Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System Care Antivirus kann nicht entfernt werden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.05.2013, 22:03   #1
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hallo! Mein Mann hat sich auf seinem Laptop dieses Fake-Anti-Virenprogramm eingefangen, welches ständig Warnmeldungen aufblinken lässt. Des Weiteren funktioniert firefox nur langsam oder gar nicht mehr. Deswegen benutze ich den Internet Explorer, auf dem wohl sehr viele toolbars installiert sind. Ich habe auf dem trojaner-board schon einen Beitrag gelesen und die vorgelschlagenen Scans durchgeführt, die ich unten poste. Des Weiteren habe ich defogger durchlaufen lassen. Dies war unauffällig. Danach habe ich OTL durchlaufen lassen, dies stürzte leider ab, genau an der Stelle wo die firefox-Dateien gescannt wurden. Danach habe ich avira deaktiviert und GMER scannen lassen. Dieses stürzte auch ab. Danach wollte ich avira wieder aktivieren. Dies funktionierte nicht.
Hier die Ergebnisse von malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.16.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Luce :: YT-1300 [administrator]

16.05.2013 19:34:58
mbar-log-2013-05-16 (19-34-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30730
Time elapsed: 1 hour(s), 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\$Recycle.Bin\S-1-5-21-3221331733-3512096612-1023093492-1002\$RMUJ44S.exe (Trojan.Zbot.ED) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3221331733-3512096612-1023093492-1002\$R7G6CCM\EE08215D7633C2570000EE073359C5DA.exe (Trojan.Zbot.ED) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3221331733-3512096612-1023093492-1002\$RNR04WX\EE08215D7633C2570000EE073359C5DA.exe (Trojan.Zbot.ED) -> Delete on reboot.
c:\Users\Luce\AppData\Local\Temp\A1E.tmp (Trojan.Zbot.ED) -> Delete on reboot.

(end)
         
Desweiteren aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-16 19:48:34
-----------------------------
19:48:34.189    OS Version: Windows x64 6.1.7601 Service Pack 1
19:48:34.189    Number of processors: 2 586 0x100
19:48:34.267    ComputerName: YT-1300  UserName: Luce
19:48:38.525    Initialize success
19:49:53.354    AVAST engine defs: 13051600
19:50:16.801    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:50:16.817    Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
19:50:17.051    Disk 0 MBR read successfully
19:50:17.051    Disk 0 MBR scan
19:50:17.113    Disk 0 Windows 7 default MBR code
19:50:17.144    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
19:50:17.191    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
19:50:17.207    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       289783 MB offset 31664128
19:50:17.347    Disk 0 scanning C:\Windows\system32\drivers
19:50:44.554    Service scanning
19:51:52.975    Modules scanning
19:51:52.991    Disk 0 trace - called modules:
19:51:53.069    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
19:51:53.085    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800246b060]
19:51:53.100    3 CLASSPNP.SYS[fffff880018da43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001f92610]
19:51:54.910    AVAST engine scan C:\Windows
19:51:59.746    AVAST engine scan C:\Windows\system32
20:00:03.253    AVAST engine scan C:\Windows\system32\drivers
20:00:43.080    AVAST engine scan C:\Users\Luce
21:55:00.226    Disk 0 MBR has been saved successfully to "C:\Users\Luce\Desktop\MBR.dat"
21:55:00.257    The log file has been saved successfully to "C:\Users\Luce\Desktop\aswMBR.txt"
         
und zuguter letzt:
Code:
ATTFilter
21:59:13.0086 5960  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:59:13.0664 5960  ============================================================
21:59:13.0664 5960  Current date / time: 2013/05/16 21:59:13.0664
21:59:13.0664 5960  SystemInfo:
21:59:13.0664 5960  
21:59:13.0664 5960  OS Version: 6.1.7601 ServicePack: 1.0
21:59:13.0664 5960  Product type: Workstation
21:59:13.0664 5960  ComputerName: YT-1300
21:59:13.0664 5960  UserName: Luce
21:59:13.0664 5960  Windows directory: C:\Windows
21:59:13.0664 5960  System windows directory: C:\Windows
21:59:13.0664 5960  Running under WOW64
21:59:13.0664 5960  Processor architecture: Intel x64
21:59:13.0664 5960  Number of processors: 2
21:59:13.0664 5960  Page size: 0x1000
21:59:13.0664 5960  Boot type: Normal boot
21:59:13.0664 5960  ============================================================
21:59:16.0425 5960  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:16.0440 5960  ============================================================
21:59:16.0440 5960  \Device\Harddisk0\DR0:
21:59:16.0440 5960  MBR partitions:
21:59:16.0440 5960  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
21:59:16.0440 5960  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
21:59:16.0440 5960  ============================================================
21:59:16.0503 5960  C: <-> \Device\Harddisk0\DR0\Partition2
21:59:16.0503 5960  ============================================================
21:59:16.0503 5960  Initialize success
21:59:16.0503 5960  ============================================================
21:59:32.0758 2908  ============================================================
21:59:32.0758 2908  Scan started
21:59:32.0758 2908  Mode: Manual; SigCheck; TDLFS; 
21:59:32.0758 2908  ============================================================
21:59:33.0803 2908  ================ Scan system memory ========================
21:59:33.0803 2908  System memory - ok
21:59:33.0803 2908  ================ Scan services =============================
21:59:34.0178 2908  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:59:34.0412 2908  1394ohci - ok
21:59:34.0505 2908  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:59:34.0552 2908  ACPI - ok
21:59:34.0646 2908  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:59:34.0833 2908  AcpiPmi - ok
21:59:35.0036 2908  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:59:35.0067 2908  AdobeARMservice - ok
21:59:35.0332 2908  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:59:35.0363 2908  AdobeFlashPlayerUpdateSvc - ok
21:59:35.0472 2908  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:59:35.0519 2908  adp94xx - ok
21:59:35.0550 2908  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:59:35.0597 2908  adpahci - ok
21:59:35.0675 2908  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:59:35.0706 2908  adpu320 - ok
21:59:35.0769 2908  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:59:36.0252 2908  AeLookupSvc - ok
21:59:36.0315 2908  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:59:36.0455 2908  AFD - ok
21:59:36.0518 2908  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:59:36.0549 2908  agp440 - ok
21:59:36.0642 2908  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:59:36.0736 2908  ALG - ok
21:59:36.0798 2908  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:59:36.0814 2908  aliide - ok
21:59:36.0923 2908  [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:59:37.0032 2908  AMD External Events Utility - ok
21:59:37.0157 2908  AMD FUEL Service - ok
21:59:37.0235 2908  [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
21:59:37.0251 2908  AMD Reservation Manager - ok
21:59:37.0313 2908  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:59:37.0344 2908  amdide - ok
21:59:37.0454 2908  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
21:59:37.0547 2908  amdiox64 - ok
21:59:37.0625 2908  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:59:37.0719 2908  AmdK8 - ok
21:59:38.0343 2908  [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:59:38.0702 2908  amdkmdag - ok
21:59:38.0780 2908  [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:59:38.0858 2908  amdkmdap - ok
21:59:38.0967 2908  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:59:39.0029 2908  AmdPPM - ok
21:59:39.0092 2908  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:59:39.0123 2908  amdsata - ok
21:59:39.0185 2908  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:59:39.0216 2908  amdsbs - ok
21:59:39.0248 2908  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:59:39.0279 2908  amdxata - ok
21:59:39.0497 2908  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:59:39.0528 2908  AntiVirSchedulerService - ok
21:59:39.0669 2908  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:59:39.0700 2908  AntiVirService - ok
21:59:39.0794 2908  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:59:40.0199 2908  AppID - ok
21:59:40.0277 2908  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:59:40.0355 2908  AppIDSvc - ok
21:59:40.0464 2908  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:59:40.0542 2908  Appinfo - ok
21:59:40.0620 2908  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:59:40.0636 2908  arc - ok
21:59:40.0683 2908  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:59:40.0698 2908  arcsas - ok
21:59:40.0730 2908  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:40.0839 2908  AsyncMac - ok
21:59:40.0917 2908  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:59:40.0948 2908  atapi - ok
21:59:41.0166 2908  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:59:41.0291 2908  athr - ok
21:59:41.0400 2908  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:59:41.0447 2908  AtiHDAudioService - ok
21:59:41.0588 2908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:59:41.0712 2908  AudioEndpointBuilder - ok
21:59:41.0775 2908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:59:41.0868 2908  AudioSrv - ok
21:59:42.0040 2908  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:59:42.0056 2908  avgntflt - ok
21:59:42.0180 2908  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:59:42.0227 2908  avipbb - ok
21:59:42.0336 2908  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:59:42.0399 2908  avkmgr - ok
21:59:42.0461 2908  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:59:42.0648 2908  AxInstSV - ok
21:59:42.0758 2908  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:59:42.0867 2908  b06bdrv - ok
21:59:42.0929 2908  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:43.0007 2908  b57nd60a - ok
21:59:43.0226 2908  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
21:59:43.0304 2908  BBSvc - ok
21:59:43.0366 2908  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
21:59:43.0397 2908  BBUpdate - ok
21:59:43.0491 2908  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:59:43.0631 2908  BDESVC - ok
21:59:43.0694 2908  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:59:43.0818 2908  Beep - ok
21:59:43.0943 2908  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:59:44.0068 2908  BFE - ok
21:59:44.0162 2908  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:59:44.0318 2908  BITS - ok
21:59:44.0411 2908  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:59:44.0489 2908  blbdrive - ok
21:59:44.0567 2908  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:59:44.0676 2908  bowser - ok
21:59:44.0723 2908  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:59:44.0864 2908  BrFiltLo - ok
21:59:44.0879 2908  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:59:44.0926 2908  BrFiltUp - ok
21:59:45.0004 2908  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:59:45.0098 2908  Browser - ok
21:59:45.0160 2908  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:59:45.0254 2908  Brserid - ok
21:59:45.0285 2908  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:45.0332 2908  BrSerWdm - ok
21:59:45.0363 2908  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:45.0425 2908  BrUsbMdm - ok
21:59:45.0472 2908  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:45.0519 2908  BrUsbSer - ok
21:59:45.0581 2908  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:59:45.0644 2908  BTHMODEM - ok
21:59:45.0753 2908  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:59:45.0846 2908  bthserv - ok
21:59:45.0893 2908  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:59:46.0018 2908  cdfs - ok
21:59:46.0080 2908  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:59:46.0127 2908  cdrom - ok
21:59:46.0221 2908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:59:46.0330 2908  CertPropSvc - ok
21:59:46.0377 2908  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:59:46.0470 2908  circlass - ok
21:59:46.0626 2908  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:59:46.0658 2908  CLFS - ok
21:59:46.0814 2908  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:46.0876 2908  clr_optimization_v2.0.50727_32 - ok
21:59:46.0985 2908  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:47.0032 2908  clr_optimization_v2.0.50727_64 - ok
21:59:47.0172 2908  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:47.0313 2908  clr_optimization_v4.0.30319_32 - ok
21:59:47.0422 2908  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:47.0453 2908  clr_optimization_v4.0.30319_64 - ok
21:59:47.0484 2908  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:47.0516 2908  CmBatt - ok
21:59:47.0531 2908  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:59:47.0562 2908  cmdide - ok
21:59:47.0594 2908  [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser      C:\Windows\system32\DRIVERS\cmnsusbser.sys
21:59:47.0687 2908  cmnsusbser - ok
21:59:47.0781 2908  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:59:47.0859 2908  CNG - ok
21:59:48.0062 2908  [ 78AC76700D37A98B5BADB19D57301BD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:59:48.0124 2908  CnxtHdAudService - ok
21:59:48.0202 2908  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:59:48.0218 2908  Compbatt - ok
21:59:48.0280 2908  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:59:48.0358 2908  CompositeBus - ok
21:59:48.0374 2908  COMSysApp - ok
21:59:48.0436 2908  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:59:48.0452 2908  crcdisk - ok
21:59:48.0514 2908  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:59:48.0623 2908  CryptSvc - ok
21:59:48.0842 2908  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:59:48.0904 2908  cvhsvc - ok
21:59:48.0998 2908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:59:49.0091 2908  DcomLaunch - ok
21:59:49.0200 2908  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:59:49.0310 2908  defragsvc - ok
21:59:49.0388 2908  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:59:49.0497 2908  DfsC - ok
21:59:49.0575 2908  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:59:49.0700 2908  Dhcp - ok
21:59:49.0778 2908  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:59:49.0871 2908  discache - ok
21:59:49.0918 2908  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:59:49.0934 2908  Disk - ok
21:59:50.0027 2908  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:59:50.0105 2908  Dnscache - ok
21:59:50.0183 2908  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:59:50.0261 2908  dot3svc - ok
21:59:50.0292 2908  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:59:50.0386 2908  DPS - ok
21:59:50.0495 2908  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:59:50.0558 2908  drmkaud - ok
21:59:50.0714 2908  [ 53E4843E1CD3653E665DAA32241F8F8B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:59:50.0745 2908  DsiWMIService - ok
21:59:50.0870 2908  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:59:50.0932 2908  DXGKrnl - ok
21:59:51.0041 2908  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:59:51.0166 2908  EapHost - ok
21:59:51.0478 2908  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:59:51.0712 2908  ebdrv - ok
21:59:51.0774 2908  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:59:51.0915 2908  EFS - ok
21:59:52.0040 2908  [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
21:59:52.0118 2908  EgisTec Ticket Service - ok
21:59:52.0336 2908  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:59:52.0445 2908  ehRecvr - ok
21:59:52.0492 2908  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:59:52.0617 2908  ehSched - ok
21:59:52.0664 2908  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:59:52.0710 2908  elxstor - ok
21:59:52.0898 2908  [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:59:52.0944 2908  ePowerSvc - ok
21:59:53.0054 2908  [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
21:59:53.0085 2908  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
21:59:53.0085 2908  EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
21:59:53.0147 2908  [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:59:53.0178 2908  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
21:59:53.0178 2908  EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
21:59:53.0241 2908  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:59:53.0272 2908  ErrDev - ok
21:59:53.0412 2908  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:59:53.0522 2908  EventSystem - ok
21:59:53.0600 2908  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:59:53.0693 2908  exfat - ok
21:59:53.0787 2908  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:59:53.0880 2908  fastfat - ok
21:59:54.0052 2908  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:59:54.0239 2908  Fax - ok
21:59:54.0286 2908  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:59:54.0333 2908  fdc - ok
21:59:54.0395 2908  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:59:54.0489 2908  fdPHost - ok
21:59:54.0520 2908  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:59:54.0645 2908  FDResPub - ok
21:59:54.0723 2908  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:59:54.0754 2908  FileInfo - ok
21:59:54.0785 2908  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:59:54.0941 2908  Filetrace - ok
21:59:55.0066 2908  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:59:55.0222 2908  FLEXnet Licensing Service - ok
21:59:55.0284 2908  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:59:55.0331 2908  flpydisk - ok
21:59:55.0362 2908  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:59:55.0394 2908  FltMgr - ok
21:59:55.0581 2908  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:59:55.0737 2908  FontCache - ok
21:59:55.0893 2908  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:59:55.0908 2908  FontCache3.0.0.0 - ok
21:59:56.0002 2908  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:59:56.0018 2908  FsDepends - ok
21:59:56.0096 2908  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:59:56.0142 2908  Fs_Rec - ok
21:59:56.0220 2908  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:59:56.0267 2908  fvevol - ok
21:59:56.0298 2908  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:59:56.0345 2908  gagp30kx - ok
21:59:56.0470 2908  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:59:56.0595 2908  gpsvc - ok
21:59:56.0735 2908  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:59:56.0766 2908  GREGService - ok
21:59:56.0922 2908  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:56.0969 2908  gupdate - ok
21:59:57.0032 2908  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:57.0047 2908  gupdatem - ok
21:59:57.0094 2908  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:59:57.0266 2908  hcw85cir - ok
21:59:57.0375 2908  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:59:57.0453 2908  HdAudAddService - ok
21:59:57.0546 2908  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:59:57.0624 2908  HDAudBus - ok
21:59:57.0687 2908  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:59:57.0765 2908  HidBatt - ok
21:59:57.0796 2908  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:59:57.0858 2908  HidBth - ok
21:59:57.0952 2908  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:59:58.0014 2908  HidIr - ok
21:59:58.0061 2908  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:59:58.0155 2908  hidserv - ok
21:59:58.0248 2908  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:59:58.0280 2908  HidUsb - ok
21:59:58.0326 2908  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:59:58.0436 2908  hkmsvc - ok
21:59:58.0560 2908  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:59:58.0701 2908  HomeGroupListener - ok
21:59:58.0763 2908  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:59:58.0841 2908  HomeGroupProvider - ok
21:59:58.0888 2908  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:59:58.0935 2908  HpSAMD - ok
21:59:59.0028 2908  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:59:59.0138 2908  HTTP - ok
21:59:59.0184 2908  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:59:59.0216 2908  hwpolicy - ok
21:59:59.0294 2908  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:59:59.0340 2908  i8042prt - ok
21:59:59.0434 2908  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:59:59.0481 2908  iaStorV - ok
21:59:59.0574 2908  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:59:59.0684 2908  idsvc - ok
21:59:59.0730 2908  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:59:59.0746 2908  iirsp - ok
21:59:59.0824 2908  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:59:59.0949 2908  IKEEXT - ok
22:00:00.0011 2908  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:00:00.0027 2908  intelide - ok
22:00:00.0136 2908  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:00:00.0183 2908  intelppm - ok
22:00:00.0245 2908  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:00:00.0354 2908  IPBusEnum - ok
22:00:00.0464 2908  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:00.0542 2908  IpFilterDriver - ok
22:00:00.0713 2908  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:00:00.0869 2908  iphlpsvc - ok
22:00:00.0916 2908  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:00:00.0978 2908  IPMIDRV - ok
22:00:01.0056 2908  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:00:01.0150 2908  IPNAT - ok
22:00:01.0197 2908  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:00:01.0384 2908  IRENUM - ok
22:00:01.0478 2908  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:00:01.0509 2908  isapnp - ok
22:00:01.0556 2908  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:00:01.0602 2908  iScsiPrt - ok
22:00:01.0680 2908  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:00:01.0727 2908  kbdclass - ok
22:00:01.0821 2908  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:00:01.0868 2908  kbdhid - ok
22:00:01.0930 2908  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:00:01.0961 2908  KeyIso - ok
22:00:02.0024 2908  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:00:02.0055 2908  KSecDD - ok
22:00:02.0117 2908  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:00:02.0164 2908  KSecPkg - ok
22:00:02.0226 2908  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:00:02.0304 2908  ksthunk - ok
22:00:02.0367 2908  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:00:02.0460 2908  KtmRm - ok
22:00:02.0554 2908  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:00:02.0601 2908  L1C - ok
22:00:02.0694 2908  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:00:02.0788 2908  LanmanServer - ok
22:00:02.0850 2908  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:00:02.0960 2908  LanmanWorkstation - ok
22:00:03.0038 2908  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:00:03.0131 2908  lltdio - ok
22:00:03.0194 2908  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:00:03.0287 2908  lltdsvc - ok
22:00:03.0350 2908  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:00:03.0459 2908  lmhosts - ok
22:00:03.0506 2908  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:00:03.0537 2908  LSI_FC - ok
22:00:03.0584 2908  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:00:03.0615 2908  LSI_SAS - ok
22:00:03.0646 2908  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:00:03.0693 2908  LSI_SAS2 - ok
22:00:03.0802 2908  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:00:03.0849 2908  LSI_SCSI - ok
22:00:03.0880 2908  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:00:03.0974 2908  luafv - ok
22:00:04.0130 2908  [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
22:00:04.0161 2908  McAfee SiteAdvisor Service - ok
22:00:04.0395 2908  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
22:00:04.0504 2908  McComponentHostService - ok
22:00:04.0566 2908  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:00:04.0660 2908  Mcx2Svc - ok
22:00:04.0754 2908  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:00:04.0785 2908  megasas - ok
22:00:04.0894 2908  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:00:04.0941 2908  MegaSR - ok
22:00:05.0112 2908  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:00:05.0190 2908  Microsoft Office Groove Audit Service - ok
22:00:05.0268 2908  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:00:05.0378 2908  MMCSS - ok
22:00:05.0409 2908  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:00:05.0502 2908  Modem - ok
22:00:05.0549 2908  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:00:05.0596 2908  monitor - ok
22:00:05.0674 2908  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:00:05.0721 2908  mouclass - ok
22:00:05.0783 2908  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:00:05.0846 2908  mouhid - ok
22:00:05.0939 2908  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:00:05.0986 2908  mountmgr - ok
22:00:06.0204 2908  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:00:06.0267 2908  MozillaMaintenance - ok
22:00:06.0298 2908  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:00:06.0314 2908  mpio - ok
22:00:06.0392 2908  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:00:06.0485 2908  mpsdrv - ok
22:00:06.0594 2908  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:00:06.0704 2908  MpsSvc - ok
22:00:06.0750 2908  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:00:06.0797 2908  MRxDAV - ok
22:00:06.0844 2908  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:06.0984 2908  mrxsmb - ok
22:00:07.0078 2908  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:07.0125 2908  mrxsmb10 - ok
22:00:07.0172 2908  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:07.0234 2908  mrxsmb20 - ok
22:00:07.0296 2908  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:00:07.0328 2908  msahci - ok
22:00:07.0390 2908  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:00:07.0437 2908  msdsm - ok
22:00:07.0452 2908  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:00:07.0515 2908  MSDTC - ok
22:00:07.0593 2908  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:00:07.0671 2908  Msfs - ok
22:00:07.0702 2908  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:00:07.0796 2908  mshidkmdf - ok
22:00:07.0858 2908  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:00:07.0889 2908  msisadrv - ok
22:00:07.0952 2908  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:00:08.0092 2908  MSiSCSI - ok
22:00:08.0092 2908  msiserver - ok
22:00:08.0170 2908  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:00:08.0248 2908  MSKSSRV - ok
22:00:08.0310 2908  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:08.0404 2908  MSPCLOCK - ok
22:00:08.0466 2908  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:00:08.0544 2908  MSPQM - ok
22:00:08.0607 2908  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:00:08.0638 2908  MsRPC - ok
22:00:08.0700 2908  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:00:08.0716 2908  mssmbios - ok
22:00:08.0778 2908  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:00:08.0888 2908  MSTEE - ok
22:00:08.0966 2908  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:00:09.0012 2908  MTConfig - ok
22:00:09.0044 2908  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:00:09.0075 2908  Mup - ok
22:00:09.0106 2908  [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:00:09.0153 2908  mwlPSDFilter - ok
22:00:09.0184 2908  [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:00:09.0215 2908  mwlPSDNServ - ok
22:00:09.0262 2908  [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:00:09.0278 2908  mwlPSDVDisk - ok
22:00:09.0356 2908  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:00:09.0465 2908  napagent - ok
22:00:09.0590 2908  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:00:09.0668 2908  NativeWifiP - ok
22:00:09.0792 2908  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
22:00:09.0855 2908  NAUpdate - ok
22:00:09.0964 2908  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:00:10.0011 2908  NDIS - ok
22:00:10.0089 2908  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:10.0198 2908  NdisCap - ok
22:00:10.0276 2908  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:10.0370 2908  NdisTapi - ok
22:00:10.0448 2908  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:10.0557 2908  Ndisuio - ok
22:00:10.0635 2908  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:10.0760 2908  NdisWan - ok
22:00:10.0806 2908  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:00:10.0900 2908  NDProxy - ok
22:00:10.0962 2908  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:00:11.0040 2908  NetBIOS - ok
22:00:11.0103 2908  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:00:11.0181 2908  NetBT - ok
22:00:11.0228 2908  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:00:11.0290 2908  Netlogon - ok
22:00:11.0352 2908  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:00:11.0462 2908  Netman - ok
22:00:11.0524 2908  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:00:11.0633 2908  netprofm - ok
22:00:11.0664 2908  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:11.0774 2908  NetTcpPortSharing - ok
22:00:11.0820 2908  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:00:11.0836 2908  nfrd960 - ok
22:00:11.0883 2908  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:00:11.0930 2908  NlaSvc - ok
22:00:11.0992 2908  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:00:12.0086 2908  Npfs - ok
22:00:12.0148 2908  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:00:12.0242 2908  nsi - ok
22:00:12.0304 2908  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:00:12.0398 2908  nsiproxy - ok
22:00:12.0554 2908  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:00:12.0632 2908  Ntfs - ok
22:00:12.0788 2908  [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
22:00:12.0819 2908  NTI IScheduleSvc - ok
22:00:12.0881 2908  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
22:00:12.0897 2908  NTIDrvr - ok
22:00:12.0944 2908  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:00:13.0037 2908  Null - ok
22:00:13.0115 2908  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:00:13.0146 2908  nvraid - ok
22:00:13.0209 2908  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:00:13.0240 2908  nvstor - ok
22:00:13.0334 2908  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:00:13.0365 2908  nv_agp - ok
22:00:13.0490 2908  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:00:13.0568 2908  odserv - ok
22:00:13.0661 2908  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:00:13.0692 2908  ohci1394 - ok
22:00:13.0802 2908  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:13.0864 2908  ose - ok
22:00:14.0207 2908  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:00:14.0597 2908  osppsvc - ok
22:00:14.0675 2908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:00:14.0769 2908  p2pimsvc - ok
22:00:14.0847 2908  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:00:14.0940 2908  p2psvc - ok
22:00:14.0987 2908  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:00:15.0018 2908  Parport - ok
22:00:15.0065 2908  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:00:15.0096 2908  partmgr - ok
22:00:15.0206 2908  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:00:15.0268 2908  PcaSvc - ok
22:00:15.0315 2908  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:00:15.0346 2908  pci - ok
22:00:15.0393 2908  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:00:15.0408 2908  pciide - ok
22:00:15.0440 2908  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:00:15.0471 2908  pcmcia - ok
22:00:15.0502 2908  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:00:15.0533 2908  pcw - ok
22:00:15.0674 2908  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:00:15.0767 2908  PEAUTH - ok
22:00:16.0064 2908  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:00:16.0142 2908  PerfHost - ok
22:00:16.0298 2908  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:00:16.0422 2908  pla - ok
22:00:16.0610 2908  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:00:16.0734 2908  PlugPlay - ok
22:00:16.0797 2908  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:00:16.0828 2908  PNRPAutoReg - ok
22:00:16.0859 2908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:00:16.0890 2908  PNRPsvc - ok
22:00:16.0984 2908  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:00:17.0109 2908  PolicyAgent - ok
22:00:17.0187 2908  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:00:17.0280 2908  Power - ok
22:00:17.0358 2908  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:00:17.0452 2908  PptpMiniport - ok
22:00:17.0499 2908  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:00:17.0546 2908  Processor - ok
22:00:17.0655 2908  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:00:17.0733 2908  ProfSvc - ok
22:00:17.0764 2908  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:00:17.0795 2908  ProtectedStorage - ok
22:00:17.0858 2908  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:00:17.0967 2908  Psched - ok
22:00:18.0138 2908  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:00:18.0216 2908  ql2300 - ok
22:00:18.0310 2908  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:00:18.0341 2908  ql40xx - ok
22:00:18.0404 2908  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:00:18.0450 2908  QWAVE - ok
22:00:18.0482 2908  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:00:18.0513 2908  QWAVEdrv - ok
22:00:18.0544 2908  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:00:18.0638 2908  RasAcd - ok
22:00:18.0731 2908  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:00:18.0825 2908  RasAgileVpn - ok
22:00:18.0872 2908  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:00:18.0981 2908  RasAuto - ok
22:00:19.0074 2908  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:00:19.0152 2908  Rasl2tp - ok
22:00:19.0277 2908  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:00:19.0386 2908  RasMan - ok
22:00:19.0480 2908  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:00:19.0558 2908  RasPppoe - ok
22:00:19.0605 2908  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:00:19.0714 2908  RasSstp - ok
22:00:19.0792 2908  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:00:19.0901 2908  rdbss - ok
22:00:19.0948 2908  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:00:19.0995 2908  rdpbus - ok
22:00:20.0073 2908  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:00:20.0166 2908  RDPCDD - ok
22:00:20.0244 2908  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:00:20.0338 2908  RDPENCDD - ok
22:00:20.0400 2908  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:00:20.0494 2908  RDPREFMP - ok
22:00:20.0525 2908  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:00:20.0603 2908  RDPWD - ok
22:00:20.0681 2908  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:00:20.0712 2908  rdyboost - ok
22:00:20.0759 2908  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:00:20.0853 2908  RemoteAccess - ok
22:00:20.0900 2908  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:00:21.0009 2908  RemoteRegistry - ok
22:00:21.0056 2908  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:00:21.0149 2908  RpcEptMapper - ok
22:00:21.0196 2908  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:00:21.0227 2908  RpcLocator - ok
22:00:21.0290 2908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:00:21.0368 2908  RpcSs - ok
22:00:21.0461 2908  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:00:21.0555 2908  rspndr - ok
22:00:21.0664 2908  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
22:00:21.0695 2908  RSUSBSTOR - ok
22:00:21.0711 2908  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:00:21.0758 2908  SamSs - ok
22:00:21.0820 2908  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:00:21.0851 2908  sbp2port - ok
22:00:21.0914 2908  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:00:22.0023 2908  SCardSvr - ok
22:00:22.0116 2908  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:00:22.0179 2908  scfilter - ok
22:00:22.0304 2908  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:00:22.0413 2908  Schedule - ok
22:00:22.0460 2908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:00:22.0522 2908  SCPolicySvc - ok
22:00:22.0553 2908  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:00:22.0662 2908  SDRSVC - ok
22:00:22.0928 2908  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
22:00:22.0959 2908  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
22:00:22.0959 2908  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
22:00:23.0037 2908  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:00:23.0130 2908  secdrv - ok
22:00:23.0177 2908  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:00:23.0271 2908  seclogon - ok
22:00:23.0302 2908  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:00:23.0396 2908  SENS - ok
22:00:23.0427 2908  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:00:23.0520 2908  SensrSvc - ok
22:00:23.0536 2908  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:00:23.0614 2908  Serenum - ok
22:00:23.0661 2908  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:00:23.0708 2908  Serial - ok
22:00:23.0786 2908  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:00:23.0801 2908  sermouse - ok
22:00:23.0879 2908  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:00:23.0988 2908  SessionEnv - ok
22:00:24.0020 2908  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:00:24.0113 2908  sffdisk - ok
22:00:24.0144 2908  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:00:24.0207 2908  sffp_mmc - ok
22:00:24.0222 2908  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:00:24.0269 2908  sffp_sd - ok
22:00:24.0316 2908  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:00:24.0378 2908  sfloppy - ok
22:00:24.0503 2908  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:00:24.0550 2908  Sftfs - ok
22:00:24.0690 2908  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:00:24.0737 2908  sftlist - ok
22:00:24.0800 2908  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:00:24.0831 2908  Sftplay - ok
22:00:24.0846 2908  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:00:24.0878 2908  Sftredir - ok
22:00:24.0909 2908  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:00:24.0924 2908  Sftvol - ok
22:00:24.0971 2908  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:00:25.0002 2908  sftvsa - ok
22:00:25.0096 2908  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:00:25.0205 2908  SharedAccess - ok
22:00:25.0330 2908  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:00:25.0439 2908  ShellHWDetection - ok
22:00:25.0486 2908  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:00:25.0533 2908  SiSRaid2 - ok
22:00:25.0533 2908  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:00:25.0564 2908  SiSRaid4 - ok
22:00:25.0720 2908  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:00:25.0923 2908  SkypeUpdate - ok
22:00:26.0001 2908  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:00:26.0094 2908  Smb - ok
22:00:26.0188 2908  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:00:26.0235 2908  SNMPTRAP - ok
22:00:26.0282 2908  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:00:26.0313 2908  spldr - ok
22:00:26.0406 2908  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:00:26.0531 2908  Spooler - ok
22:00:26.0781 2908  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:00:26.0999 2908  sppsvc - ok
22:00:27.0062 2908  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:00:27.0171 2908  sppuinotify - ok
22:00:27.0249 2908  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:00:27.0358 2908  srv - ok
22:00:27.0436 2908  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:00:27.0498 2908  srv2 - ok
22:00:27.0530 2908  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:00:27.0592 2908  srvnet - ok
22:00:27.0654 2908  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:00:27.0764 2908  SSDPSRV - ok
22:00:27.0795 2908  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:00:27.0873 2908  SstpSvc - ok
22:00:27.0920 2908  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:00:27.0935 2908  stexstor - ok
22:00:28.0029 2908  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:00:28.0107 2908  stisvc - ok
22:00:28.0138 2908  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:00:28.0185 2908  swenum - ok
22:00:28.0247 2908  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:00:28.0325 2908  swprv - ok
22:00:28.0590 2908  [ EF51B22706DB03F0857FADE127C804EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:00:28.0668 2908  SynTP - ok
22:00:28.0840 2908  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:00:28.0934 2908  SysMain - ok
22:00:28.0996 2908  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:00:29.0043 2908  TabletInputService - ok
22:00:29.0090 2908  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:00:29.0183 2908  TapiSrv - ok
22:00:29.0230 2908  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:00:29.0308 2908  TBS - ok
22:00:29.0604 2908  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:00:29.0729 2908  Tcpip - ok
22:00:29.0870 2908  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:00:29.0948 2908  TCPIP6 - ok
22:00:29.0994 2908  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:00:30.0026 2908  tcpipreg - ok
22:00:30.0104 2908  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:00:30.0197 2908  TDPIPE - ok
22:00:30.0228 2908  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:00:30.0291 2908  TDTCP - ok
22:00:30.0384 2908  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:00:30.0494 2908  tdx - ok
22:00:30.0525 2908  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:00:30.0572 2908  TermDD - ok
22:00:30.0665 2908  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:00:30.0774 2908  TermService - ok
22:00:30.0837 2908  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:00:30.0868 2908  Themes - ok
22:00:30.0930 2908  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:00:30.0993 2908  THREADORDER - ok
22:00:31.0133 2908  [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
22:00:31.0180 2908  TomTomHOMEService - ok
22:00:31.0211 2908  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:00:31.0305 2908  TrkWks - ok
22:00:31.0398 2908  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:00:31.0508 2908  TrustedInstaller - ok
22:00:31.0586 2908  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:31.0664 2908  tssecsrv - ok
22:00:31.0710 2908  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:00:31.0851 2908  TsUsbFlt - ok
22:00:31.0913 2908  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:00:32.0007 2908  tunnel - ok
22:00:32.0054 2908  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:00:32.0100 2908  uagp35 - ok
22:00:32.0116 2908  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:00:32.0178 2908  UBHelper - ok
22:00:32.0241 2908  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:00:32.0334 2908  udfs - ok
22:00:32.0397 2908  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:00:32.0444 2908  UI0Detect - ok
22:00:32.0490 2908  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:00:32.0522 2908  uliagpkx - ok
22:00:32.0600 2908  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:00:32.0646 2908  umbus - ok
22:00:32.0740 2908  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:00:32.0771 2908  UmPass - ok
22:00:32.0880 2908  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:00:32.0927 2908  Updater Service - ok
22:00:33.0021 2908  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:00:33.0146 2908  upnphost - ok
22:00:33.0192 2908  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:33.0255 2908  usbccgp - ok
22:00:33.0333 2908  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:00:33.0395 2908  usbcir - ok
22:00:33.0426 2908  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:00:33.0473 2908  usbehci - ok
22:00:33.0536 2908  [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:00:33.0567 2908  usbfilter - ok
22:00:33.0614 2908  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:00:33.0660 2908  usbhub - ok
22:00:33.0707 2908  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:00:33.0754 2908  usbohci - ok
22:00:33.0816 2908  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:00:33.0863 2908  usbprint - ok
22:00:33.0926 2908  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:00:33.0988 2908  usbscan - ok
22:00:34.0019 2908  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:34.0128 2908  USBSTOR - ok
22:00:34.0191 2908  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:00:34.0222 2908  usbuhci - ok
22:00:34.0316 2908  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:00:34.0409 2908  usbvideo - ok
22:00:34.0456 2908  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:00:34.0565 2908  UxSms - ok
22:00:34.0596 2908  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:00:34.0643 2908  VaultSvc - ok
22:00:34.0721 2908  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:00:34.0737 2908  vdrvroot - ok
22:00:34.0830 2908  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:00:34.0940 2908  vds - ok
22:00:35.0033 2908  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:35.0064 2908  vga - ok
22:00:35.0096 2908  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:00:35.0174 2908  VgaSave - ok
22:00:35.0236 2908  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:00:35.0283 2908  vhdmp - ok
22:00:35.0330 2908  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:00:35.0345 2908  viaide - ok
22:00:35.0361 2908  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:00:35.0392 2908  volmgr - ok
22:00:35.0454 2908  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:00:35.0501 2908  volmgrx - ok
22:00:35.0564 2908  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:00:35.0610 2908  volsnap - ok
22:00:35.0642 2908  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:00:35.0673 2908  vsmraid - ok
22:00:35.0845 2908  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:00:36.0016 2908  VSS - ok
22:00:36.0032 2908  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:36.0094 2908  vwifibus - ok
22:00:36.0157 2908  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:36.0203 2908  vwififlt - ok
22:00:36.0266 2908  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:00:36.0375 2908  W32Time - ok
22:00:36.0437 2908  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:00:36.0469 2908  WacomPen - ok
22:00:36.0593 2908  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:00:36.0671 2908  WANARP - ok
22:00:36.0687 2908  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:00:36.0765 2908  Wanarpv6 - ok
22:00:36.0890 2908  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:00:37.0093 2908  wbengine - ok
22:00:37.0155 2908  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:00:37.0217 2908  WbioSrvc - ok
22:00:37.0280 2908  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:00:37.0358 2908  wcncsvc - ok
22:00:37.0405 2908  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:00:37.0529 2908  WcsPlugInService - ok
22:00:37.0576 2908  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:00:37.0607 2908  Wd - ok
22:00:37.0701 2908  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:00:37.0748 2908  Wdf01000 - ok
22:00:37.0841 2908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:00:37.0997 2908  WdiServiceHost - ok
22:00:38.0044 2908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:00:38.0075 2908  WdiSystemHost - ok
22:00:38.0122 2908  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:00:38.0169 2908  WebClient - ok
22:00:38.0231 2908  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:00:38.0341 2908  Wecsvc - ok
22:00:38.0372 2908  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:00:38.0481 2908  wercplsupport - ok
22:00:38.0559 2908  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:00:38.0653 2908  WerSvc - ok
22:00:38.0715 2908  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:38.0793 2908  WfpLwf - ok
22:00:38.0871 2908  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:00:38.0902 2908  WIMMount - ok
22:00:38.0949 2908  WinDefend - ok
22:00:38.0965 2908  WinHttpAutoProxySvc - ok
22:00:39.0105 2908  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:00:39.0230 2908  Winmgmt - ok
22:00:39.0401 2908  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:00:39.0542 2908  WinRM - ok
22:00:39.0635 2908  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:00:39.0667 2908  WinUsb - ok
22:00:39.0745 2908  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:00:39.0807 2908  Wlansvc - ok
22:00:39.0916 2908  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:00:39.0947 2908  wlcrasvc - ok
22:00:40.0213 2908  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:00:40.0322 2908  wlidsvc - ok
22:00:40.0400 2908  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:00:40.0431 2908  WmiAcpi - ok
22:00:40.0478 2908  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:00:40.0571 2908  wmiApSrv - ok
22:00:40.0618 2908  WMPNetworkSvc - ok
22:00:40.0665 2908  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:00:40.0743 2908  WPCSvc - ok
22:00:40.0805 2908  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:00:40.0899 2908  WPDBusEnum - ok
22:00:40.0961 2908  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:00:41.0055 2908  ws2ifsl - ok
22:00:41.0102 2908  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:00:41.0195 2908  wscsvc - ok
22:00:41.0211 2908  WSearch - ok
22:00:41.0336 2908  [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService      C:\Program Files (x86)\XSManager\WTGService.exe
22:00:41.0414 2908  WTGService - ok
22:00:41.0617 2908  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:00:41.0757 2908  wuauserv - ok
22:00:41.0804 2908  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:00:41.0913 2908  WudfPf - ok
22:00:41.0975 2908  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:42.0022 2908  WUDFRd - ok
22:00:42.0069 2908  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:00:42.0116 2908  wudfsvc - ok
22:00:42.0163 2908  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:00:42.0272 2908  WwanSvc - ok
22:00:42.0381 2908  [ 1EA18D9ADA8FE282D7B5822F1BD05E8F ] XS Stick Service C:\Windows\service4g.exe
22:00:42.0443 2908  XS Stick Service - ok
22:00:42.0475 2908  ================ Scan global ===============================
22:00:42.0677 2908  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:00:42.0755 2908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:00:42.0771 2908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:00:42.0833 2908  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:00:42.0896 2908  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:00:42.0911 2908  [Global] - ok
22:00:42.0911 2908  ================ Scan MBR ==================================
22:00:42.0943 2908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:00:43.0364 2908  \Device\Harddisk0\DR0 - ok
22:00:43.0364 2908  ================ Scan VBR ==================================
22:00:43.0411 2908  [ 9460FE28809EDF7D19847A35F600938C ] \Device\Harddisk0\DR0\Partition1
22:00:43.0411 2908  \Device\Harddisk0\DR0\Partition1 - ok
22:00:43.0426 2908  [ 9AFE4A64667342448CB3130EEFE84CD4 ] \Device\Harddisk0\DR0\Partition2
22:00:43.0426 2908  \Device\Harddisk0\DR0\Partition2 - ok
22:00:43.0442 2908  ============================================================
22:00:43.0442 2908  Scan finished
22:00:43.0442 2908  ============================================================
22:00:43.0457 5456  Detected object count: 3
22:00:43.0457 5456  Actual detected object count: 3
22:01:09.0010 5456  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:01:09.0010 5456  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:01:09.0010 5456  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:01:09.0010 5456  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:01:09.0026 5456  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
22:01:09.0026 5456  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:03:08.0136 4188  Deinitialize success
         
Ich hoffe, dass dies euch etwas sagt und hoffe auf schnelle Hilfe,
Danke schon mal...

Alt 16.05.2013, 22:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 17.05.2013, 09:23   #3
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hallo! Vielen Dank für die schnelle Antwort. Ich habe sie gestern leider nicht mehr gelesen. Habe den Scan noch einmal mit deinen Angaben durchgeführt. Der Scan stockte zwar wieder eine viertel Stunde bei firefox-settings (keine Rückmeldung), aber dann ist es doch durchgelaufen:
Code:
ATTFilter
OTL logfile created on: 17.05.2013 09:34:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Luce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 0,52 Gb Available Physical Memory | 29,97% Memory free
3,46 Gb Paging File | 1,82 Gb Available in Paging File | 52,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 149,91 Gb Free Space | 52,97% Space Free | Partition Type: NTFS
 
Computer Name: YT-1300 | User Name: Luce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Luce\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - c:\program files (x86)\winamp toolbar\winamptbServer.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Luce\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.2.229\Blingext.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (SearchAnonymizer) -- C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F7765622F7B7365617263685465726D737D3F6261627372633D62726F777365727365617263682641463D313030353831&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{272AF676-4FC8-4411-9A88-53E0284062AA}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{2CF7D4B0-98F6-4197-8F5D-17183644E44F}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{59F72305-D7D4-4FB8-8E0D-86D3D1FE0458}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{8C988AA4-9F3C-4655-9A3F-D69BDC73C493}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{C2D10C7C-9EFC-4EEE-A0FA-DC02D20BE874}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{D8E47FF5-9649-4EFB-A5FB-605F981F176C}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{E767EB1A-C9D2-4EBB-88ED-1DF3AFDFCF63}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Ask.com Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/deu/"
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5.1
FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:6.3
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.04.10 21:35:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 18:24:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\mail@gutscheinrausch.de
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 18:24:13 | 000,000,000 | ---D | M]
 
[2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions
[2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.16 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions
[2013.02.09 10:25:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2013.01.27 14:28:35 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.10.26 20:03:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\coralietab@mozdev.org
[2013.05.16 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\staged
[2012.10.21 23:06:05 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\toolbar@ask.com
[2013.05.12 18:41:05 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\client@anonymox.net.xpi
[2012.02.20 22:41:19 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.05.01 08:52:20 | 000,052,496 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\googledictionary@toptip.ca.xpi
[2013.05.01 08:52:20 | 000,515,433 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\toolbar@gmx.net.xpi
[2013.05.05 18:54:11 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.12 18:41:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.16 22:54:42 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\staged\toolbar@gmx.net.xpi
[2013.05.01 08:52:32 | 000,001,050 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\11-suche.xml
[2011.12.27 16:41:40 | 000,002,643 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\aol-web-search.xml
[2013.02.23 19:08:15 | 000,002,306 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\askcomsearch.xml
[2012.02.07 01:08:28 | 000,000,931 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\conduit.xml
[2013.05.01 08:52:32 | 000,002,418 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\englische-ergebnisse.xml
[2013.05.01 08:52:32 | 000,010,701 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\gmx-suche.xml
[2013.05.01 08:52:32 | 000,002,432 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\lastminute.xml
[2012.01.23 16:18:50 | 000,002,135 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\s-amazon-de.xml
[2013.05.01 08:52:32 | 000,005,682 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\webde-suche.xml
[2011.12.27 16:41:40 | 000,002,188 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{78A017D2-2C0C-4D63-8BA0-48393A677264}.xml
[2011.12.27 16:41:40 | 000,001,870 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{CEE89566-97A4-46CF-9E1A-AEA28779ADDD}.xml
[2011.12.27 16:41:40 | 000,002,077 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{F86E7D4D-E70E-4EB3-8508-824D16B0D899}.xml
[2013.04.13 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.13 08:07:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.10 21:35:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.04.13 08:07:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.25 14:48:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.27 16:41:40 | 000,002,397 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 07:13:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.25 14:48:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.25 14:48:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.16 13:17:38 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.04.25 14:48:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.25 14:48:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002..\Run: [EPSON BX310FN Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE /FU "C:\Windows\TEMP\E_SD28F.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0ef38fed-b8fb-11e0-a08b-18f46ab4bb9b}\Shell - "" = AutoRun
O33 - MountPoints2\{0ef38fed-b8fb-11e0-a08b-18f46ab4bb9b}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 22:17:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe
[2013.05.16 21:57:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe
[2013.05.16 18:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.16 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Luce\Desktop\mbar-1.05.0.1001
[2013.05.16 18:16:24 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 18:16:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 18:16:01 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 18:16:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 18:15:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 18:15:59 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 18:14:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.16 18:14:08 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll
[2013.05.16 18:13:41 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 18:13:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 18:13:36 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 18:13:36 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 18:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 18:13:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 18:13:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 18:12:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.16 18:12:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.12 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EE08215D7633C2570000EE073359C5DA
[2013.05.12 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.08 16:25:04 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.03.24 23:24:06 | 000,657,600 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Luce\autoruns.exe
[2013.03.24 23:24:06 | 000,576,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Luce\autorunsc.exe
[85 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 09:39:49 | 000,179,554 | ---- | M] () -- C:\Users\Luce\Desktop\Unbenannt.PNG
[2013.05.17 09:39:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 09:39:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 09:34:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 09:34:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 09:25:30 | 000,428,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.17 09:25:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 09:23:48 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 23:39:01 | 001,535,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 23:39:01 | 000,659,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 23:39:01 | 000,620,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 23:39:01 | 000,132,970 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 23:39:01 | 000,108,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.16 23:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 22:38:00 | 000,377,856 | ---- | M] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe
[2013.05.16 22:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe
[2013.05.16 22:14:57 | 000,000,000 | ---- | M] () -- C:\Users\Luce\defogger_reenable
[2013.05.16 22:14:04 | 000,050,477 | ---- | M] () -- C:\Users\Luce\Desktop\Defogger.exe
[2013.05.16 21:58:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe
[2013.05.16 21:55:00 | 000,000,512 | ---- | M] () -- C:\Users\Luce\Desktop\MBR.dat
[2013.05.16 19:14:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.16 19:14:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.16 18:25:42 | 012,917,756 | ---- | M] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 22:09:12 | 000,002,052 | ---- | M] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk
[2013.05.08 16:24:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[85 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 09:39:48 | 000,179,554 | ---- | C] () -- C:\Users\Luce\Desktop\Unbenannt.PNG
[2013.05.16 22:37:31 | 000,377,856 | ---- | C] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe
[2013.05.16 22:14:57 | 000,000,000 | ---- | C] () -- C:\Users\Luce\defogger_reenable
[2013.05.16 22:13:55 | 000,050,477 | ---- | C] () -- C:\Users\Luce\Desktop\Defogger.exe
[2013.05.16 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Luce\Desktop\MBR.dat
[2013.05.16 18:25:25 | 012,917,756 | ---- | C] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 19:26:32 | 000,002,052 | ---- | C] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk
[2013.03.26 09:36:34 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.03.17 16:52:14 | 000,049,518 | ---- | C] () -- C:\Users\Luce\autoruns.chm
[2012.01.03 13:59:22 | 000,008,192 | ---- | C] () -- C:\Users\Luce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.27 16:41:34 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.27 16:16:11 | 1242,169,276 | ---- | C] () -- C:\Users\Luce\marco4.ps
[2011.12.27 13:37:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.12.27 13:23:34 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.11.30 15:11:01 | 000,000,032 | ---- | C] () -- C:\Users\Luce\.simfy
[2011.10.26 15:52:10 | 000,000,001 | R--- | C] () -- C:\Users\Luce\serverport
[2011.08.08 09:34:28 | 000,017,408 | ---- | C] () -- C:\Users\Luce\AppData\Local\WebpageIcons.db
[2011.06.18 17:19:43 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.06.18 17:19:42 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2010.12.02 10:24:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         
Ich hoffe, das hilft dir weiter...
__________________

Alt 17.05.2013, 11:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.05.2013, 19:40   #5
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hallo! Hier die Logdatei, die ich gefunden habe. Obwohl combofix immer noch anzeigt, dass man warten soll, bis er die logdatei fertig gestellt hat:
Code:
ATTFilter
ComboFix 13-05-16.02 - Luce 17.05.2013  18:23:33.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1771.588 [GMT 2:00]
ausgeführt von:: C:\Users\Luce\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Luce\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
C:\Users\Luce\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk


(((((((((((((((((((((((   Dateien erstellt von 2013-04-17 bis 2013-05-17  ))))))))))))))))))))))))))))))


2013-05-17 16:34:13 . 2013-05-17 16:34:13	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2013-05-17 16:06:54 . 2013-05-13 06:37:50	9460464	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A17F566-5339-461E-A22D-5FF286A8EFAF}\mpengine.dll
2013-05-16 21:58:25 . 2013-05-16 21:58:25	0	----a-w-	C:\Windows\SysWow64\sho1F18.tmp
2013-05-16 16:27:14 . 2013-05-16 16:27:14	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-05-16 16:16:24 . 2013-04-10 06:01:54	265064	----a-w-	C:\Windows\system32\drivers\dxgmms1.sys
2013-05-16 16:16:24 . 2013-04-10 06:01:53	983400	----a-w-	C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-16 16:16:24 . 2011-02-03 11:25:18	144384	----a-w-	C:\Windows\system32\cdd.dll
2013-05-16 16:16:04 . 2013-02-27 05:52:56	14172672	----a-w-	C:\Windows\system32\shell32.dll
2013-05-16 16:16:01 . 2013-02-27 05:52:55	197120	----a-w-	C:\Windows\system32\shdocvw.dll
2013-05-16 16:16:01 . 2013-02-27 05:48:00	1930752	----a-w-	C:\Windows\system32\authui.dll
2013-05-16 16:15:59 . 2013-02-27 06:02:44	111448	----a-w-	C:\Windows\system32\consent.exe
2013-05-16 16:15:59 . 2013-02-27 05:47:10	70144	----a-w-	C:\Windows\system32\appinfo.dll
2013-05-16 16:15:59 . 2013-02-27 04:49:24	1796096	----a-w-	C:\Windows\SysWow64\authui.dll
2013-05-16 16:14:25 . 2013-03-19 05:53:58	230400	----a-w-	C:\Windows\system32\wwansvc.dll
2013-05-16 16:14:24 . 2013-03-19 05:53:58	48640	----a-w-	C:\Windows\system32\wwanprotdim.dll
2013-05-16 16:14:15 . 2013-05-06 13:39:27	9060352	----a-w-	C:\Windows\system32\mshtml.dll
2013-05-16 16:14:08 . 2013-04-01 06:03:35	78680	----a-w-	C:\Windows\system32\mcupdate_AuthenticAMD.dll
2013-05-16 16:14:01 . 2013-04-10 03:30:50	3153920	----a-w-	C:\Windows\system32\win32k.sys
2013-05-16 16:12:54 . 2013-05-16 16:12:54	--------	d-----w-	C:\Windows\ERUNT
2013-05-16 16:12:14 . 2013-05-16 16:12:18	--------	d-----w-	C:\JRT
2013-05-12 20:08:22 . 2013-05-12 20:08:22	0	----a-w-	C:\Windows\SysWow64\shoAFE1.tmp
2013-05-12 17:41:10 . 2013-05-12 20:09:06	--------	d-----w-	C:\ProgramData\EE08215D7633C2570000EE073359C5DA
2013-05-11 10:37:28 . 2013-05-11 10:37:28	209472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2013-05-08 14:25:04 . 2013-05-08 14:24:26	83160	----a-w-	C:\Windows\system32\drivers\avnetflt.sys
2013-04-27 16:49:26 . 2013-04-27 16:49:26	0	----a-w-	C:\Windows\SysWow64\sho53E6.tmp
2013-04-24 12:46:30 . 2013-04-12 14:45:08	1656680	----a-w-	C:\Windows\system32\drivers\ntfs.sys
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-05-16 21:47:11 . 2011-06-10 17:29:18	75016696	----a-w-	C:\Windows\system32\MRT.exe
2013-05-16 17:14:48 . 2012-06-12 21:12:01	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-16 17:14:48 . 2011-08-08 07:34:06	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 15:53:23 . 2010-06-24 10:33:56	22240	----a-w-	C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06:08 . 2011-04-22 10:29:27	278800	------w-	C:\Windows\system32\MpSigStub.exe
2013-04-16 19:06:07 . 2013-04-16 19:06:07	0	----a-w-	C:\Windows\SysWow64\sho45B7.tmp
2013-04-13 05:49:23 . 2013-05-16 16:16:21	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 . 2013-05-16 16:16:21	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 . 2013-05-16 16:16:21	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 . 2013-05-16 16:16:20	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 . 2013-05-16 16:16:21	474624	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 . 2013-05-16 16:16:21	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-04-07 19:48:46 . 2013-04-07 19:48:46	0	----a-w-	C:\Windows\SysWow64\sho2B86.tmp
2013-04-04 21:40:33 . 2013-04-04 21:40:33	0	----a-w-	C:\Windows\SysWow64\shoEA05.tmp
2013-03-28 06:39:25 . 2013-03-28 06:39:54	28600	----a-w-	C:\Windows\system32\drivers\avkmgr.sys
2013-03-28 06:39:25 . 2013-03-28 06:39:54	130016	----a-w-	C:\Windows\system32\drivers\avipbb.sys
2013-03-28 06:39:25 . 2013-03-28 06:39:54	100712	----a-w-	C:\Windows\system32\drivers\avgntflt.sys
2013-03-26 08:58:43 . 2013-03-26 08:58:55	95648	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 08:58:43 . 2012-10-10 07:03:42	861088	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2013-03-26 08:58:43 . 2011-12-06 21:11:15	782240	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 . 2013-04-10 20:00:29	5550424	----a-w-	C:\Windows\system32\ntoskrnl.exe
2013-03-19 05:46:56 . 2013-04-10 20:00:26	43520	----a-w-	C:\Windows\system32\csrsrv.dll
2013-03-19 05:04:13 . 2013-04-10 20:00:27	3968856	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 . 2013-04-10 20:00:28	3913560	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 . 2013-04-10 20:00:25	6656	----a-w-	C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 . 2013-04-10 20:00:26	112640	----a-w-	C:\Windows\system32\smss.exe
2013-03-14 21:15:34 . 2013-03-14 21:15:34	0	----a-w-	C:\Windows\SysWow64\shoEA94.tmp
2013-03-11 21:13:48 . 2013-03-11 21:13:48	0	----a-w-	C:\Windows\SysWow64\sho9DDA.tmp
2013-03-08 22:10:12 . 2013-03-08 22:10:12	0	----a-w-	C:\Windows\SysWow64\sho269B.tmp
2013-02-28 12:03:52 . 2013-03-14 20:52:40	1638912	----a-w-	C:\Windows\system32\mshtml.tlb
2013-02-28 11:38:43 . 2013-03-14 20:52:40	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-02-26 21:42:18 . 2013-02-26 21:42:18	0	----a-w-	C:\Windows\SysWow64\sho6DE1.tmp
2006-05-03 11:06:54	163328	--sha-r-	C:\Windows\SysWOW64\flvDX.dll
2007-02-21 12:47:16	31232	--sha-r-	C:\Windows\SysWOW64\msfDX.dll
2008-03-16 14:30:52	216064	--sha-r-	C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00	107520	--sha-r-	C:\Windows\SysWOW64\TAKDSDecoder.dll


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 14:22:16	1307728	----a-w-	C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49:38	176936	----a-w-	C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 15:43:36	1519272	----a-w-	C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 15:43:36 1519272]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 04:43:08 247728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 03:00:56 340336]
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 00:10:16 407920]
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 00:10:02 201584]
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 13:21:44 296984]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2010-12-31 12:05:26 1029200]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 14:55:44 336384]
"MDS_Menu"="C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 21:16:16 222504]
"IJNetworkScanUtility"="C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 15:11:52 136544]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
"starter4g"="C:\Windows\starter4g.exe" [2010-03-19 15:14:26 161040]
"WinampAgent"="C:\Program Files (x86)\Winamp\winampa.exe" [2011-07-11 21:47:06 74752]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 18:55:54 49208]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 14:23:52 345312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 12:17:22 73216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 14:22:16 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 10:21:24 160944]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\system32\DRIVERS\cmnsusbser.sys [2011-07-28 14:04:49 117888]
R3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 02:09:54 172912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 15:48:00 235216]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-17 09:18:28 246376]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 17:10:10 57184]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-28 06:39:25 28600]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2010-12-02 08:39:13 22912]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2010-12-02 08:39:13 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2010-12-02 08:39:13 62584]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2010-11-09 13:55:50 203776]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 15:14:36 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 04:23:36 194496]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 06:39:19 86752]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 13:22:40 822624]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-31 12:05:26 310864]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 18:22:12 868224]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 13:21:22 23584]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 08:54:14 103472]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 10:07:22 503080]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 13:22:10 256536]
S2 SearchAnonymizer;SearchAnonymizer;C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-12-27 14:41:28 40960]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 07:30:18 508776]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 04:43:08 92592]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 00:27:36 243232]
S2 WTGService;WTGService;C:\Program Files (x86)\XSManager\WTGService.exe [2009-06-22 13:21:58 304592]
S2 XS Stick Service;XS Stick Service;C:\Windows\service4g.exe [2010-03-19 15:13:40 145680]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 08:18:24 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2010-11-16 23:04:32 115216]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 14:22:16 240208]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 07:24:44 76912]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 07:30:10 764264]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 07:30:18 268648]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 07:30:18 25960]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 07:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 07:30:22 219496]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2010-04-28 20:43:20 38528]


Inhalt des "geplante Tasks" Ordners

2013-05-17 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 21:12:02 . 2013-05-16 17:14:48]

2013-05-17 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 13:23:34 . 2013-03-22 13:23:32]

2013-05-17 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 13:23:34 . 2013-03-22 13:23:32]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 18:22:14 860040]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 02:00:00 2184520]
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 01:40:00 767312]
"Ocs_SM"="C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-12-27 14:41:28 106496]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
         
Danke schon mal


Alt 17.05.2013, 20:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Das Log ist leider unvollständig, poste bitte alles
__________________
--> System Care Antivirus kann nicht entfernt werden

Alt 17.05.2013, 21:41   #7
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hallo! Das ist alles, was sich in der log Datei befindet. Jedoch habe ich den Scan mehrmals durchlaufen lassen. Er führt den scan vollständig aus, dann zeigt er an, dass man kein anderes Programm benutzen soll, bis das Log erstellt wurde. Er kommt jedoch nicht zum Schluss. Ich habe bestimmt eine Stunde gewartet. Danach habe ich einfach erneut gescannt und wieder das gleiche. Dann habe ich entdeckt, dass die log-Datei trotzdem vorhanden ist, obwohl das Programm noch nicht ganz fertig ist. Diese habe ich hier gepostet. Naja, anscheinend ist sie unvollständig...

Alt 17.05.2013, 21:49   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.05.2013, 22:49   #9
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hier die Log Datei von gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-17 23:16:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3265GSX rev.GJ002J 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Luce\AppData\Local\Temp\kwldrpog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1088:4088]                                                                                  000007fefb9a341c
Thread  C:\Windows\system32\svchost.exe [1088:3724]                                                                                  000007fefb9a3a2c
Thread  C:\Windows\system32\svchost.exe [1088:2784]                                                                                  000007fefb9a3768
Thread  C:\Windows\system32\svchost.exe [1088:3480]                                                                                  000007fefb9a5c20
Thread  C:\Windows\system32\svchost.exe [1088:4484]                                                                                  000007fefb9a3900
Thread  C:\Windows\System32\spoolsv.exe [1192:2992]                                                                                  000007fef44710c8
Thread  C:\Windows\System32\spoolsv.exe [1192:3004]                                                                                  000007fef4436144
Thread  C:\Windows\System32\spoolsv.exe [1192:3008]                                                                                  000007fef96c5fd0
Thread  C:\Windows\System32\spoolsv.exe [1192:3012]                                                                                  000007fef4413438
Thread  C:\Windows\System32\spoolsv.exe [1192:3016]                                                                                  000007fef96c63ec
Thread  C:\Windows\System32\spoolsv.exe [1192:3028]                                                                                  000007fef47a5e5c
Thread  C:\Windows\System32\spoolsv.exe [1192:3060]                                                                                  00000000005ce0bc
Thread  C:\Windows\System32\spoolsv.exe [1192:4476]                                                                                  00000000005c81fc
Thread  C:\Windows\system32\svchost.exe [1672:1308]                                                                                  000007fef1ec8470
Thread  C:\Windows\system32\svchost.exe [1672:1804]                                                                                  000007fef1ed2418
Thread  C:\Windows\system32\svchost.exe [1672:5976]                                                                                  000007feedabf130
Thread  C:\Windows\system32\svchost.exe [1672:3980]                                                                                  000007feedab4734
Thread  C:\Windows\system32\svchost.exe [1672:4696]                                                                                  000007feedab4734
Thread  C:\Windows\system32\svchost.exe [1672:2592]                                                                                  000007fef1ed976c
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2640]                                   000000007339102d
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2648]                                   000000007309f1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2656]                                   000000007309f1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2660]                                   00000000730955d3
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2896]                                   000000007333c159
Thread  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2908:3000]                           000000007277473d
Thread  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2908:3032]                           0000000072785ced
Thread  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2908:5572]                           000000007624d864
Thread  C:\Windows\system32\Dwm.exe [3820:4032]                                                                                      000007fef35ff0d8
Thread  C:\Windows\system32\Dwm.exe [3820:4048]                                                                                      000007fef2deabf0
Thread  C:\Windows\system32\taskhost.exe [3860:4060]                                                                                 000007fef2da1010
Thread  C:\Windows\System32\svchost.exe [5444:2408]                                                                                  000007fef1749688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                             15433
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}@LeaseObtainedTime  1368824468
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}@T1                 -778659181
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}@T2                 1905695379

---- EOF - GMER 2.1 ----
         

und weiter die Log Datei von mbar. Ohne Funde. Diesen Scan habe ich schon einmal durchgeführt und oben auch schon gepostet. Hier die aktuellen Ergebnisse:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Luce :: YT-1300 [administrator]

17.05.2013 23:32:46
mbar-log-2013-05-17 (23-32-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30023
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Mir ist übrigens aufgefallen, dass es keine pop-up fenster mehr von system care gibt. Es gibt allerdings noch eine Verknüpfung mit dem Programm auf dem Desktop, aber ohne original icon.

Alt 17.05.2013, 23:10   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.05.2013, 00:12   #11
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hier die zwei log-Datein:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-16 19:48:34
-----------------------------
19:48:34.189    OS Version: Windows x64 6.1.7601 Service Pack 1
19:48:34.189    Number of processors: 2 586 0x100
19:48:34.267    ComputerName: YT-1300  UserName: Luce
19:48:38.525    Initialize success
19:49:53.354    AVAST engine defs: 13051600
19:50:16.801    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:50:16.817    Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
19:50:17.051    Disk 0 MBR read successfully
19:50:17.051    Disk 0 MBR scan
19:50:17.113    Disk 0 Windows 7 default MBR code
19:50:17.144    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
19:50:17.191    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
19:50:17.207    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       289783 MB offset 31664128
19:50:17.347    Disk 0 scanning C:\Windows\system32\drivers
19:50:44.554    Service scanning
19:51:52.975    Modules scanning
19:51:52.991    Disk 0 trace - called modules:
19:51:53.069    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
19:51:53.085    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800246b060]
19:51:53.100    3 CLASSPNP.SYS[fffff880018da43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001f92610]
19:51:54.910    AVAST engine scan C:\Windows
19:51:59.746    AVAST engine scan C:\Windows\system32
20:00:03.253    AVAST engine scan C:\Windows\system32\drivers
20:00:43.080    AVAST engine scan C:\Users\Luce
21:55:00.226    Disk 0 MBR has been saved successfully to "C:\Users\Luce\Desktop\MBR.dat"
21:55:00.257    The log file has been saved successfully to "C:\Users\Luce\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-18 00:20:53
-----------------------------
00:20:53.398    OS Version: Windows x64 6.1.7601 Service Pack 1
00:20:53.398    Number of processors: 2 586 0x100
00:20:53.398    ComputerName: YT-1300  UserName: Luce
00:20:55.863    Initialize success
00:22:10.960    AVAST engine defs: 13051701
00:22:21.459    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:22:21.475    Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
00:22:21.615    Disk 0 MBR read successfully
00:22:21.631    Disk 0 MBR scan
00:22:21.678    Disk 0 Windows 7 default MBR code
00:22:21.693    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
00:22:21.724    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
00:22:21.756    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       289783 MB offset 31664128
00:22:21.927    Disk 0 scanning C:\Windows\system32\drivers
00:22:38.791    Service scanning
00:23:27.088    Modules scanning
00:23:27.104    Disk 0 trace - called modules:
00:23:27.135    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
00:23:27.135    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002489420]
00:23:27.151    3 CLASSPNP.SYS[fffff8800187a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001fb5060]
00:23:28.180    AVAST engine scan C:\Windows
00:23:32.782    AVAST engine scan C:\Windows\system32
00:28:58.355    AVAST engine scan C:\Windows\system32\drivers
00:29:19.633    AVAST engine scan C:\Users\Luce
00:53:04.431    AVAST engine scan C:\ProgramData
00:56:32.551    Scan finished successfully
00:57:16.578    Disk 0 MBR has been saved successfully to "C:\Users\Luce\Desktop\MBR.dat"
00:57:16.624    The log file has been saved successfully to "C:\Users\Luce\Desktop\aswMBR.txt"
         

und noch der report:
Code:
ATTFilter
01:01:45.0817 4804  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:01:46.0160 4804  ============================================================
01:01:46.0160 4804  Current date / time: 2013/05/18 01:01:46.0144
01:01:46.0160 4804  SystemInfo:
01:01:46.0160 4804  
01:01:46.0160 4804  OS Version: 6.1.7601 ServicePack: 1.0
01:01:46.0160 4804  Product type: Workstation
01:01:46.0160 4804  ComputerName: YT-1300
01:01:46.0160 4804  UserName: Luce
01:01:46.0160 4804  Windows directory: C:\Windows
01:01:46.0160 4804  System windows directory: C:\Windows
01:01:46.0160 4804  Running under WOW64
01:01:46.0160 4804  Processor architecture: Intel x64
01:01:46.0160 4804  Number of processors: 2
01:01:46.0160 4804  Page size: 0x1000
01:01:46.0160 4804  Boot type: Normal boot
01:01:46.0160 4804  ============================================================
01:01:48.0625 4804  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:01:48.0625 4804  ============================================================
01:01:48.0625 4804  \Device\Harddisk0\DR0:
01:01:48.0625 4804  MBR partitions:
01:01:48.0625 4804  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
01:01:48.0625 4804  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
01:01:48.0625 4804  ============================================================
01:01:48.0640 4804  C: <-> \Device\Harddisk0\DR0\Partition2
01:01:48.0703 4804  ============================================================
01:01:48.0703 4804  Initialize success
01:01:48.0703 4804  ============================================================
01:04:41.0832 1288  ============================================================
01:04:41.0832 1288  Scan started
01:04:41.0832 1288  Mode: Manual; SigCheck; TDLFS; 
01:04:41.0832 1288  ============================================================
01:04:42.0440 1288  ================ Scan system memory ========================
01:04:42.0440 1288  System memory - ok
01:04:42.0440 1288  ================ Scan services =============================
01:04:42.0627 1288  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:04:42.0799 1288  1394ohci - ok
01:04:42.0877 1288  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:04:42.0908 1288  ACPI - ok
01:04:42.0955 1288  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:04:43.0049 1288  AcpiPmi - ok
01:04:43.0158 1288  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:04:43.0189 1288  AdobeARMservice - ok
01:04:43.0329 1288  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:04:43.0376 1288  AdobeFlashPlayerUpdateSvc - ok
01:04:43.0439 1288  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:04:43.0485 1288  adp94xx - ok
01:04:43.0517 1288  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:04:43.0548 1288  adpahci - ok
01:04:43.0563 1288  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:04:43.0595 1288  adpu320 - ok
01:04:43.0641 1288  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:04:43.0735 1288  AeLookupSvc - ok
01:04:43.0813 1288  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:04:43.0891 1288  AFD - ok
01:04:43.0938 1288  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:04:43.0969 1288  agp440 - ok
01:04:44.0031 1288  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:04:44.0109 1288  ALG - ok
01:04:44.0156 1288  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:04:44.0187 1288  aliide - ok
01:04:44.0250 1288  [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:04:44.0343 1288  AMD External Events Utility - ok
01:04:44.0406 1288  AMD FUEL Service - ok
01:04:44.0484 1288  [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
01:04:44.0499 1288  AMD Reservation Manager - ok
01:04:44.0546 1288  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:04:44.0577 1288  amdide - ok
01:04:44.0624 1288  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
01:04:44.0655 1288  amdiox64 - ok
01:04:44.0718 1288  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:04:44.0796 1288  AmdK8 - ok
01:04:45.0030 1288  [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
01:04:45.0357 1288  amdkmdag - ok
01:04:45.0404 1288  [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
01:04:45.0467 1288  amdkmdap - ok
01:04:45.0529 1288  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:04:45.0591 1288  AmdPPM - ok
01:04:45.0638 1288  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:04:45.0669 1288  amdsata - ok
01:04:45.0685 1288  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:04:45.0716 1288  amdsbs - ok
01:04:45.0732 1288  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:04:45.0763 1288  amdxata - ok
01:04:45.0872 1288  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:04:45.0888 1288  AntiVirSchedulerService - ok
01:04:45.0950 1288  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:04:45.0981 1288  AntiVirService - ok
01:04:46.0028 1288  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:04:46.0231 1288  AppID - ok
01:04:46.0278 1288  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:04:46.0371 1288  AppIDSvc - ok
01:04:46.0418 1288  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
01:04:46.0512 1288  Appinfo - ok
01:04:46.0574 1288  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:04:46.0590 1288  arc - ok
01:04:46.0621 1288  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:04:46.0637 1288  arcsas - ok
01:04:46.0668 1288  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:04:46.0746 1288  AsyncMac - ok
01:04:46.0777 1288  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:04:46.0808 1288  atapi - ok
01:04:46.0902 1288  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
01:04:46.0980 1288  athr - ok
01:04:47.0058 1288  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
01:04:47.0089 1288  AtiHDAudioService - ok
01:04:47.0151 1288  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:04:47.0292 1288  AudioEndpointBuilder - ok
01:04:47.0307 1288  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:04:47.0385 1288  AudioSrv - ok
01:04:47.0463 1288  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
01:04:47.0479 1288  avgntflt - ok
01:04:47.0541 1288  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
01:04:47.0573 1288  avipbb - ok
01:04:47.0604 1288  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
01:04:47.0619 1288  avkmgr - ok
01:04:47.0666 1288  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:04:47.0791 1288  AxInstSV - ok
01:04:47.0853 1288  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:04:47.0916 1288  b06bdrv - ok
01:04:47.0947 1288  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:04:47.0994 1288  b57nd60a - ok
01:04:48.0134 1288  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
01:04:48.0181 1288  BBSvc - ok
01:04:48.0228 1288  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
01:04:48.0259 1288  BBUpdate - ok
01:04:48.0321 1288  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:04:48.0399 1288  BDESVC - ok
01:04:48.0431 1288  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:04:48.0524 1288  Beep - ok
01:04:48.0587 1288  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:04:48.0696 1288  BFE - ok
01:04:48.0743 1288  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
01:04:48.0867 1288  BITS - ok
01:04:48.0930 1288  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:04:48.0992 1288  blbdrive - ok
01:04:49.0023 1288  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:04:49.0101 1288  bowser - ok
01:04:49.0148 1288  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:04:49.0226 1288  BrFiltLo - ok
01:04:49.0242 1288  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:04:49.0289 1288  BrFiltUp - ok
01:04:49.0367 1288  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
01:04:49.0460 1288  BridgeMP - ok
01:04:49.0523 1288  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:04:49.0569 1288  Browser - ok
01:04:49.0601 1288  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:04:49.0679 1288  Brserid - ok
01:04:49.0710 1288  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:04:49.0757 1288  BrSerWdm - ok
01:04:49.0788 1288  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:04:49.0835 1288  BrUsbMdm - ok
01:04:49.0850 1288  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:04:49.0897 1288  BrUsbSer - ok
01:04:49.0913 1288  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:04:49.0959 1288  BTHMODEM - ok
01:04:50.0006 1288  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:04:50.0084 1288  bthserv - ok
01:04:50.0147 1288  catchme - ok
01:04:50.0162 1288  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:04:50.0271 1288  cdfs - ok
01:04:50.0318 1288  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
01:04:50.0365 1288  cdrom - ok
01:04:50.0412 1288  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:04:50.0490 1288  CertPropSvc - ok
01:04:50.0537 1288  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:04:50.0583 1288  circlass - ok
01:04:50.0630 1288  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:04:50.0677 1288  CLFS - ok
01:04:50.0755 1288  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:04:50.0786 1288  clr_optimization_v2.0.50727_32 - ok
01:04:50.0833 1288  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:04:50.0849 1288  clr_optimization_v2.0.50727_64 - ok
01:04:50.0942 1288  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:04:51.0020 1288  clr_optimization_v4.0.30319_32 - ok
01:04:51.0223 1288  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:04:51.0270 1288  clr_optimization_v4.0.30319_64 - ok
01:04:51.0317 1288  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:04:51.0363 1288  CmBatt - ok
01:04:51.0379 1288  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:04:51.0410 1288  cmdide - ok
01:04:51.0457 1288  [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser      C:\Windows\system32\DRIVERS\cmnsusbser.sys
01:04:51.0519 1288  cmnsusbser - ok
01:04:51.0566 1288  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
01:04:51.0629 1288  CNG - ok
01:04:51.0722 1288  [ 78AC76700D37A98B5BADB19D57301BD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
01:04:51.0785 1288  CnxtHdAudService - ok
01:04:51.0831 1288  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:04:51.0847 1288  Compbatt - ok
01:04:51.0909 1288  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:04:51.0987 1288  CompositeBus - ok
01:04:52.0003 1288  COMSysApp - ok
01:04:52.0050 1288  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:04:52.0081 1288  crcdisk - ok
01:04:52.0128 1288  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:04:52.0190 1288  CryptSvc - ok
01:04:52.0315 1288  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:04:52.0377 1288  cvhsvc - ok
01:04:52.0455 1288  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:04:52.0549 1288  DcomLaunch - ok
01:04:52.0611 1288  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:04:52.0705 1288  defragsvc - ok
01:04:52.0767 1288  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:04:52.0861 1288  DfsC - ok
01:04:52.0939 1288  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:04:53.0033 1288  Dhcp - ok
01:04:53.0095 1288  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:04:53.0189 1288  discache - ok
01:04:53.0235 1288  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:04:53.0267 1288  Disk - ok
01:04:53.0313 1288  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:04:53.0376 1288  Dnscache - ok
01:04:53.0438 1288  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:04:53.0516 1288  dot3svc - ok
01:04:53.0532 1288  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:04:53.0625 1288  DPS - ok
01:04:53.0672 1288  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:04:53.0719 1288  drmkaud - ok
01:04:53.0828 1288  [ 53E4843E1CD3653E665DAA32241F8F8B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
01:04:53.0859 1288  DsiWMIService - ok
01:04:53.0937 1288  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:04:54.0000 1288  DXGKrnl - ok
01:04:54.0062 1288  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:04:54.0156 1288  EapHost - ok
01:04:54.0265 1288  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:04:54.0390 1288  ebdrv - ok
01:04:54.0437 1288  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:04:54.0483 1288  EFS - ok
01:04:54.0530 1288  [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
01:04:54.0561 1288  EgisTec Ticket Service - ok
01:04:54.0639 1288  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:04:54.0733 1288  ehRecvr - ok
01:04:54.0780 1288  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:04:54.0827 1288  ehSched - ok
01:04:54.0889 1288  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:04:54.0920 1288  elxstor - ok
01:04:54.0998 1288  [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
01:04:55.0061 1288  ePowerSvc - ok
01:04:55.0154 1288  [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
01:04:55.0201 1288  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
01:04:55.0201 1288  EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
01:04:55.0232 1288  [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
01:04:55.0263 1288  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
01:04:55.0263 1288  EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
01:04:55.0295 1288  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:04:55.0341 1288  ErrDev - ok
01:04:55.0404 1288  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:04:55.0513 1288  EventSystem - ok
01:04:55.0529 1288  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:04:55.0622 1288  exfat - ok
01:04:55.0653 1288  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:04:55.0747 1288  fastfat - ok
01:04:55.0809 1288  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:04:55.0903 1288  Fax - ok
01:04:55.0919 1288  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:04:55.0950 1288  fdc - ok
01:04:56.0012 1288  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:04:56.0090 1288  fdPHost - ok
01:04:56.0121 1288  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:04:56.0199 1288  FDResPub - ok
01:04:56.0262 1288  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:04:56.0277 1288  FileInfo - ok
01:04:56.0293 1288  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:04:56.0387 1288  Filetrace - ok
01:04:56.0465 1288  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:04:56.0496 1288  FLEXnet Licensing Service - ok
01:04:56.0543 1288  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:04:56.0574 1288  flpydisk - ok
01:04:56.0636 1288  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:04:56.0683 1288  FltMgr - ok
01:04:56.0761 1288  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
01:04:56.0855 1288  FontCache - ok
01:04:56.0933 1288  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:04:56.0964 1288  FontCache3.0.0.0 - ok
01:04:56.0995 1288  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:04:57.0026 1288  FsDepends - ok
01:04:57.0057 1288  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:04:57.0089 1288  Fs_Rec - ok
01:04:57.0151 1288  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:04:57.0198 1288  fvevol - ok
01:04:57.0245 1288  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:04:57.0276 1288  gagp30kx - ok
01:04:57.0338 1288  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:04:57.0432 1288  gpsvc - ok
01:04:57.0510 1288  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
01:04:57.0541 1288  GREGService - ok
01:04:57.0603 1288  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:04:57.0619 1288  gupdate - ok
01:04:57.0650 1288  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:04:57.0681 1288  gupdatem - ok
01:04:57.0728 1288  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:04:57.0806 1288  hcw85cir - ok
01:04:57.0869 1288  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:04:57.0915 1288  HdAudAddService - ok
01:04:57.0962 1288  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:04:58.0009 1288  HDAudBus - ok
01:04:58.0056 1288  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:04:58.0087 1288  HidBatt - ok
01:04:58.0103 1288  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:04:58.0149 1288  HidBth - ok
01:04:58.0196 1288  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:04:58.0227 1288  HidIr - ok
01:04:58.0274 1288  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
01:04:58.0352 1288  hidserv - ok
01:04:58.0415 1288  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:04:58.0446 1288  HidUsb - ok
01:04:58.0493 1288  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:04:58.0571 1288  hkmsvc - ok
01:04:58.0617 1288  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:04:58.0711 1288  HomeGroupListener - ok
01:04:58.0758 1288  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:04:58.0789 1288  HomeGroupProvider - ok
01:04:58.0851 1288  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:04:58.0883 1288  HpSAMD - ok
01:04:58.0961 1288  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:04:59.0070 1288  HTTP - ok
01:04:59.0101 1288  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:04:59.0132 1288  hwpolicy - ok
01:04:59.0163 1288  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:04:59.0210 1288  i8042prt - ok
01:04:59.0273 1288  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:04:59.0319 1288  iaStorV - ok
01:04:59.0397 1288  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:04:59.0460 1288  idsvc - ok
01:04:59.0491 1288  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:04:59.0522 1288  iirsp - ok
01:04:59.0585 1288  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:04:59.0709 1288  IKEEXT - ok
01:04:59.0756 1288  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:04:59.0772 1288  intelide - ok
01:04:59.0819 1288  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:04:59.0850 1288  intelppm - ok
01:04:59.0912 1288  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:05:00.0006 1288  IPBusEnum - ok
01:05:00.0053 1288  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:05:00.0146 1288  IpFilterDriver - ok
01:05:00.0209 1288  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:05:00.0271 1288  iphlpsvc - ok
01:05:00.0318 1288  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:05:00.0365 1288  IPMIDRV - ok
01:05:00.0411 1288  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:05:00.0489 1288  IPNAT - ok
01:05:00.0521 1288  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:05:00.0630 1288  IRENUM - ok
01:05:00.0692 1288  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:05:00.0708 1288  isapnp - ok
01:05:00.0755 1288  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:05:00.0786 1288  iScsiPrt - ok
01:05:00.0817 1288  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:05:00.0848 1288  kbdclass - ok
01:05:00.0864 1288  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:05:00.0911 1288  kbdhid - ok
01:05:00.0926 1288  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:05:00.0957 1288  KeyIso - ok
01:05:01.0004 1288  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:05:01.0035 1288  KSecDD - ok
01:05:01.0067 1288  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:05:01.0113 1288  KSecPkg - ok
01:05:01.0160 1288  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:05:01.0238 1288  ksthunk - ok
01:05:01.0285 1288  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:05:01.0379 1288  KtmRm - ok
01:05:01.0441 1288  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
01:05:01.0457 1288  L1C - ok
01:05:01.0519 1288  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
01:05:01.0597 1288  LanmanServer - ok
01:05:01.0644 1288  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:05:01.0753 1288  LanmanWorkstation - ok
01:05:01.0800 1288  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:05:01.0893 1288  lltdio - ok
01:05:01.0940 1288  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:05:02.0034 1288  lltdsvc - ok
01:05:02.0065 1288  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:05:02.0143 1288  lmhosts - ok
01:05:02.0190 1288  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:05:02.0221 1288  LSI_FC - ok
01:05:02.0268 1288  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:05:02.0299 1288  LSI_SAS - ok
01:05:02.0315 1288  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:05:02.0346 1288  LSI_SAS2 - ok
01:05:02.0377 1288  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:05:02.0393 1288  LSI_SCSI - ok
01:05:02.0424 1288  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:05:02.0517 1288  luafv - ok
01:05:02.0658 1288  [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
01:05:02.0689 1288  McAfee SiteAdvisor Service - ok
01:05:02.0814 1288  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
01:05:02.0861 1288  McComponentHostService - ok
01:05:02.0907 1288  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:05:02.0954 1288  Mcx2Svc - ok
01:05:02.0985 1288  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:05:03.0017 1288  megasas - ok
01:05:03.0032 1288  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:05:03.0063 1288  MegaSR - ok
01:05:03.0173 1288  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:05:03.0204 1288  Microsoft Office Groove Audit Service - ok
01:05:03.0251 1288  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:05:03.0344 1288  MMCSS - ok
01:05:03.0375 1288  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:05:03.0453 1288  Modem - ok
01:05:03.0500 1288  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:05:03.0547 1288  monitor - ok
01:05:03.0609 1288  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:05:03.0641 1288  mouclass - ok
01:05:03.0672 1288  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:05:03.0734 1288  mouhid - ok
01:05:03.0781 1288  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:05:03.0797 1288  mountmgr - ok
01:05:03.0906 1288  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:05:03.0953 1288  MozillaMaintenance - ok
01:05:03.0968 1288  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:05:03.0999 1288  mpio - ok
01:05:04.0031 1288  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:05:04.0124 1288  mpsdrv - ok
01:05:04.0171 1288  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:05:04.0265 1288  MpsSvc - ok
01:05:04.0327 1288  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:05:04.0374 1288  MRxDAV - ok
01:05:04.0421 1288  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:05:04.0483 1288  mrxsmb - ok
01:05:04.0545 1288  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:05:04.0577 1288  mrxsmb10 - ok
01:05:04.0592 1288  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:05:04.0639 1288  mrxsmb20 - ok
01:05:04.0670 1288  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:05:04.0701 1288  msahci - ok
01:05:04.0748 1288  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:05:04.0764 1288  msdsm - ok
01:05:04.0795 1288  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:05:04.0842 1288  MSDTC - ok
01:05:04.0889 1288  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:05:04.0982 1288  Msfs - ok
01:05:04.0998 1288  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:05:05.0076 1288  mshidkmdf - ok
01:05:05.0123 1288  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:05:05.0138 1288  msisadrv - ok
01:05:05.0185 1288  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:05:05.0279 1288  MSiSCSI - ok
01:05:05.0279 1288  msiserver - ok
01:05:05.0341 1288  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:05:05.0403 1288  MSKSSRV - ok
01:05:05.0435 1288  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:05:05.0528 1288  MSPCLOCK - ok
01:05:05.0528 1288  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:05:05.0606 1288  MSPQM - ok
01:05:05.0653 1288  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:05:05.0700 1288  MsRPC - ok
01:05:05.0731 1288  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:05:05.0762 1288  mssmbios - ok
01:05:05.0809 1288  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:05:05.0887 1288  MSTEE - ok
01:05:05.0918 1288  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:05:05.0949 1288  MTConfig - ok
01:05:05.0981 1288  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:05:05.0996 1288  Mup - ok
01:05:06.0012 1288  [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:05:06.0059 1288  mwlPSDFilter - ok
01:05:06.0074 1288  [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:05:06.0090 1288  mwlPSDNServ - ok
01:05:06.0105 1288  [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:05:06.0121 1288  mwlPSDVDisk - ok
01:05:06.0183 1288  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:05:06.0277 1288  napagent - ok
01:05:06.0339 1288  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:05:06.0417 1288  NativeWifiP - ok
01:05:06.0511 1288  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
01:05:06.0542 1288  NAUpdate - ok
01:05:06.0605 1288  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:05:06.0667 1288  NDIS - ok
01:05:06.0714 1288  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:05:06.0807 1288  NdisCap - ok
01:05:06.0839 1288  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:05:06.0932 1288  NdisTapi - ok
01:05:06.0963 1288  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:05:07.0041 1288  Ndisuio - ok
01:05:07.0088 1288  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:05:07.0182 1288  NdisWan - ok
01:05:07.0213 1288  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:05:07.0291 1288  NDProxy - ok
01:05:07.0353 1288  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:05:07.0431 1288  NetBIOS - ok
01:05:07.0478 1288  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:05:07.0541 1288  NetBT - ok
01:05:07.0572 1288  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:05:07.0587 1288  Netlogon - ok
01:05:07.0634 1288  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:05:07.0743 1288  Netman - ok
01:05:07.0759 1288  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:05:07.0868 1288  netprofm - ok
01:05:07.0899 1288  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:05:07.0915 1288  NetTcpPortSharing - ok
01:05:07.0962 1288  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:05:08.0009 1288  nfrd960 - ok
01:05:08.0055 1288  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:05:08.0102 1288  NlaSvc - ok
01:05:08.0149 1288  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:05:08.0211 1288  Npfs - ok
01:05:08.0243 1288  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:05:08.0336 1288  nsi - ok
01:05:08.0367 1288  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:05:08.0461 1288  nsiproxy - ok
01:05:08.0539 1288  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:05:08.0601 1288  Ntfs - ok
01:05:08.0679 1288  [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
01:05:08.0726 1288  NTI IScheduleSvc - ok
01:05:08.0773 1288  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
01:05:08.0789 1288  NTIDrvr - ok
01:05:08.0804 1288  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:05:08.0898 1288  Null - ok
01:05:08.0929 1288  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:05:08.0960 1288  nvraid - ok
01:05:09.0007 1288  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:05:09.0023 1288  nvstor - ok
01:05:09.0085 1288  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:05:09.0116 1288  nv_agp - ok
01:05:09.0194 1288  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:05:09.0241 1288  odserv - ok
01:05:09.0303 1288  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:05:09.0335 1288  ohci1394 - ok
01:05:09.0397 1288  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:05:09.0413 1288  ose - ok
01:05:09.0600 1288  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:05:09.0834 1288  osppsvc - ok
01:05:09.0896 1288  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:05:09.0959 1288  p2pimsvc - ok
01:05:09.0990 1288  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:05:10.0037 1288  p2psvc - ok
01:05:10.0083 1288  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:05:10.0115 1288  Parport - ok
01:05:10.0146 1288  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:05:10.0177 1288  partmgr - ok
01:05:10.0224 1288  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:05:10.0255 1288  PcaSvc - ok
01:05:10.0302 1288  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:05:10.0333 1288  pci - ok
01:05:10.0349 1288  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:05:10.0380 1288  pciide - ok
01:05:10.0411 1288  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:05:10.0442 1288  pcmcia - ok
01:05:10.0458 1288  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:05:10.0489 1288  pcw - ok
01:05:10.0520 1288  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:05:10.0614 1288  PEAUTH - ok
01:05:10.0739 1288  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:05:10.0785 1288  PerfHost - ok
01:05:10.0863 1288  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:05:10.0988 1288  pla - ok
01:05:11.0051 1288  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:05:11.0097 1288  PlugPlay - ok
01:05:11.0144 1288  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:05:11.0160 1288  PNRPAutoReg - ok
01:05:11.0191 1288  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:05:11.0222 1288  PNRPsvc - ok
01:05:11.0285 1288  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:05:11.0378 1288  PolicyAgent - ok
01:05:11.0425 1288  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:05:11.0519 1288  Power - ok
01:05:11.0565 1288  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:05:11.0675 1288  PptpMiniport - ok
01:05:11.0721 1288  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:05:11.0784 1288  Processor - ok
01:05:11.0831 1288  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:05:11.0877 1288  ProfSvc - ok
01:05:11.0909 1288  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:05:11.0924 1288  ProtectedStorage - ok
01:05:11.0987 1288  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:05:12.0065 1288  Psched - ok
01:05:12.0127 1288  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:05:12.0189 1288  ql2300 - ok
01:05:12.0221 1288  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:05:12.0252 1288  ql40xx - ok
01:05:12.0299 1288  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:05:12.0345 1288  QWAVE - ok
01:05:12.0361 1288  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:05:12.0439 1288  QWAVEdrv - ok
01:05:12.0470 1288  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:05:12.0548 1288  RasAcd - ok
01:05:12.0611 1288  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:05:12.0689 1288  RasAgileVpn - ok
01:05:12.0720 1288  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:05:12.0813 1288  RasAuto - ok
01:05:12.0860 1288  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:05:12.0938 1288  Rasl2tp - ok
01:05:13.0001 1288  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:05:13.0079 1288  RasMan - ok
01:05:13.0125 1288  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:05:13.0219 1288  RasPppoe - ok
01:05:13.0235 1288  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:05:13.0313 1288  RasSstp - ok
01:05:13.0359 1288  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:05:13.0469 1288  rdbss - ok
01:05:13.0500 1288  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:05:13.0531 1288  rdpbus - ok
01:05:13.0562 1288  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:05:13.0656 1288  RDPCDD - ok
01:05:13.0671 1288  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:05:13.0765 1288  RDPENCDD - ok
01:05:13.0796 1288  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:05:13.0874 1288  RDPREFMP - ok
01:05:13.0937 1288  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:05:13.0999 1288  RDPWD - ok
01:05:14.0077 1288  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:05:14.0108 1288  rdyboost - ok
01:05:14.0139 1288  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:05:14.0233 1288  RemoteAccess - ok
01:05:14.0264 1288  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:05:14.0358 1288  RemoteRegistry - ok
01:05:14.0389 1288  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:05:14.0483 1288  RpcEptMapper - ok
01:05:14.0529 1288  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:05:14.0561 1288  RpcLocator - ok
01:05:14.0607 1288  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:05:14.0701 1288  RpcSs - ok
01:05:14.0748 1288  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:05:14.0857 1288  rspndr - ok
01:05:14.0919 1288  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
01:05:14.0951 1288  RSUSBSTOR - ok
01:05:14.0966 1288  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:05:14.0997 1288  SamSs - ok
01:05:15.0044 1288  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:05:15.0060 1288  sbp2port - ok
01:05:15.0107 1288  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:05:15.0185 1288  SCardSvr - ok
01:05:15.0231 1288  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:05:15.0309 1288  scfilter - ok
01:05:15.0372 1288  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:05:15.0497 1288  Schedule - ok
01:05:15.0543 1288  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:05:15.0606 1288  SCPolicySvc - ok
01:05:15.0621 1288  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:05:15.0668 1288  SDRSVC - ok
01:05:15.0793 1288  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
01:05:15.0809 1288  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
01:05:15.0809 1288  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
01:05:15.0855 1288  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:05:15.0965 1288  secdrv - ok
01:05:15.0996 1288  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:05:16.0074 1288  seclogon - ok
01:05:16.0121 1288  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
01:05:16.0199 1288  SENS - ok
01:05:16.0230 1288  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:05:16.0277 1288  SensrSvc - ok
01:05:16.0292 1288  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:05:16.0323 1288  Serenum - ok
01:05:16.0370 1288  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:05:16.0401 1288  Serial - ok
01:05:16.0448 1288  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:05:16.0495 1288  sermouse - ok
01:05:16.0557 1288  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:05:16.0651 1288  SessionEnv - ok
01:05:16.0682 1288  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:05:16.0729 1288  sffdisk - ok
01:05:16.0745 1288  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:05:16.0776 1288  sffp_mmc - ok
01:05:16.0791 1288  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:05:16.0823 1288  sffp_sd - ok
01:05:16.0869 1288  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:05:16.0901 1288  sfloppy - ok
01:05:16.0979 1288  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
01:05:17.0010 1288  Sftfs - ok
01:05:17.0072 1288  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:05:17.0103 1288  sftlist - ok
01:05:17.0150 1288  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:05:17.0181 1288  Sftplay - ok
01:05:17.0197 1288  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:05:17.0213 1288  Sftredir - ok
01:05:17.0244 1288  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
01:05:17.0259 1288  Sftvol - ok
01:05:17.0291 1288  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:05:17.0322 1288  sftvsa - ok
01:05:17.0369 1288  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:05:17.0462 1288  SharedAccess - ok
01:05:17.0509 1288  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:05:17.0618 1288  ShellHWDetection - ok
01:05:17.0665 1288  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:05:17.0696 1288  SiSRaid2 - ok
01:05:17.0712 1288  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:05:17.0743 1288  SiSRaid4 - ok
01:05:17.0837 1288  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
01:05:17.0868 1288  SkypeUpdate - ok
01:05:17.0915 1288  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:05:18.0008 1288  Smb - ok
01:05:18.0055 1288  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:05:18.0086 1288  SNMPTRAP - ok
01:05:18.0102 1288  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:05:18.0133 1288  spldr - ok
01:05:18.0180 1288  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:05:18.0242 1288  Spooler - ok
01:05:18.0351 1288  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:05:18.0523 1288  sppsvc - ok
01:05:18.0570 1288  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:05:18.0648 1288  sppuinotify - ok
01:05:18.0695 1288  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:05:18.0757 1288  srv - ok
01:05:18.0773 1288  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:05:18.0835 1288  srv2 - ok
01:05:18.0851 1288  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:05:18.0897 1288  srvnet - ok
01:05:18.0944 1288  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:05:19.0022 1288  SSDPSRV - ok
01:05:19.0038 1288  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:05:19.0116 1288  SstpSvc - ok
01:05:19.0163 1288  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:05:19.0178 1288  stexstor - ok
01:05:19.0241 1288  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:05:19.0303 1288  stisvc - ok
01:05:19.0350 1288  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:05:19.0365 1288  swenum - ok
01:05:19.0412 1288  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:05:19.0506 1288  swprv - ok
01:05:19.0568 1288  [ EF51B22706DB03F0857FADE127C804EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:05:19.0631 1288  SynTP - ok
01:05:19.0724 1288  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:05:19.0833 1288  SysMain - ok
01:05:19.0865 1288  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:05:19.0943 1288  TabletInputService - ok
01:05:19.0974 1288  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:05:20.0067 1288  TapiSrv - ok
01:05:20.0114 1288  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:05:20.0192 1288  TBS - ok
01:05:20.0270 1288  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:05:20.0364 1288  Tcpip - ok
01:05:20.0411 1288  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:05:20.0473 1288  TCPIP6 - ok
01:05:20.0520 1288  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:05:20.0551 1288  tcpipreg - ok
01:05:20.0582 1288  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:05:20.0676 1288  TDPIPE - ok
01:05:20.0707 1288  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:05:20.0754 1288  TDTCP - ok
01:05:20.0801 1288  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:05:20.0879 1288  tdx - ok
01:05:20.0910 1288  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:05:20.0941 1288  TermDD - ok
01:05:20.0972 1288  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:05:21.0066 1288  TermService - ok
01:05:21.0113 1288  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:05:21.0144 1288  Themes - ok
01:05:21.0191 1288  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:05:21.0269 1288  THREADORDER - ok
01:05:21.0347 1288  [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
01:05:21.0378 1288  TomTomHOMEService - ok
01:05:21.0425 1288  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:05:21.0518 1288  TrkWks - ok
01:05:21.0581 1288  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:05:21.0674 1288  TrustedInstaller - ok
01:05:21.0705 1288  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:05:21.0783 1288  tssecsrv - ok
01:05:21.0815 1288  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:05:21.0893 1288  TsUsbFlt - ok
01:05:21.0971 1288  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:05:22.0049 1288  tunnel - ok
01:05:22.0095 1288  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:05:22.0127 1288  uagp35 - ok
01:05:22.0142 1288  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
01:05:22.0173 1288  UBHelper - ok
01:05:22.0205 1288  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:05:22.0314 1288  udfs - ok
01:05:22.0376 1288  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:05:22.0423 1288  UI0Detect - ok
01:05:22.0454 1288  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:05:22.0470 1288  uliagpkx - ok
01:05:22.0532 1288  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:05:22.0563 1288  umbus - ok
01:05:22.0610 1288  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:05:22.0641 1288  UmPass - ok
01:05:22.0719 1288  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
01:05:22.0766 1288  Updater Service - ok
01:05:22.0829 1288  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:05:22.0969 1288  upnphost - ok
01:05:23.0000 1288  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:05:23.0031 1288  usbccgp - ok
01:05:23.0078 1288  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:05:23.0156 1288  usbcir - ok
01:05:23.0172 1288  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:05:23.0219 1288  usbehci - ok
01:05:23.0265 1288  [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
01:05:23.0281 1288  usbfilter - ok
01:05:23.0312 1288  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:05:23.0343 1288  usbhub - ok
01:05:23.0390 1288  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
01:05:23.0421 1288  usbohci - ok
01:05:23.0468 1288  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:05:23.0515 1288  usbprint - ok
01:05:23.0546 1288  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
01:05:23.0577 1288  usbscan - ok
01:05:23.0609 1288  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:05:23.0671 1288  USBSTOR - ok
01:05:23.0702 1288  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
01:05:23.0733 1288  usbuhci - ok
01:05:23.0796 1288  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
01:05:23.0843 1288  usbvideo - ok
01:05:23.0889 1288  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:05:23.0967 1288  UxSms - ok
01:05:23.0999 1288  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:05:24.0030 1288  VaultSvc - ok
01:05:24.0092 1288  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:05:24.0123 1288  vdrvroot - ok
01:05:24.0170 1288  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:05:24.0279 1288  vds - ok
01:05:24.0311 1288  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:05:24.0342 1288  vga - ok
01:05:24.0357 1288  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:05:24.0451 1288  VgaSave - ok
01:05:24.0498 1288  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:05:24.0545 1288  vhdmp - ok
01:05:24.0576 1288  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:05:24.0607 1288  viaide - ok
01:05:24.0623 1288  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:05:24.0654 1288  volmgr - ok
01:05:24.0701 1288  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:05:24.0732 1288  volmgrx - ok
01:05:24.0779 1288  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:05:24.0825 1288  volsnap - ok
01:05:24.0872 1288  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:05:24.0903 1288  vsmraid - ok
01:05:24.0966 1288  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:05:25.0091 1288  VSS - ok
01:05:25.0106 1288  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:05:25.0153 1288  vwifibus - ok
01:05:25.0184 1288  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:05:25.0231 1288  vwififlt - ok
01:05:25.0278 1288  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:05:25.0387 1288  W32Time - ok
01:05:25.0434 1288  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:05:25.0465 1288  WacomPen - ok
01:05:25.0527 1288  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:05:25.0605 1288  WANARP - ok
01:05:25.0605 1288  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:05:25.0683 1288  Wanarpv6 - ok
01:05:25.0746 1288  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:05:25.0839 1288  wbengine - ok
01:05:25.0886 1288  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:05:25.0949 1288  WbioSrvc - ok
01:05:25.0995 1288  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:05:26.0042 1288  wcncsvc - ok
01:05:26.0073 1288  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:05:26.0120 1288  WcsPlugInService - ok
01:05:26.0167 1288  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:05:26.0183 1288  Wd - ok
01:05:26.0245 1288  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:05:26.0307 1288  Wdf01000 - ok
01:05:26.0354 1288  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:05:26.0432 1288  WdiServiceHost - ok
01:05:26.0432 1288  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:05:26.0479 1288  WdiSystemHost - ok
01:05:26.0526 1288  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:05:26.0573 1288  WebClient - ok
01:05:26.0619 1288  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:05:26.0713 1288  Wecsvc - ok
01:05:26.0729 1288  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:05:26.0807 1288  wercplsupport - ok
01:05:26.0822 1288  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:05:26.0900 1288  WerSvc - ok
01:05:26.0947 1288  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:05:27.0025 1288  WfpLwf - ok
01:05:27.0056 1288  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:05:27.0087 1288  WIMMount - ok
01:05:27.0119 1288  WinDefend - ok
01:05:27.0119 1288  WinHttpAutoProxySvc - ok
01:05:27.0212 1288  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:05:27.0290 1288  Winmgmt - ok
01:05:27.0384 1288  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:05:27.0509 1288  WinRM - ok
01:05:27.0587 1288  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:05:27.0633 1288  WinUsb - ok
01:05:27.0680 1288  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:05:27.0743 1288  Wlansvc - ok
01:05:27.0805 1288  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:05:27.0836 1288  wlcrasvc - ok
01:05:27.0961 1288  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:05:28.0055 1288  wlidsvc - ok
01:05:28.0101 1288  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:05:28.0133 1288  WmiAcpi - ok
01:05:28.0179 1288  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:05:28.0226 1288  wmiApSrv - ok
01:05:28.0257 1288  WMPNetworkSvc - ok
01:05:28.0304 1288  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:05:28.0351 1288  WPCSvc - ok
01:05:28.0382 1288  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:05:28.0491 1288  WPDBusEnum - ok
01:05:28.0538 1288  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:05:28.0616 1288  ws2ifsl - ok
01:05:28.0679 1288  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
01:05:28.0725 1288  wscsvc - ok
01:05:28.0725 1288  WSearch - ok
01:05:28.0835 1288  [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService      C:\Program Files (x86)\XSManager\WTGService.exe
01:05:28.0866 1288  WTGService - ok
01:05:28.0975 1288  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:05:29.0084 1288  wuauserv - ok
01:05:29.0131 1288  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:05:29.0178 1288  WudfPf - ok
01:05:29.0209 1288  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:05:29.0240 1288  WUDFRd - ok
01:05:29.0287 1288  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:05:29.0334 1288  wudfsvc - ok
01:05:29.0365 1288  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:05:29.0443 1288  WwanSvc - ok
01:05:29.0505 1288  [ 1EA18D9ADA8FE282D7B5822F1BD05E8F ] XS Stick Service C:\Windows\service4g.exe
01:05:29.0521 1288  XS Stick Service - ok
01:05:29.0537 1288  ================ Scan global ===============================
01:05:29.0583 1288  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:05:29.0630 1288  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:05:29.0646 1288  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:05:29.0693 1288  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:05:29.0739 1288  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:05:29.0739 1288  [Global] - ok
01:05:29.0739 1288  ================ Scan MBR ==================================
01:05:29.0771 1288  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:05:30.0847 1288  \Device\Harddisk0\DR0 - ok
01:05:30.0847 1288  ================ Scan VBR ==================================
01:05:30.0878 1288  [ 9460FE28809EDF7D19847A35F600938C ] \Device\Harddisk0\DR0\Partition1
01:05:30.0894 1288  \Device\Harddisk0\DR0\Partition1 - ok
01:05:30.0909 1288  [ 9AFE4A64667342448CB3130EEFE84CD4 ] \Device\Harddisk0\DR0\Partition2
01:05:30.0909 1288  \Device\Harddisk0\DR0\Partition2 - ok
01:05:30.0909 1288  ============================================================
01:05:30.0909 1288  Scan finished
01:05:30.0909 1288  ============================================================
01:05:30.0941 3764  Detected object count: 3
01:05:30.0941 3764  Actual detected object count: 3
01:05:40.0410 3764  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:40.0410 3764  EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:05:40.0425 3764  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:40.0425 3764  EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:05:40.0425 3764  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:40.0425 3764  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Danke für deine Hilfe, werde Morgen noch mal reinschauen...

Alt 18.05.2013, 00:30   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.05.2013, 14:57   #13
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Hier die Ergebnisse:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Luce on 18.05.2013 at  8:33:19,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\babylonhelper.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontc_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\dvdvideosofttbtoolbarhelper_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\dvdvideosofttbtoolbarhelper_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2CF7D4B0-98F6-4197-8F5D-17183644E44F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] C:\Windows\syswow64\sho11C1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1366.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1B04.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1F18.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2232.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho24EF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho269B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho28DA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2B79.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2B86.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3066.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3849.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3C45.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho40A1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho45B7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4AF8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4DE4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho52D2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho53E6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho56FA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6224.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6682.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6887.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho69AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6DE1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho71B8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho73A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho73C7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho756D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho781.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7D6E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7F02.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8378.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8A86.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8AC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8E8C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho90FC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho910D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho95CE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9CAB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9CFD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9DDA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9E05.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9E1D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA31D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA3A5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA7D4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD16.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD76.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAFE1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB263.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB27A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB432.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB5AF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBB59.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBC62.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBD9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBE8F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBF8D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBFA3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC1EB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC470.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC544.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC685.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC9A8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC9C7.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCA55.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCB03.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCE2B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD5A5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD61.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD8E0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD984.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDD56.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDFA5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE9A6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEA05.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEA94.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE6D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE97.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEF04.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF0A9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF596.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFE27.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFE6F.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Luce\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\local\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\locallow\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\dvdvideosofttb"
Failed to delete: [Folder] "C:\Program Files (x86)\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{018E9319-600B-41FC-BB4E-FED29EC553ED}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{0B94E47C-323B-45C7-80F5-9E15A4AB1812}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{1CB974A3-D4BE-433C-A81F-97A0BA327AAD}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{21777FE1-FC31-4F1E-8C6B-2D983394E0DD}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{26DB5635-96C6-4E72-A8C2-F78D115BBBF9}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{2D836991-76E3-4D38-A0A1-A357D442DA9D}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{337457EF-C528-4D28-92D5-6308DDCD4AD4}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{36AD64C5-C8B9-421F-9467-51474289A966}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{4781E84F-D5C7-408C-826D-7466E22E7CB2}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{4932679E-DE70-4A96-9534-3216CA4B7198}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{4D32B78C-7BC6-4910-AE7D-55E4C1DFCA69}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{521B1388-F1C7-47E3-A193-FA80A5691EE3}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{5616342F-33A9-4810-8760-028E6C2B2F12}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{5F70E741-DC5A-40F0-BE06-D99F8CC47D27}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{611B6132-E912-47C8-9C5A-6D0B317F9265}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{65DCD903-5722-48EB-9498-DF782D8DF52A}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6912781F-76CA-4BA1-9D35-14ED1A8B641D}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6926451D-9B17-4319-A398-72CAD38615A0}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6B3549BE-56C9-4922-95F0-CD01178F7059}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6F22D6FC-C5C5-400C-9CEC-D05773D9767A}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{85E63797-6322-4C4D-B0D9-D638A6F41EA0}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{9ABCF9DB-87D4-48A8-9EE9-1A6D68A14858}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{A12432FA-8FEC-4999-9854-267CD31733F0}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{AD47AFA3-4945-4306-8424-C385AEF3C65B}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{ADAF568F-846C-4227-8572-06FBF3F93A4C}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{DAA7D28B-8D8D-4345-9776-1C268E483BCF}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{DBB2921B-DDE5-4879-BCFE-46D6D4F47D4B}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{E1988F9D-1CE0-4180-B96D-0A3F3378CF83}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{E788DB26-99DE-48F9-8A76-50F85BDB2FFB}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{F0186589-E3F8-4381-9461-4D443BF07E5D}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{F1BC8F98-747E-4E39-92B9-CD8E34050C20}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\user.js
Successfully deleted: [File] "C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\DivXWebPlayer@divx.com.xpi" 
Successfully deleted: [File] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\askcomsearch.xml
Successfully deleted: [File] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\winamptoolbardata
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\toolbar@ask.com
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Successfully deleted the following from C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\prefs.js

user_pref("CT2269050..clientLogIsEnabled", false);
user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
user_pref("CT2269050.CTID", "CT2269050");
user_pref("CT2269050.CurrentServerDate", "18-5-2013");
user_pref("CT2269050.DSChangedManually", false);
user_pref("CT2269050.DSInstall", true);
user_pref("CT2269050.DSProtectChoice", true);
user_pref("CT2269050.DSProtectCount", 2);
user_pref("CT2269050.DialogsAlignMode", "LTR");
user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun May 12 2013 18:33:21 GMT+0200");
user_pref("CT2269050.DownloadReferralCookieData", "");
user_pref("CT2269050.EMailNotifierPollDate", "Wed Feb 08 2012 22:12:43 GMT+0100");
user_pref("CT2269050.FirstServerDate", "8-2-2012");
user_pref("CT2269050.FirstTime", true);
user_pref("CT2269050.FirstTimeFF3", true);
user_pref("CT2269050.FixPageNotFoundErrors", true);
user_pref("CT2269050.GroupingServerCheckInterval", 1440);
user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2269050.HPInstall", true);
user_pref("CT2269050.HasUserGlobalKeys", true);
user_pref("CT2269050.HomePageProtectorEnabled", true);
user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
user_pref("CT2269050.Initialize", true);
user_pref("CT2269050.InitializeCommonPrefs", true);
user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
user_pref("CT2269050.InstallationType", "UnknownIntegration");
user_pref("CT2269050.InstalledDate", "Wed Feb 08 2012 16:41:30 GMT+0100");
user_pref("CT2269050.InvalidateCache", false);
user_pref("CT2269050.IsAlertDBUpdated", true);
user_pref("CT2269050.IsGrouping", false);
user_pref("CT2269050.IsInitSetupIni", true);
user_pref("CT2269050.IsMulticommunity", false);
user_pref("CT2269050.IsOpenThankYouPage", false);
user_pref("CT2269050.IsOpenUninstallPage", false);
user_pref("CT2269050.IsProtectorsInit", true);
user_pref("CT2269050.LanguagePackLastCheckTime", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 13:12:57 GMT+0200");
user_pref("CT2269050.LastLogin_3.12.2.3", "Tue May 29 2012 17:24:16 GMT+0200");
user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 08:27:56 GMT+0200");
user_pref("CT2269050.LastLogin_3.14.1.0", "Wed Aug 22 2012 16:43:09 GMT+0200");
user_pref("CT2269050.LastLogin_3.15.1.0", "Fri Nov 09 2012 20:34:28 GMT+0100");
user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Feb 08 2013 17:56:31 GMT+0100");
user_pref("CT2269050.LastLogin_3.16.0.3", "Tue Jan 01 2013 11:14:12 GMT+0100");
user_pref("CT2269050.LastLogin_3.18.0.7", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.LastLogin_3.9.0.3", "Wed Feb 08 2012 19:09:53 GMT+0100");
user_pref("CT2269050.LatestVersion", "3.18.0.7");
user_pref("CT2269050.Locale", "en");
user_pref("CT2269050.MCDetectTooltipHeight", "83");
user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2269050.MCDetectTooltipWidth", "295");
user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
user_pref("CT2269050.OriginalFirstVersion", "3.9.0.3");
user_pref("CT2269050.RadioIsPodcast", false);
user_pref("CT2269050.RadioLastCheckTime", "Wed Feb 08 2012 19:09:55 GMT+0100");
user_pref("CT2269050.RadioLastUpdateIPServer", "3");
user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
user_pref("CT2269050.RadioMediaID", "12473383");
user_pref("CT2269050.RadioMediaType", "Media Player");
user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
user_pref("CT2269050.RadioShrinkedFromSetup", false);
user_pref("CT2269050.RadioStationName", "Hotmix%20108");
user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
user_pref("CT2269050.SavedHomepage", "www.google.de");
user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
user_pref("CT2269050.SearchFromAddressBarIsInit", true);
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("CT2269050.SearchInNewTabEnabled", true);
user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat May 18 2013 00:58:32 GMT+0200");
user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2269050.SearchProtectorEnabled", true);
user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
user_pref("CT2269050.SendProtectorDataViaLogin", true);
user_pref("CT2269050.ServiceMapLastCheckTime", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.SettingsLastCheckTime", "Sat May 18 2013 00:58:31 GMT+0200");
user_pref("CT2269050.SettingsLastUpdate", "1368778346");
user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Feb 08 2012 19:09:45 GMT+0100");
user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2269050.UserID", "UN70149169439389110");
user_pref("CT2269050.ValidationData_Toolbar", 1);
user_pref("CT2269050.WeatherNetwork", "");
user_pref("CT2269050.WeatherPollDate", "Wed Feb 08 2012 22:10:43 GMT+0100");
user_pref("CT2269050.WeatherUnit", "C");
user_pref("CT2269050.alertChannelId", "666138");
user_pref("CT2269050.autoDisableScopes", -1);
user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B
user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B
user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6D6D6C7375757770");
user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737372797B7B7D76242F4B49474F42357D5D5C3D");
user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#oqq;igi+vkn", "247E61393F236B25737471722A212C6E414F444D327A344352574757532F5B5D5D475553553762575A473E492C58545E6A4F385143
user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563
user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D305C5D66523B544356
user_pref("CT2269050.backendstorage./9b+7e31;cjdjihl@af%peh", "247E61393F236B25767172727A2B222D6F4250454E337B3551575655594D4E53325D52554239442753545D49324B3C3B4E45506261657161
user_pref("CT2269050.backendstorage./9b+7e31;cjh<=bik#cm?", "247E61393F236B2576727072762B222D6F4250454E337B3555494A4F565830505A4C403742256265534730493B364C434E315D5E67533C5546
user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C55445
user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A395148536775636367757567
user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F
user_pref("CT2269050.backendstorage./9b-0?3g>d", "3E686D6C6F6E72737A4445497A2079797C7D2550217B202A522954252456275C5E2A2F5C");
user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6D686C716D4141727A6F77797B4A7D7C4E4A22504D");
user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6D6C7375757775707173");
user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5475652041756720323820323031322031303A32313A343320474D542B30323030");
user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Wed Feb 08 2012 16:41:33 GMT+0100");
user_pref("CT2269050.homepageProtectorEnableByLogin", true);
user_pref("CT2269050.initDone", true);
user_pref("CT2269050.isAppTrackingManagerOn", false);
user_pref("CT2269050.isFirstRadioInstallation", false);
user_pref("CT2269050.myStuffEnabled", true);
user_pref("CT2269050.myStuffPublihserMinWidth", 400);
user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2269050.revertSettingsEnabled", true);
user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
user_pref("CT2269050.searchProtectorEnableByLogin", true);
user_pref("CT2269050.testingCtid", "");
user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Wed Feb 08 2012 19:09:56 GMT+0100");
user_pref("CT2269050.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"86bdb693acb13a9f35c7cc500b9194933\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1365594729\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"6341c50648fd59897cde84cfa3927631\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"073e33a707e0305bf15c11c5bbb33921\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e3705148d1ef9c9f4723c1a1d66a8544\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Luce\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\s9f7e1rr.default\\conduitCommon\\modules\\3.9.0.3");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_135908ca", "356x332");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?AF=100581&babsrc=adbartrp&mntrId=ee02c25700000000000018f46ab4bb9b&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
user_pref("CommunityToolbar.globalUserId", "da11ca15-f246-4e14-8afe-c5a215a8f4d0");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Feb 08 2012 16:41:33 GMT+0100");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Feb 08 2012 20:09:56 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Feb 08 2012 19:09:53 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "44bbed8f-e807-4048-aa11-4762df4d72d5");
user_pref("CommunityToolbar.originalHomepage", "www.google.de");
user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
user_pref("aol_toolbar.surf.date", "63");
user_pref("aol_toolbar.surf.lastDate", "8");
user_pref("aol_toolbar.surf.lastMonth", "10");
user_pref("aol_toolbar.surf.lastYear", "2011");
user_pref("aol_toolbar.surf.month", "642");
user_pref("aol_toolbar.surf.prevMonth", "3933");
user_pref("aol_toolbar.surf.total", "5459");
user_pref("aol_toolbar.surf.week", "259");
user_pref("aol_toolbar.surf.year", "5415");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultengine", "Ask.com Search");
user_pref("browser.search.defaultenginename", "Ask.com Search");
user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com Search");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babclient");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=100581");
user_pref("extensions.BabylonToolbar.bbDpng", 1);
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "ee02c25700000000000018f46ab4bb9b");
user_pref("extensions.BabylonToolbar.instlDay", "15335");
user_pref("extensions.BabylonToolbar.instlRef", "std");
user_pref("extensions.BabylonToolbar.lastDP", 1);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:22:47");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 69175963);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "def");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:22:47");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100581");
user_pref("extensions.BabylonToolbar_i.hardId", "ee02c25700000000000018f46ab4bb9b");
user_pref("extensions.BabylonToolbar_i.id", "ee02c25700000000000018f46ab4bb9b");
user_pref("extensions.BabylonToolbar_i.instlDay", "15335");
user_pref("extensions.BabylonToolbar_i.instlRef", "std");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100581&babsrc=NT_def");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "def");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:22:47");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.asktb.cbid", "N9");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.o", "15418");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("winamp_toolbar.search.searchtype", "web");
Emptied folder: C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\minidumps [143 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2013 at  8:43:22,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und Nummer 2:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 18/05/2013 um 10:52:47 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Luce - YT-1300
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Luce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DKQKLVB\adwcleaner[1].exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SearchAnonymizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\searchplugins\aol-web-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Users\Luce\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Luce\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Luce\AppData\Roaming\OCS
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A84F2BD-FB5D-43F0-8FC7-849288CF3411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95185A4D-A42E-4EF6-8500-1EFD7716B358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\prefs.js

Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e37[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Luce\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("extensions.enabledAddons", "coralietab%40mozdev.org:2.04.20110724,DivXWebPlayer%40divx.co[...]
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.guid", "{461D4411-5EE9-3508-0C09-2FD90FC17DD3}");
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "8");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "10");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "19");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "22");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "1");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "9");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "44");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1320790840294");
Gelöscht : user_pref("winamp_toolbar.search.cid", "26-10-2011");
Gelöscht : user_pref("winamp_toolbar.search.instd", "20110919190237652");
Gelöscht : user_pref("winamp_toolbar.search.oid", "19-09-2011");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Gelöscht : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.volume", "255");

*************************

AdwCleaner[S1].txt - [16566 octets] - [18/05/2013 10:52:47]

########## EOF - C:\AdwCleaner[S1].txt - [16627 octets] ##########
         
und Nummer 3:
Code:
ATTFilter
OTL logfile created on: 18.05.2013 15:14:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Luce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 48,00% Memory free
3,46 Gb Paging File | 1,96 Gb Available in Paging File | 56,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 153,53 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
 
Computer Name: YT-1300 | User Name: Luce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Luce\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Luce\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.2.229\Blingext.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{272AF676-4FC8-4411-9A88-53E0284062AA}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{59F72305-D7D4-4FB8-8E0D-86D3D1FE0458}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{8C988AA4-9F3C-4655-9A3F-D69BDC73C493}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{C2D10C7C-9EFC-4EEE-A0FA-DC02D20BE874}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{D8E47FF5-9649-4EFB-A5FB-605F981F176C}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{E767EB1A-C9D2-4EBB-88ED-1DF3AFDFCF63}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/deu/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.04.10 21:35:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 08:39:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\mail@gutscheinrausch.de
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 08:39:04 | 000,000,000 | ---D | M]
 
[2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions
[2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.05.18 08:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions
[2013.01.27 14:28:35 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.10.26 20:03:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\coralietab@mozdev.org
[2013.05.12 18:41:05 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\client@anonymox.net.xpi
[2013.05.01 08:52:20 | 000,052,496 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\googledictionary@toptip.ca.xpi
[2013.05.17 20:37:05 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\toolbar@gmx.net.xpi
[2013.05.05 18:54:11 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.12 18:41:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.17 20:37:16 | 000,002,418 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\englische-ergebnisse.xml
[2013.05.17 20:37:15 | 000,010,701 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\gmx-suche.xml
[2013.05.17 20:37:15 | 000,002,432 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\lastminute.xml
[2012.01.23 16:18:50 | 000,002,135 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\s-amazon-de.xml
[2013.05.17 20:37:15 | 000,005,682 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\webde-suche.xml
[2011.12.27 16:41:40 | 000,002,188 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{78A017D2-2C0C-4D63-8BA0-48393A677264}.xml
[2011.12.27 16:41:40 | 000,001,870 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{CEE89566-97A4-46CF-9E1A-AEA28779ADDD}.xml
[2011.12.27 16:41:40 | 000,002,077 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{F86E7D4D-E70E-4EB3-8508-824D16B0D899}.xml
[2013.04.13 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.13 08:07:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.10 21:35:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\LUCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9F7E1RR.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\LUCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9F7E1RR.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2013.04.13 08:07:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.25 14:48:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 07:13:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.25 14:48:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.25 14:48:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.16 13:17:38 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.04.25 14:48:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.25 14:48:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.17 18:34:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.18 10:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.05.18 08:32:27 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Luce\Desktop\JRT.exe
[2013.05.18 00:18:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Luce\Desktop\aswMBR.exe
[2013.05.17 23:44:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.17 18:21:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.17 13:00:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 13:00:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 13:00:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 12:59:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 12:59:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.17 12:57:30 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Luce\Desktop\ComboFix.exe
[2013.05.16 22:17:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe
[2013.05.16 21:57:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe
[2013.05.16 18:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.16 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Luce\Desktop\mbar-1.05.0.1001
[2013.05.16 18:16:24 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 18:16:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 18:16:01 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 18:16:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 18:15:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 18:15:59 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 18:14:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.16 18:14:08 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll
[2013.05.16 18:13:41 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 18:13:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 18:13:36 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 18:13:36 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 18:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 18:13:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 18:13:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 18:12:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.16 18:12:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.12 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EE08215D7633C2570000EE073359C5DA
[2013.05.12 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.08 16:25:04 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.18 15:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.18 15:11:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.18 15:11:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.18 11:02:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.18 11:02:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.18 10:55:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.18 10:54:42 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.18 08:32:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Luce\Desktop\JRT.exe
[2013.05.18 00:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Luce\Desktop\MBR.dat
[2013.05.18 00:18:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Luce\Desktop\aswMBR.exe
[2013.05.17 18:34:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.17 12:57:52 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Luce\Desktop\ComboFix.exe
[2013.05.17 09:39:49 | 000,179,554 | ---- | M] () -- C:\Users\Luce\Desktop\Unbenannt.PNG
[2013.05.17 09:25:30 | 000,428,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 23:39:01 | 001,535,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 23:39:01 | 000,659,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 23:39:01 | 000,620,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 23:39:01 | 000,132,970 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 23:39:01 | 000,108,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.16 22:38:00 | 000,377,856 | ---- | M] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe
[2013.05.16 22:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe
[2013.05.16 22:14:57 | 000,000,000 | ---- | M] () -- C:\Users\Luce\defogger_reenable
[2013.05.16 22:14:04 | 000,050,477 | ---- | M] () -- C:\Users\Luce\Desktop\Defogger.exe
[2013.05.16 21:58:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe
[2013.05.16 19:14:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.16 19:14:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.16 18:25:42 | 012,917,756 | ---- | M] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 22:09:12 | 000,002,052 | ---- | M] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk
[2013.05.08 16:24:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.17 13:00:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 13:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 13:00:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 13:00:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 13:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.17 09:39:48 | 000,179,554 | ---- | C] () -- C:\Users\Luce\Desktop\Unbenannt.PNG
[2013.05.16 22:37:31 | 000,377,856 | ---- | C] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe
[2013.05.16 22:14:57 | 000,000,000 | ---- | C] () -- C:\Users\Luce\defogger_reenable
[2013.05.16 22:13:55 | 000,050,477 | ---- | C] () -- C:\Users\Luce\Desktop\Defogger.exe
[2013.05.16 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Luce\Desktop\MBR.dat
[2013.05.16 18:25:25 | 012,917,756 | ---- | C] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 19:26:32 | 000,002,052 | ---- | C] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk
[2013.03.26 09:36:34 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.03.17 16:52:14 | 000,049,518 | ---- | C] () -- C:\Users\Luce\autoruns.chm
[2012.01.03 13:59:22 | 000,008,192 | ---- | C] () -- C:\Users\Luce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.27 16:41:34 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.27 16:16:11 | 1242,169,276 | ---- | C] () -- C:\Users\Luce\marco4.ps
[2011.12.27 13:37:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.12.27 13:23:34 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.11.30 15:11:01 | 000,000,032 | ---- | C] () -- C:\Users\Luce\.simfy
[2011.10.26 15:52:10 | 000,000,001 | R--- | C] () -- C:\Users\Luce\serverport
[2011.08.08 09:34:28 | 000,017,408 | ---- | C] () -- C:\Users\Luce\AppData\Local\WebpageIcons.db
[2011.06.18 17:19:43 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.06.18 17:19:42 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         

Alt 18.05.2013, 14:59   #14
MelanieT
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



...und Nummer 4:
Code:
ATTFilter
OTL Extras logfile created on: 18.05.2013 15:14:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Luce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 48,00% Memory free
3,46 Gb Paging File | 1,96 Gb Available in Paging File | 56,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 153,53 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
 
Computer Name: YT-1300 | User Name: Luce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FBB058-41B1-4D30-8ABB-F3284EE48D95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{075DF398-5318-4B1E-A2FE-5C79D4DF42F9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{10E27EB7-6161-4D6E-BA9F-3D5969BE551E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{12088797-7E61-4EE1-B01D-0BE60C686C26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{135D49FE-07B0-4A51-8357-D3D9B195BA48}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1A7B8D84-9F32-4BE7-B2A3-AF0AA26AC10C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{260B41E2-5775-40B1-9555-D241E4D9049D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{280143F3-0F86-4140-928C-C98C41377741}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{328E7709-3997-4F8F-9098-185DAB00F9FE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{386C7703-164D-44C5-9370-52A960F019B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F16AE05-A8D3-42E9-897E-1A05C823F22A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40D689FD-C12E-4804-9218-5322F2961352}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{45245B26-FF1B-464D-9135-23D5C58598CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{45F93B99-C87B-4384-A06B-E8B2511301AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5139722C-A926-480D-BAF9-03F7F296DF6C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5688B20F-386F-4A2A-B838-45E5A5605A23}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{753BED9C-9BCE-41CB-896F-9AB774131C52}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7E930AAB-4C8B-4DF1-A89D-B70EAD4AEA8B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{827089C8-A4B7-45B8-B049-39A8EF45BADE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8E9119D4-AE16-4CAF-9831-EB5F358E6F3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{972D1F6C-EF1E-480C-9023-807F0F0A3A3C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE4EC8A4-81DE-4C34-A29D-F27C6DE255E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AFC484DB-2042-46AF-A764-0E959ACF74D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B05C1DFC-3E6E-411B-90E2-628E5B2E2F14}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CEEDA6C3-6E2C-41AF-A6EC-EA6066487636}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E011E995-817D-47E2-84A4-AAAABD06CB5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001DF5A7-B10C-4996-AE9E-65E33ED6FE5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{02708B69-9749-4A9A-A100-F8AEE0067B9D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{03CE7EE7-0513-4115-97FB-E8A091116306}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 
"{0602840D-99E8-4C7B-90F3-4D95228C029F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{14387C9B-8F30-4E92-9186-C8D2D490C9ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{152BF173-3251-4E4F-ACE7-1D55EBAC42DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A836415-B088-4A9A-B0AD-796CA10422B5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1ACAD6FB-0646-4481-88A9-34AF578BF921}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1EAEA3D8-2731-4D12-B4AE-8C18041BEE21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{219216A1-1152-419B-B153-4AE6BC70C840}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{287F06A7-481E-4211-9E8A-2E84C1A3E51B}" = protocol=6 | dir=out | app=system | 
"{2D3F7DE0-CD84-46A9-A411-E85832176CB7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | 
"{32EA872F-6E49-4505-9191-A2CC1D411A5D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{359E63D8-4D66-4444-9557-77148CCA3340}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{35DD51C2-E821-49C4-8383-7A219898D3E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{37DEC0F3-9E4C-4924-BB49-D25675E2B3B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{3B501F12-996E-45E2-8B98-E52D5A8DDF12}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{4413A50A-299F-49A0-B987-36DE5430B7D6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 
"{47C1698F-4DA9-4991-B630-97389316C392}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{48D31277-FD3F-44C8-BCD7-652E2DF75F65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{49B3C51A-59B5-4AFD-A98D-6C598D84A99C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | 
"{4A01B0DD-BC99-423E-B120-9D7D53421A3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B599239-B6B3-4F21-A6A1-8C009D92022C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{6B7A9267-5E50-4919-A9E2-C7C875057B6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71F4957C-1A6B-4C9C-B76D-220CDC61D406}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7FF5C60A-C1FD-4B7C-B6EE-2147264D0128}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{85C24DA7-D44B-476E-8861-C24E54EB821F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{85D73552-AF7D-4FE8-9D57-B2E0CDD75F11}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{87C95F51-A8AA-45F0-88CD-8464CA70157D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{95EF29B2-5367-4D53-B3F5-5BE2EAC9AA63}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{99C24BD7-2CEF-4E78-A180-8C920A6743F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB66FCB6-79F8-457E-802C-0668E388522E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B873CE48-65A8-4E5F-8B33-ECEE63BEF0F1}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{BB5969A5-1EAE-47E4-A6D8-681A543E330F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD178AA6-DB90-427F-95E8-63EC35DFDD58}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{CE33F4B5-45E6-4F6B-921B-B45A1ACE0CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{D161598E-A019-4784-B5F4-57CD7D244B2D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D2540DF6-968E-469D-B5C1-116BD05AB0FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4FC5CB9-E62A-4856-AC94-B3A61BCADA0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F50EFA52-EFB3-468C-9D87-A3E9A5A7CEBE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F8B9EE24-33F1-491D-8A69-301F02508286}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | 
"{F9AE677E-5814-4EDC-8A16-89FEB14A8833}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FB766703-783E-4972-A46C-FCD08DB428F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{153276F3-FA4E-4EA2-9006-E0D28469C026}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{3C766BDF-101C-496F-A16C-BBCBBE447DFB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{63C3C954-B9CB-4C55-B235-059783C602C8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{86763842-CB05-4FDB-BFDD-C2E2984213F9}C:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"TCP Query User{F5624B1B-DCF4-4E11-AA80-1A098D983408}C:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat | 
"UDP Query User{09979D8C-190B-42C6-87F8-DBB7787C933B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{2B65228E-8D82-4F50-B002-0137E57E2B90}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{2FDEFDA5-8D45-47F8-B682-3F71FE2F5EC7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{530B37B8-DEE3-4B58-99CC-E263A86A7526}C:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat | 
"UDP Query User{A27A23A8-B52A-4B56-8278-85883B91611C}C:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{3F7C54EA-F59C-45DD-BA93-AD1E084A9550}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager
"{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64
"{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON BX310FN Series" = Druckerdeinstallation für EPSON BX310FN Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC0F900C-C7D6-76C4-98E9-095986BA5378}" = simfy
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArtMoney SE_is1" = ArtMoney SE v7.38
"AudibleManager" = AudibleManager
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Civitas3" = Grand Ages Rome 1.11
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.70
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein Heim 3D V3" = Mein Heim 3D V3
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"S2TNG" = Die Siedler II - Die nächste Generation
"Simfy" = simfy
"SopCast" = SopCast 3.4.8
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 03.12.2012 11:33:25 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18372
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 15.12.2012 17:00:00 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 37
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2012 15:13:50 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 160
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2013 15:28:05 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 88611
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 08.02.2013 13:31:23 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2048
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.03.2013 15:35:33 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.04.2013 15:27:41 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 399
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2013 01:33:19 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 462
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2013 01:35:51 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 142
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2013 01:36:39 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.05.2013 04:50:13 | Computer Name = YT-1300 | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Alt 19.05.2013, 02:34   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Care Antivirus kann nicht entfernt werden - Standard

System Care Antivirus kann nicht entfernt werden



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4 - HKLM..\Run: []  File not found
FF - user.js - File not found
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
[2013.05.16 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Luce\Desktop\MBR.dat
[2013.05.16 18:25:25 | 012,917,756 | ---- | C] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 19:26:32 | 000,002,052 | ---- | C] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk
[2013.05.16 22:37:31 | 000,377,856 | ---- | C] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe
[2013.05.18 08:32:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Luce\Desktop\JRT.exe
[2013.05.18 00:18:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Luce\Desktop\aswMBR.exe
[2013.05.12 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EE08215D7633C2570000EE073359C5DA
[2013.05.12 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.16 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Luce\Desktop\mbar-1.05.0.1001
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{272AF676-4FC8-4411-9A88-53E0284062AA}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{59F72305-D7D4-4FB8-8E0D-86D3D1FE0458}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{8C988AA4-9F3C-4655-9A3F-D69BDC73C493}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{C2D10C7C-9EFC-4EEE-A0FA-DC02D20BE874}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{D8E47FF5-9649-4EFB-A5FB-605F981F176C}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{E767EB1A-C9D2-4EBB-88ED-1DF3AFDFCF63}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/deu/"
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu System Care Antivirus kann nicht entfernt werden
administrator, antivirus, aswmbr, avast, avira, bingbar, browser, classpnp.sys, computer, desktop, dxgkrnl, explorer, file, firefox, fontcache, google, hal.dll, internet, internet explorer, langsam, log file, monitor, policyagent, programm, recycle.bin, registry, security, server, siteadvisor, system, system care, temp, trustedinstaller, tunnel, warnmeldungen, wlansvc, wmp, wsearch



Ähnliche Themen: System Care Antivirus kann nicht entfernt werden


  1. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (22)
  2. System Care Antivirus - wie kann ich es entfernen?
    Log-Analyse und Auswertung - 09.09.2013 (15)
  3. System care antivirus entfernt - PC sicher und sauber?
    Log-Analyse und Auswertung - 28.08.2013 (4)
  4. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (25)
  5. System Care Antivirus auf PC
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (10)
  6. System Care Antivirus entfernt? Fehler bei Defogger
    Log-Analyse und Auswertung - 10.07.2013 (15)
  7. System Care Antivirus: Infektion behoben oder nicht? Zusammenhang mit Online-Banking?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  8. System Care Antivirus wirklich komplett entfernt?
    Log-Analyse und Auswertung - 06.07.2013 (9)
  9. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (15)
  10. System Care Antivirus - erfolgreich entfernt?
    Log-Analyse und Auswertung - 28.06.2013 (9)
  11. System Care Antivirus-OTL Log
    Log-Analyse und Auswertung - 31.05.2013 (15)
  12. System Care Antivirus wird nicht von Avira erkannt
    Log-Analyse und Auswertung - 28.05.2013 (10)
  13. System Care Antivirus im abgesicherten Modus entfernt- Backdoor noch da?
    Log-Analyse und Auswertung - 22.05.2013 (19)
  14. System Care Antivirus mit Spyhunter entfernt - reicht das?
    Log-Analyse und Auswertung - 07.05.2013 (3)
  15. System Care Antivirus Win XP
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (11)
  16. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (1)
  17. stolen.data virus system 32 xmldm kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (23)

Zum Thema System Care Antivirus kann nicht entfernt werden - Hallo! Mein Mann hat sich auf seinem Laptop dieses Fake-Anti-Virenprogramm eingefangen, welches ständig Warnmeldungen aufblinken lässt. Des Weiteren funktioniert firefox nur langsam oder gar nicht mehr. Deswegen benutze ich den - System Care Antivirus kann nicht entfernt werden...
Archiv
Du betrachtest: System Care Antivirus kann nicht entfernt werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.