.0516 4476  usbccgp - ok
12:43:03.0594 4476  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:43:03.0656 4476  usbcir - ok
12:43:03.0687 4476  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:43:03.0734 4476  usbehci - ok
12:43:03.0765 4476  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:43:03.0828 4476  usbhub - ok
12:43:03.0875 4476  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:43:03.0937 4476  usbohci - ok
12:43:03.0999 4476  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:43:04.0062 4476  usbprint - ok
12:43:04.0093 4476  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:43:04.0155 4476  usbscan - ok
12:43:04.0202 4476  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:43:04.0280 4476  USBSTOR - ok
12:43:04.0327 4476  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:43:04.0358 4476  usbuhci - ok
12:43:04.0421 4476  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:43:04.0483 4476  usbvideo - ok
12:43:04.0514 4476  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:43:04.0577 4476  UxSms - ok
12:43:04.0592 4476  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:43:04.0608 4476  VaultSvc - ok
12:43:04.0686 4476  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:43:04.0717 4476  vdrvroot - ok
12:43:04.0779 4476  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:43:04.0873 4476  vds - ok
12:43:04.0920 4476  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:43:04.0935 4476  vga - ok
12:43:04.0951 4476  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:43:04.0998 4476  VgaSave - ok
12:43:05.0060 4476  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:43:05.0107 4476  vhdmp - ok
12:43:05.0169 4476  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:43:05.0185 4476  viaide - ok
12:43:05.0247 4476  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:43:05.0263 4476  volmgr - ok
12:43:05.0325 4476  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:43:05.0372 4476  volmgrx - ok
12:43:05.0388 4476  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:43:05.0419 4476  volsnap - ok
12:43:05.0466 4476  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:43:05.0481 4476  vsmraid - ok
12:43:05.0559 4476  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:43:05.0653 4476  VSS - ok
12:43:05.0684 4476  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:43:05.0747 4476  vwifibus - ok
12:43:05.0778 4476  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:43:05.0809 4476  vwififlt - ok
12:43:05.0856 4476  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:43:05.0903 4476  vwifimp - ok
12:43:05.0934 4476  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:43:05.0996 4476  W32Time - ok
12:43:06.0027 4476  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:43:06.0059 4476  WacomPen - ok
12:43:06.0137 4476  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:43:06.0230 4476  WANARP - ok
12:43:06.0246 4476  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:43:06.0293 4476  Wanarpv6 - ok
12:43:06.0371 4476  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:43:06.0527 4476  wbengine - ok
12:43:06.0558 4476  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:43:06.0605 4476  WbioSrvc - ok
12:43:06.0667 4476  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:43:06.0729 4476  wcncsvc - ok
12:43:06.0761 4476  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:43:06.0823 4476  WcsPlugInService - ok
12:43:06.0854 4476  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:43:06.0870 4476  Wd - ok
12:43:06.0948 4476  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:43:06.0995 4476  Wdf01000 - ok
12:43:07.0026 4476  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:43:07.0119 4476  WdiServiceHost - ok
12:43:07.0119 4476  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:43:07.0151 4476  WdiSystemHost - ok
12:43:07.0197 4476  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:43:07.0275 4476  WebClient - ok
12:43:07.0307 4476  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:43:07.0385 4476  Wecsvc - ok
12:43:07.0416 4476  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:43:07.0494 4476  wercplsupport - ok
12:43:07.0525 4476  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:43:07.0603 4476  WerSvc - ok
12:43:07.0650 4476  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:43:07.0681 4476  WfpLwf - ok
12:43:07.0697 4476  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:43:07.0712 4476  WIMMount - ok
12:43:07.0743 4476  WinDefend - ok
12:43:07.0759 4476  WinHttpAutoProxySvc - ok
12:43:07.0821 4476  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:43:07.0931 4476  Winmgmt - ok
12:43:08.0024 4476  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:43:08.0180 4476  WinRM - ok
12:43:08.0289 4476  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:43:08.0352 4476  WinUsb - ok
12:43:08.0399 4476  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:43:08.0430 4476  Wlansvc - ok
12:43:08.0617 4476  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:43:08.0664 4476  wlidsvc - ok
12:43:08.0726 4476  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:43:08.0757 4476  WmiAcpi - ok
12:43:08.0789 4476  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:43:08.0851 4476  wmiApSrv - ok
12:43:08.0898 4476  WMPNetworkSvc - ok
12:43:08.0929 4476  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:43:08.0960 4476  WPCSvc - ok
12:43:09.0007 4476  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:43:09.0038 4476  WPDBusEnum - ok
12:43:09.0069 4476  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:43:09.0116 4476  ws2ifsl - ok
12:43:09.0147 4476  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:43:09.0163 4476  wscsvc - ok
12:43:09.0163 4476  WSearch - ok
12:43:09.0257 4476  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:43:09.0366 4476  wuauserv - ok
12:43:09.0428 4476  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:43:09.0506 4476  WudfPf - ok
12:43:09.0522 4476  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:43:09.0584 4476  WUDFRd - ok
12:43:09.0631 4476  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:43:09.0678 4476  wudfsvc - ok
12:43:09.0725 4476  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:43:09.0803 4476  WwanSvc - ok
12:43:09.0834 4476  ================ Scan global ===============================
12:43:09.0865 4476  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:43:09.0912 4476  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:43:09.0959 4476  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:43:09.0974 4476  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:43:10.0005 4476  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:43:10.0005 4476  [Global] - ok
12:43:10.0005 4476  ================ Scan MBR ==================================
12:43:10.0021 4476  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:43:10.0489 4476  \Device\Harddisk0\DR0 - ok
12:43:10.0489 4476  ================ Scan VBR ==================================
12:43:10.0489 4476  [ 120B6DB1BD966B52A21DD2B55D7FF2E3 ] \Device\Harddisk0\DR0\Partition1
12:43:10.0489 4476  \Device\Harddisk0\DR0\Partition1 - ok
12:43:10.0520 4476  [ 4457D88FF58A4EBC1635A985FC7A98E0 ] \Device\Harddisk0\DR0\Partition2
12:43:10.0536 4476  \Device\Harddisk0\DR0\Partition2 - ok
12:43:10.0536 4476  ============================================================
12:43:10.0536 4476  Scan finished
12:43:10.0536 4476  ============================================================
12:43:10.0551 5548  Detected object count: 5
12:43:10.0551 5548  Actual detected object count: 5
12:44:00.0690 5548  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0690 5548  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:44:00.0706 5548  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:44:00.0706 5548  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:44:00.0706 5548  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:44:00.0706 5548  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:44:00.0706 5548  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 14.05.2013, 12:00   #4
smeenk
/// Malwareteam / Visitor
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Es sieht Meiner Meinung nach schon ziemlich sauber aus
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "DATAMNGR"=-;r
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Alt 14.05.2013, 15:14   #5
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Oh, das klingt ja schon mal nicht schlecht.

Hier der ZoekLog:
Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by Administrator on 14.05.2013 at 16:07:42,89.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results14.05.2013-1606.log	35080 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"DATAMNGR"=-
         
Und hier der Log vom Adw Cleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 14/05/2013 um 16:18:37 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Administrator - HAINSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Sasha\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Sasha\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sasha\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff\prefs.js

Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "studivz.de||volksbank%20riesa||Avatar%20DVD||Satie%20Klingelton||Vo[...]
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "123530524412353052441235314986329");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1270753163);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

Datei : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen\prefs.js

Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "studivz.de||volksbank%20riesa||Avatar%20DVD||Satie%20Klingelton||Vo[...]
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "123530524412353052441235314986329");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1270753163);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

Datei : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7466 octets] - [14/05/2013 16:18:37]

########## EOF - \AdwCleaner[S1].txt - [7526 octets] ##########
         
--- --- ---


Alt 14.05.2013, 18:06   #6
smeenk
/// Malwareteam / Visitor
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Mach noch diese Check:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Alt 14.05.2013, 19:17   #7
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Security Check Log:
Code:
ATTFilter
 
Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 29  
 Java 7 Update 13  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1) 
 Mozilla Thunderbird (17.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 15.05.2013, 08:24   #8
smeenk
/// Malwareteam / Visitor
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Mach diese Check: https://www.mozilla.org/de/plugincheck/‎
Veraltete Plugins aktualisieren lassen.

Wenn es keine Probleme mehr gibt denke ich, wir waren fertig

Alt 15.05.2013, 08:52   #9
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Gut, ich habe alles was ausstand aktualisiert, den Rechner nochmal neu hochgefahren und es gibt nichts auffälliges. Super, vielen lieben Dank für die schnelle Hilfe, ich bin begeistert!!!
Was mache ich mit den ganzen installierten Programmen? Kann ich die alle deinstallieren? Oder ist es empfehlenswert zumindest Malwarebytes drauf zu lassen??
Lieben Gruß Malwarto

Jetzt ist der Firefox doch wieder abgestürzt (2x). Ich weiß nicht, kann das damit noch zusammen hängen, da ich das vorher nie hatte?
Diese Meldung erscheint, wenn ich den Browser meist schon eine Weile geöffnet habe.

"Modzilla Absturz Melder
Ein Problem ist aufgetreten und Firefox ist abgestürzt. Es wird versucht, Ihre Tabs und Fenster bei einem Neustart wiederherzustellen.

Um uns zu helfen, dieses Problem zu erkennen und zu reparieren, können Sie uns eine Absturz-Meldung schicken...´"
Kann ich noch irgendetwas tun, um das Problem zu beheben?

Jetzt hab ich nochwas. Beim Hochfahren gerade hat sich Malwarebytes gemeldet und wieder etwas gefunden:
Spyware.Fareit und in Quarantäne verschoben.

Code:
ATTFilter
2013/05/15 08:56:52 +0200	HAINSI	(null)	MESSAGE	Executing scheduled update:  Daily
2013/05/15 08:56:54 +0200	HAINSI	(null)	MESSAGE	Starting protection
2013/05/15 08:56:54 +0200	HAINSI	(null)	MESSAGE	Protection started successfully
2013/05/15 08:56:54 +0200	HAINSI	(null)	MESSAGE	Starting IP protection
2013/05/15 08:56:58 +0200	HAINSI	(null)	MESSAGE	IP Protection started successfully
2013/05/15 08:57:06 +0200	HAINSI	(null)	MESSAGE	Starting database refresh
2013/05/15 08:57:06 +0200	HAINSI	(null)	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.05.14.01 to version v2013.05.15.05
2013/05/15 08:57:06 +0200	HAINSI	(null)	MESSAGE	Stopping IP protection
2013/05/15 08:57:06 +0200	HAINSI	(null)	MESSAGE	IP Protection stopped successfully
2013/05/15 08:57:08 +0200	HAINSI	(null)	MESSAGE	Database refreshed successfully
2013/05/15 08:57:08 +0200	HAINSI	(null)	MESSAGE	Starting IP protection
2013/05/15 08:57:12 +0200	HAINSI	(null)	MESSAGE	IP Protection started successfully
2013/05/15 09:44:12 +0200	HAINSI	Claudi	MESSAGE	Starting protection
2013/05/15 09:44:13 +0200	HAINSI	Claudi	MESSAGE	Protection started successfully
2013/05/15 09:44:13 +0200	HAINSI	Claudi	MESSAGE	Starting IP protection
2013/05/15 09:44:17 +0200	HAINSI	Claudi	MESSAGE	IP Protection started successfully
2013/05/15 15:04:19 +0200	HAINSI	(null)	MESSAGE	Starting protection
2013/05/15 15:04:19 +0200	HAINSI	(null)	MESSAGE	Protection started successfully
2013/05/15 15:04:19 +0200	HAINSI	(null)	MESSAGE	Starting IP protection
2013/05/15 15:04:23 +0200	HAINSI	(null)	MESSAGE	IP Protection started successfully
2013/05/15 15:08:21 +0200	HAINSI	Claudi	DETECTION	C:\Users\Claudi\AppData\Local\Temp\mixerje.exe	Spyware.Fareit	QUARANTINE
         
Kannst du mir bitte nochmal eine Rückmeldung dazu geben, ob ich diesbezüglich wieder etwas unternehmen muss??

Danke, ich hoffe es ist ok, dass ich die Sachen hier noch mit anbringe.

Alt 15.05.2013, 22:10   #10
smeenk
/// Malwareteam / Visitor
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Kannst Du mich auch der Log von Malwarebytes posten, diese ist der Protection Log

Alt 16.05.2013, 08:51   #11
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Malwarebytes hatte ja gestern von selbst den Fund angezeigt ohne das ich einen Suchlauf gemacht habe und in Quarantäne verschoben, da gibt es ja sicher keinen Log dazu, oder?
Habe gerade nochmal einen Suchlauf gestartet, wo nichts mehr gefunden wurde.
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Claudi :: HAINSI [limitiert]

Schutz: Aktiviert

16.05.2013 09:38:29
mbam-log-2013-05-16 (09-38-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203425
Laufzeit: 8 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Der gefunde "Spyware.Fareit" wird noch in quarantäne angezeigt.
Soll ich ihn löschen??

Alt 16.05.2013, 08:57   #12
smeenk
/// Malwareteam / Visitor
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Zitat:
Der gefunde "Spyware.Fareit" wird noch in quarantäne angezeigt.
Soll ich ihn löschen??
Das ist prima

Mach folgendes noch:

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    hijackthis;
    chromelook;
    startupall;
    filesrcm;
    silentrunners;
    firefoxlook;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log

Alt 16.05.2013, 09:13   #13
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Also löschen lässt sich das Ding nicht...

Hier der Log von Zoek:
Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Administrator on 16.05.2013 at 10:02:41,09.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results14.05.2013-1606.log	35080 bytes
C:\zoek-results14.05.2013-1610.log	485 bytes

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-04-26 10:00:18	079AA86246996F5192821A6FFD2ADC61	303171855	----a-w-	C:\Windows\MEMORY.DMP
====== C:\Users\ADMINI~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-15 09:29:33	49834B94A8E8383B700EDDEF46C2AE6A	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 09:29:33	28AEB03752D716BF149DBC93A9ACC17E	391168	----a-w-	C:\Windows\SysWOW64\ieui.dll
2013-05-15 09:29:32	DFDBC397D0DDBD1AFA3CB400D4C003A9	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2013-05-15 09:29:31	F59A16A9418044C1D505C53DA370B099	2046976	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-05-15 09:29:31	5915AA67DECA289F7B4AFB686CDB09E9	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 09:29:31	52AA8A8DA4175580F365D275EB53DBE3	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 09:29:31	3CC9825BFFE7B7429C8B79B0395ACDA8	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2013-05-15 09:29:31	366D8EA2ADCBA228C9487BC6D2427DDC	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 09:29:30	65C95886E1B17001ADDF163AC18C5525	1130496	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-05-15 09:29:29	0142341520F0A0F2B0E312335B96705B	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2013-05-15 09:29:28	C9A062F32FF600C96795B43CD9A53151	2877440	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2013-05-15 09:29:28	03180AFD271BFD88813F428421BC4A1A	39424	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 09:29:27	5ABB3F36AF17007F33FA275E96A2C95E	1767424	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-05-15 09:29:25	7A468BC721C1D34E60389D3F2F87BBEA	14323712	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-05-15 09:29:22	D5E5A86F49ACC11768D8339094C3AFD8	13760512	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-05-15 07:40:10	8255AD29A44B2E14B2DD99319F92A0AB	95648	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-15 07:10:45	565D78187494FB5F08B5A52DEB2AEA7A	12872704	----a-w-	C:\Windows\SysWOW64\shell32.dll
2013-05-15 07:10:44	E904178851A6A44BFA97E064EF779E9D	1796096	----a-w-	C:\Windows\SysWOW64\authui.dll
2013-05-15 07:10:44	1F05F5A16881CD928C82D53CEFCF4477	180224	----a-w-	C:\Windows\SysWOW64\shdocvw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-15 09:29:34	9B2BB51ED6D28860A48CFF46FD6D3DC1	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-05-15 09:29:33	FE6CB2001A8C2A85B617CD3FC85D8242	526336	----a-w-	C:\Windows\Sysnative\ieui.dll
2013-05-15 09:29:32	97588F2871E1FE8E3EB57B17B98DF03B	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2013-05-15 09:29:32	42758AF68D3C4912C8D8A18088AD2555	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2013-05-15 09:29:31	EC6E8273B6CB79CA5B7B00CA82D1FCEE	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2013-05-15 09:29:31	A197763AA7487807279AB61CD6835CEF	89600	----a-w-	C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-05-15 09:29:31	9D6B9124B582F0FBF275B434CE5A672C	2647552	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-05-15 09:29:31	7DAA72F6C30D81EE31EC2BDC90054326	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-05-15 09:29:31	168602AB16D30D5D6E091CA609FC7E75	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2013-05-15 09:29:30	E34F0440799F9A0F9DC4265F4ADA75C1	1365504	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-05-15 09:29:29	772EC073332D1BA2DBEC32C6D063811A	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2013-05-15 09:29:29	2C96C695B6015042AC867EA419A45C20	3958784	----a-w-	C:\Windows\Sysnative\jscript9.dll
2013-05-15 09:29:28	254502230F2259D255D4149C235173B1	53248	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-05-15 09:29:27	27A9000C534AA9BADC9EE74940F50C6D	2242048	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-05-15 09:29:24	C56EF4C50A1FEED0CC9B7AE068CBBBBB	19231232	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-05-15 09:29:23	7F4F74880E0B586EB7A9E225C34B1296	15404032	----a-w-	C:\Windows\Sysnative\ieframe.dll
2013-05-15 07:11:07	943F527DF79E6B400104341AA7023C75	144384	----a-w-	C:\Windows\Sysnative\cdd.dll
2013-05-15 07:10:48	1BFC94665BCA35F9001ADC7BFB167C63	14172672	----a-w-	C:\Windows\Sysnative\shell32.dll
2013-05-15 07:10:46	3EF480BFED1B5947A32585E30A58D4ED	1930752	----a-w-	C:\Windows\Sysnative\authui.dll
2013-05-15 07:10:45	22A0AE97360C1B146FDD9AA55AC0E989	197120	----a-w-	C:\Windows\Sysnative\shdocvw.dll
2013-05-15 07:10:44	E948D1D42DC68923ABD75EEB5BCCD1D3	111448	----a-w-	C:\Windows\Sysnative\consent.exe
2013-05-15 07:10:44	9D2A2369AB4B08A4905FE72DB104498F	70144	----a-w-	C:\Windows\Sysnative\appinfo.dll
2013-05-15 07:10:36	FE90B750AB808FB9DD8FBB428B5FF83B	230400	----a-w-	C:\Windows\Sysnative\wwansvc.dll
2013-05-15 07:10:36	A11523523B31086DD760C0189C763359	3153920	----a-w-	C:\Windows\Sysnative\win32k.sys
2013-05-15 07:10:36	30B1489F2DCD8DC1AB6BB60CA6093615	48640	----a-w-	C:\Windows\Sysnative\wwanprotdim.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-15 07:11:08	AF2E16242AA723F68F461B6EAE2EAD3D	983400	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 07:11:07	1F04CFB79DD5FB7694468CE3FB3DCC31	265064	----a-w-	C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-05-14 06:52:45	0BB97D43299910CBFBA59C461B99B910	25928	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2013-04-24 14:17:26	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-01 09:26:00	--------	d-----w-	C:\Program Files\iPod
2013-05-01 09:25:59	--------	d-----w-	C:\Program Files\iTunes
======= C:\Program Files (x86) =====
2013-05-11 17:53:04	--------	d-----w-	C:\Program Files (x86)\Easy Phone Sync
2013-05-09 09:49:37	--------	d-----w-	C:\Program Files (x86)\ipswDownloader
2013-05-01 09:25:59	--------	d-----w-	C:\Program Files (x86)\iTunes
2013-05-01 09:18:30	--------	d-----w-	C:\Program Files (x86)\QuickTime
2013-04-17 15:56:40	--------	d-----w-	C:\Program Files (x86)\Mozilla Thunderbird
=======  =====
2013-05-14 14:18:37	DA13DDDB92EA6D267D9879F4F27F137E	7573	----a-w-	\AdwCleaner[S1].txt
====== C:\Users\Administrator\AppData\Roaming ======
2013-05-15 07:38:32	--------	d-----w-	C:\users\Administrator\AppData\Locallow\Sun
2013-05-14 10:21:28	--------	d-----w-	C:\users\Administrator\AppData\Local\Temp
2013-05-11 17:51:45	--------	d-----w-	C:\users\Sasha\AppData\Roaming\Media Mushroom Limited
2013-05-09 09:49:37	--------	d-----w-	C:\users\Sasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipswDownloader
2013-04-21 11:40:10	F2CA2FDD46962F324402C71D99A0E996	5632	----a-w-	C:\users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
====== C:\Users\Administrator ======
2013-05-11 17:57:09	--------	d-----w-	C:\Users\Sasha\MSYNC
2013-05-11 17:53:13	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Phone Sync
2013-05-01 09:26:51	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-05-01 09:25:59	--------	d-----w-	C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-01 09:18:33	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

====== C: exe-files ==
2013-05-15 09:29:30	CEA304830B4770BDA3572B87D0841848	775232	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 09:29:30	AAD90795E84E710543C6C7C2F7048E30	770608	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-14 19:25:27	C26BB2535C1B20DEAFAEB12634BF4DC9	781592	----a-w-	C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
2013-05-14 19:25:27	8F11F0321ED84B1533FC1384AC71AC8D	59784	----atw-	C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
2013-05-14 19:25:27	00F714CA28A01FACB709486D6DA306A8	59784	----atw-	C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
2013-05-14 19:25:21	76B35CB0F3A4E69D6DFF27F542B9F856	216968	----atw-	C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
2013-05-14 19:25:21	506708142BC63DABA64F2D3AD1DCD5BF	116648	----atw-	C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdate.exe
2013-05-14 19:25:21	4E252E85E5DC31BD645E809222AFAF27	287624	----atw-	C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
2013-05-14 19:25:20	C26BB2535C1B20DEAFAEB12634BF4DC9	781592	----a-w-	C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe
2013-05-09 09:49:37	BB5064687226107A4F60995FE083B370	53074	----a-w-	C:\Program Files (x86)\ipswDownloader\uninst.exe
=== C: other files ==
2013-05-16 07:30:16	9F73EAF81A9520320557D8ABC1707D76	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130516-Rainlendar2Backup.zip
2013-05-15 16:48:11	9839BA2BA95991F6E03FA19F968B532E	9252995	----a-w-	C:\Users\Sasha\Downloads\flash_player_android_v.11.1.115.54.zip
2013-05-15 15:40:48	AC760D43919B4CA9326F1B67BD615B6B	1825	----a-w-	C:\Users\Sasha\.rainlendar2\backups\20130515-Rainlendar2Backup.zip
2013-05-15 07:20:46	77DF435F8E45B1453E52EFE6CF0F83A4	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130515-Rainlendar2Backup.zip
2013-05-13 22:00:04	E746B4748057AAB661A6E8BE9E50223C	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130514-Rainlendar2Backup.zip
2013-05-12 22:00:00	B43A2DBCBC2D36CC138CDCF656ECFF2D	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130513-Rainlendar2Backup.zip
2013-05-11 22:00:00	280C1C5F44DC2328252C126B0BF2A891	1825	----a-w-	C:\Users\Sasha\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 22:00:00	09829C49058FD2DD40B741F2A7725832	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130512-Rainlendar2Backup.zip
2013-05-11 17:45:42	CB0B99F926B5EFBF08CEEEE672572E2B	1825	----a-w-	C:\Users\Sasha\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-11 09:43:52	9EF915D7E1DAA17409E4F2F59AD56423	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130511-Rainlendar2Backup.zip
2013-05-10 07:26:52	9FEEC725FB04DBB233B32282FBD9039D	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130510-Rainlendar2Backup.zip
2013-05-09 16:10:51	D1B8B1ED186473754F919BC2C13649AF	6645	----a-w-	C:\Users\Claudi\.rainlendar2\backups\20130509-Rainlendar2Backup.zip
2013-05-09 09:41:15	5D41C9C507D9959A28BFF50E708DE4B6	1825	----a-w-	C:\Users\Sasha\.rainlendar2\backups\20130509-Rainlendar2Backup.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe"
"cxrvtxxn"="C:\Users\Claudi\Zzrhrhb\tjfotxxn.exe"
"iuxksuul"="C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm\oqdfgrsuul.exe"

[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-500\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-500\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFPrint]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDFPrint"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF24\\pdf24.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMBVolumeWatcher"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PureSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PureSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\PureSync\\PureSyncTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpqtra08.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hp psc 2000 Series.lnk"
"backup"="C:\\Windows\\pss\\hp psc 2000 Series.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpobnz08.exe "
"item"="hp psc 2000 Series"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\Windows\\pss\\hpoddt01.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sasha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
"item"="OneNote 2010 Bildschirmausschnitt- und Startprogramm"
"path"="C:\\Users\\Sasha\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~2\\Office14\\ONENOTEM.EXE"


==== Startup Folders ======================

2013-02-20 09:57:58	1052	----a-w-	C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-01-06 22:01:14	1348	----a-w-	C:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 09:28]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04.01.2011 19:21]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zmz3mvt4.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\4f5d6fi7.Alte Lesezeichen
- Undetermined - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Undetermined - C:\Programme\Java\jre6\lib\deploy\jqs\ff
- Undetermined - C:\Programme\pdfforge Toolbar\FF
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\extension@virtusdesigns.com
- Undetermined - C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\CrystalFox_Qute@BigRedBrent
- Undetermined - C:\Dokumente und Einstellungen\Sasha\Anwendungsdaten\Mozilla\Firefox\Profiles\8wyuy6g3.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}

ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\sde4qaok.default
- HS-Fulda Theme - %ProfilePath%\extensions\{08198ea0-e430-11df-bccf-0800200c9a66}.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi

ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\bbpp8szj.default
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

ProfilePath: C:\Users\Sasha\AppData\Roaming\Mozilla\Firefox\Profiles\s90i49i6.Asus-Stuff
- Chromifox Basic - %ProfilePath%\extensions\chromifox@altmusictv.com
- CrystalFox Qute - %ProfilePath%\extensions\CrystalFox_Qute@BigRedBrent
- Virtus Search Opt-in - %ProfilePath%\extensions\extension@virtusdesigns.com
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Abaca classic - %ProfilePath%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
- Aero Fox Silver XL - %ProfilePath%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
- iFox Graphite - %ProfilePath%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
- Vista Nature - %ProfilePath%\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
- Miint - %ProfilePath%\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
- Stealthy - %ProfilePath%\extensions\stealthyextension@gmail.com.xpi
- Utopia FFSE White - %ProfilePath%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- FXChrome - %ProfilePath%\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== HijackThis Entries ======================

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118165l04f4z1m5v47422582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Report] \AdwCleaner[S1].txt
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2127498475-2954064385-2103805440-1003\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 Startup: Dropbox.lnk = Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 User Startup: Dropbox.lnk = Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Claudi')
O4 - S-1-5-21-2127498475-2954064385-2103805440-1003 User Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (User 'Claudi')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - hxxp://g80fw.dyndns.org:2018/nvEPLMedia.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
Report = \AdwCleaner[S1].txt [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
mwlDaemon = C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [Egis Technology Inc.]
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
ETDWare = C:\Program Files\Elantech\ETDCtrl.exe
Acer ePower Management = C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [Acer Incorporated]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [null data]
SuiteTray = "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [Egis Technology Inc.]
EgisUpdate = "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [Egis Technology Inc.]
EgisTecPMMUpdate = "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [Egis Technology Inc.]
BackupManagerTray = "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [NewTech Infosystems, Inc.]
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
LManager = C:\Program Files (x86)\Launch Manager\LManager.exe [Dritek System Inc.]
(Default) = (empty string) [file not found]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Safer-Networking Ltd.]
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

{89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update
                                      \StubPath  = regsvr32.exe /s /n /i:U shell32.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\

{89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update
                                      \StubPath  = regsvr32.exe /s /n /i:U shell32.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID-Anmelde-Hilfsprogramm
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Helper
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Notifier BHO
                   \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Notifier BHO
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
  -> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Spybot-S&D IE Protection
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [Safer-Networking Ltd.]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID-Anmelde-Hilfsprogramm
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Helper
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Notifier BHO
                   \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Notifier BHO
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

egisPSDP\(Default) = {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}
  -> {HKLM...CLSID} = DragDropProtect Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [Egis Technology Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

egisPSDP\(Default) = {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}
  -> {HKLM...Wow...CLSID} = DragDropProtect Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [Egis Technology Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} = eDS psd drag drop protection
  -> {HKLM...CLSID} = DragDropProtect Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [Egis Technology Inc.]

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
  -> {HKLM...CLSID} = DisplayCplExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
  -> {HKLM...CLSID} = Enterprise-Projekte
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{D1079645-619B-4D0B-8FD5-1008B95134E1} = PureSync Shell Extension
  -> {HKLM...CLSID} = PureSync Shell Extension Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell64.dll [Jumping Bytes]

{44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon64
  -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
                   \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  -> {HKLM...CLSID} = iTunes
                   \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} = eDS psd drag drop protection
  -> {HKLM...Wow...CLSID} = DragDropProtect Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [Egis Technology Inc.]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

{D1079645-619B-4D0B-8FD5-1008B95134E1} = PureSync Shell Extension
  -> {HKLM...Wow...CLSID} = PureSync Shell Extension Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell32.dll [Jumping Bytes]

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon32
  -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> BootExecute = autocheck autochk *| [file not found]|sdnclean64.exe [Safer Networking Limited]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
  -> {HKLM...CLSID} = eDSshlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [Egis Technology Inc.]
  -> {HKLM...Wow...CLSID} = eDSshlExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlshellext.dll [Egis Technology Inc.]

PureSync\(Default) = {D1079645-619B-4d0b-8FD5-1008B95134E1}
  -> {HKLM...CLSID} = PureSync Shell Extension Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell64.dll [Jumping Bytes]
  -> {HKLM...Wow...CLSID} = PureSync Shell Extension Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell32.dll [Jumping Bytes]

SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
  -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
                   \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
  -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
  -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
                   \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
  -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

ShredderContextMenu\(Default) = {521065F1-DE6C-4E46-BBCB-89B0D0BE860D}
  -> {HKLM...CLSID} = ShredContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [Egis Technology Inc.]
  -> {HKLM...Wow...CLSID} = ShredContextMenu Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x86\ShredderContextMenu.dll [Egis Technology Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
  -> {HKLM...CLSID} = eDSshlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [Egis Technology Inc.]
  -> {HKLM...Wow...CLSID} = eDSshlExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlshellext.dll [Egis Technology Inc.]

PureSync\(Default) = {D1079645-619B-4d0b-8FD5-1008B95134E1}
  -> {HKLM...CLSID} = PureSync Shell Extension Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell64.dll [Jumping Bytes]
  -> {HKLM...Wow...CLSID} = PureSync Shell Extension Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\PureSync\shellext\psshell32.dll [Jumping Bytes]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
  -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
                   \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
  -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC}
  -> {HKLM...CLSID} = Spybot-S&D Explorer Integration
                   \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.]
  -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\System32\Acer.scr [null data]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS3ImportMediaOnArrival\
Provider = Adobe Bridge CS3
InvokeProgID = Adobe.adobebridge
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C:\Program Files (x86)\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

CanonCWDCEventHandler\
Provider = Canon CameraWindow
ProgID = CwDC.AutoplayHandler
HKLM\SOFTWARE\Classes\CwDC.AutoplayHandler\CLSID\(Default) = {CB7F044B-4400-48a4-8FEF-23B8D0D986EC}
  -> {HKLM...CLSID} = Canon CameraWindow
                   \LocalServer32\(Default) = "C:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe" [CANON INC.]

CanonZB4PicturesOnArrival\
Provider = Canon ZoomBrowser EX
InvokeProgID = Zb.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Canon\ZoomBrowser EX MCU\MCULauncher.exe [null data]

CDBurnerXP\
Provider = CDBurnerXP
InvokeProgID = CDBurnerXPOpen
InvokeVerb = open
HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files\CDBurnerXP\cdbxpp.exe" /od "%1" [null data]

Fotoimport1320-38\
Provider = CEWE FOTOIMPORTER
InvokeProgID = Fotoimport1320-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoimport1320-38\shell\play\command\(Default) = "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOIMPORTER.exe" -startDirectory %1 [null data]

Fotoschau1320-38\
Provider = CEWE FOTOSCHAU
InvokeProgID = Fotoschau1320-38
InvokeVerb = play
HKLM\SOFTWARE\Classes\Fotoschau1320-38\shell\play\command\(Default) = "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d %1 [null data]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

NTIBurner\
Provider = NTI Media Maker
InvokeProgID = NTIBurnerOpen
InvokeVerb = open
HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files (x86)\NTI\NTI Media Maker 9\Launcher.exe" [null data]

PDVD9PlayCDAudioOnArrival\
Provider = PowerDVD 9
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

PDVD9PlayDVDMovieOnArrival\
Provider = PowerDVD 9
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

PDVD9PlaySVCDOnArrival\
Provider = PowerDVD 9
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

PDVD9PlayVCDMovieOnArrival\
Provider = PowerDVD 9
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe"  "%L" [CyberLink Corp.]

SonyPMBImportPicturesOnArrival\
Provider = PMB
InvokeProgID = SonyPMB.VolumeAutoPlay
InvokeVerb = launch
HKLM\SOFTWARE\Classes\SonyPMB.VolumeAutoPlay\shell\launch\command\(Default) = C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe /autoplay /path %1 [Sony Corporation]

SpybotScanFiles\
Provider = Spybot - Search & Destroy
InvokeProgID = SpybotFilesScanner
InvokeVerb = scanfiles
HKLM\SOFTWARE\Classes\SpybotFilesScanner\shell\scanfiles\command\(Default) = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe" [Safer-Networking Ltd.]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Hainsi-Sasha ->  launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
User_Feed_Synchronization-{4442C2EB-4F17-4641-B024-FA47B8AA3F3D} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
{02DC4BCB-13D4-4C80-893E-13F59A015B2A} ->  launches: "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/privacy?source=lightinstaller [Mozilla Corporation]
{1BE8E7B3-797B-425A-8FEE-6365602B7DD9} ->  launches: C:\Windows\system32\pcalua.exe -a C:\Users\Sasha\Desktop\No23Recorder.exe -d C:\Users\Sasha\Desktop [MS]
{8B01EDC9-1A5D-4FF5-A990-C2B293F897AE} ->  launches: C:\Windows\system32\pcalua.exe -a D:\install_spanisch.exe -d D:\ [MS]
{9131E624-BD8E-4EA2-A13A-0C69CA65C745} ->  launches: C:\Windows\system32\pcalua.exe -a D:\Programme\7Zip\7z465.exe -d D:\Programme\7Zip [MS]
{E15F1729-B598-47D6-A6D0-F5644C8AB36B} ->  launches: "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/privacy?source=lightinstaller [Mozilla Corporation]

C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate ->  launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy
Check for updates ->  launches: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe /autoupdate /silent /autoclose [Safer-Networking Ltd.]
Refresh immunization ->  launches: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe /immunize /silent /autoclose [Safer-Networking Ltd.]
Scan the system ->  launches: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe /scan /cleanclose [Safer-Networking Ltd.]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-2127498475-2954064385-2103805440-1003 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{2318C2B1-4965-11D4-9B18-009027A5CD4F}
  -> {HKLM...CLSID} = Google Toolbar
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM...Wow...CLSID} = Google Toolbar
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...CLSID} = Linked Notes button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...Wow...CLSID} = Linked Notes button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
MenuText = Spybot - Search && Destroy Configuration
CLSIDExtension = {53707962-6F74-2D53-2644-206D7942484F}
  -> {HKLM...Wow...CLSID} = Spybot-S&D IE Protection
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [Safer-Networking Ltd.]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acer ePower Service, ePowerSvc, C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [Acer Incorporated]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Avira Echtzeit Scanner, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Planer, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Dienst "Bonjour", Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.]
GREGService, GREGService, C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [Acer Incorporated]
HP CUE DeviceDiscovery Service, hpqddsvc, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]}
HP Network Devices Support, HPSLPSVC, C:\Windows\system32\svchost.exe -k HPService {C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL [Hewlett-Packard Co.]}
hpqcxs08, hpqcxs08, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]}
Intel(R) Management & Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod-Dienst, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
Microsoft .NET Framework NGEN v4.0.30319_X64, clr_optimization_v4.0.30319_64, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [MS]
Microsoft .NET Framework NGEN v4.0.30319_X86, clr_optimization_v4.0.30319_32, C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [MS]
Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]}
NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [NewTech Infosystems, Inc.]
PMBDeviceInfoProvider, PMBDeviceInfoProvider, "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [Sony Corporation]
Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]}
Spybot-S&D 2 Scanner Service, SDScannerService, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [Safer-Networking Ltd.]
Spybot-S&D 2 Security Center Service, SDWSCService, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [Safer-Networking Ltd.]
Spybot-S&D 2 Updating Service, SDUpdateService, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [Safer-Networking Ltd.]
Updater Service, Updater Service, C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Acer Group]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS, 

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MCODS, 


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpf3l101.dll\Driver = hpf3l101.dll [Hewlett-Packard Company]
LIDIL hpzlllhn\Driver = hpzlllhn.dll [Hewlett-Packard Company]
PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company]
pdfcmon\Driver = pdfcmon.dll [pdfforge GbR]
         

Alt 16.05.2013, 09:52   #14
smeenk
/// Malwareteam / Visitor
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm;f
    [HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Run];r
    "cxrvtxxn"=-;r
    C:\Users\Claudi\Zzrhrhb;f
    "iuxksuul"=-;r
    C:\Users\Administrator\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*;fs
    C:\Users\Claudi\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*;fs
    C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*;fs
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Der Problem mit den Firefox tritt diese auf bei alle User oder bei eine bestimmte User?

Alt 16.05.2013, 11:55   #15
Malwarto
 
Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Standard

Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes



Also bisher ist der Firefoxabsturz nur bei User Claudi aufgefallen. Die anderen User werden aber auch selten genutzt.

Hier der Zoeklog.

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Administrator on 16.05.2013 at 12:51:14,88.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results14.05.2013-1606.log	35080 bytes
C:\zoek-results14.05.2013-1610.log	485 bytes
C:\zoek-results16.05.2013-1011.log	94489 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2127498475-2954064385-2103805440-1003\Software\Microsoft\Windows\CurrentVersion\Run] 
"cxrvtxxn"=- 
"iuxksuul"=- 

==== Deleting Files \ Folders ======================

"C:\Users\Claudi\Zzrhrhb" not found 
"C:\Users\Administrator\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*" not found 
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0507975091.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0507975091.quar" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1786873297.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1786873297.quar" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8401147501.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8401147501.quar" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9125248524.data" deleted
"C:\Users\Sasha\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9125248524.quar" deleted
"C:\Users\Claudi\AppData\Local\Temp\Bbcpfwm" deleted
         

Antwort

Themen zu Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes
.dll, acer, administrator, antivir, autostart, avg, clean, desktop, explorer, free, google, home, iexplore.exe, mail, malware, malware bytes, modul, modzilla, neu, nt.dll, pmmupdate.exe, programm, prozesse, rechner, recycle.bin, registry, svchost.exe, trojan.fakenero.ed, trojaner, windows, zip-anhang, zip-anhang geöffnet



Ähnliche Themen: Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes


  1. Fake Inkasso Email mit Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (16)
  2. Zip Datei aus Inkasso-Mail am MAC geöffnet
    Alles rund um Mac OSX & Linux - 28.01.2015 (12)
  3. Amazon Inkasso Mail - zip-Datei geöffnet am IMAC
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (13)
  4. Amazon Inkasso - Anhang geöffnet
    Log-Analyse und Auswertung - 08.10.2014 (3)
  5. Amazon Inkasso Mail erhalten und zip datei geöffnet!!!
    Log-Analyse und Auswertung - 15.09.2014 (7)
  6. Amazon Inkasso Mail --> Chefin hat eventuell die Zip geöffnet
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (3)
  7. Vermeintliche Email von Inkasso PayPal:Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (28)
  8. Online Inkasso-Mail Anhang
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (5)
  9. Trojaner-Verdacht in E-Mail Anhang "Vertragliche Mahnung vom 13.05.2013 inkasso.com"
    Log-Analyse und Auswertung - 13.09.2013 (8)
  10. Windows Vista: Trojaner E-Mail Anhang geöffnet
    Log-Analyse und Auswertung - 16.08.2013 (9)
  11. inkasso mail mit anhang geöfnet
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (21)
  12. Inkasso-Mail: Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (3)
  13. Mail mit ZIP-Datei im Anhang geöffnet - Trojaner?
    Log-Analyse und Auswertung - 14.05.2013 (9)
  14. e-mail erhalten über eine angeblich Rechnung mit Mahnung u. drohung mit Inkasso u. datei anhang
    Log-Analyse und Auswertung - 14.03.2013 (5)
  15. Windows Verschlüsselungs-Trojaner - Spam Mail - Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (9)
  16. GMX Mail mit Anhang Rechnung geöffnet= Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (1)
  17. UPS-Mail Anhang geöffnet -> Verschiedene Trojaner auf Rechner
    Log-Analyse und Auswertung - 09.02.2010 (3)

Zum Thema Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes - Hallo, ich hatte gestern auch eine Mail mit einer Mahnung/Inkassoforderung im Postfach. Da sie meine Daten korrekt hatten war ich unsicher und hab die angebliche Rechnungsdatei im Zip-Format dann doch - Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes...
Archiv
Du betrachtest: Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.