Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Dropper.gen gefunden was nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.05.2013, 22:21   #1
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Guten Abend liebe Helfer,

der Echtzeitscanner von AVIRA hat die Datei TR/Dropper.gen bei mir auf dem System gefunden!
Was kann ich nun machen damit dieser Trojaner ordnungsgemäß entfernt wird. Bitte um eure Hilfe! Danke im voraus.

Unten habe ich die Logdateien angehangen.

Code:
ATTFilter
27.05.2013 19:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files (x86)\Internet Explorer\ielowutil.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dominic :: DOMINIC-PC [Administrator]

27.05.2013 21:59:48
mbam-log-2013-05-27 (21-59-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224274
Laufzeit: 19 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1 (PUP.LoadTubes) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Dominic\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 19
C:\Users\Dominic\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Local\Temp\ltbs.zip (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Local\Temp\ltsilentio\npm.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Local\Temp\ltsilentio\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\Downloads\FlashPlayer_V.52359204c.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt.

(Ende)
         

Alt 27.05.2013, 22:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 28.05.2013, 17:43   #3
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Hallo cosinus vielen dank für die schnelle Antwort. Wie gewünscht die OTL logfiles.

Code:
ATTFilter
OTL logfile created on: 28.05.2013 18:10:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominic\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,78% Memory free
7,73 Gb Paging File | 5,51 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 6,35 Gb Free Space | 4,41% Space Free | Partition Type: NTFS
Drive P: | 140,95 Gb Total Space | 22,53 Gb Free Space | 15,99% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominic\Downloads\OTL.exe (OldTimer Tools)
PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - P:\Program Files (x86)\open office\program\soffice.exe (OpenOffice.org)
PRC - P:\Program Files (x86)\open office\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - P:\Program Files (x86)\open office\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE419
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 41.0.202.145:8080
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: VLC Web Plugin (Enabled) = P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Dominic\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msigmg32.dll,doVdlgSCe File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = P:\Program Files (x86)\open office\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C715D9B-320F-4739-BACC-2B483D6DE224}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B692E382-B46B-49E0-8CA6-6356ABB96264}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.28 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\loadtbs
[2013.05.27 22:24:47 | 000,000,000 | ---D | C] -- C:\Users\Dominic\Desktop\TR Dropper.Gen entdeckt - was tun  - Trojaner-Board_files
[2013.05.27 21:58:32 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\Malwarebytes
[2013.05.27 21:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.27 21:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.27 21:58:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.27 21:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1
[2013.05.27 21:50:54 | 000,000,000 | ---D | C] -- C:\Navilog1
[2013.05.26 22:34:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2013.05.26 21:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013.05.26 21:16:55 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Local\Programs
[2013.05.22 20:11:04 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.22 20:02:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.22 20:02:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.22 20:02:28 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.05.22 20:02:28 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.05.22 20:02:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.05.22 20:02:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.22 20:02:10 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.22 20:02:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.22 20:02:10 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.22 20:01:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.22 20:01:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.05.22 20:01:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.05.22 20:01:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.05.22 20:01:46 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.05.22 20:01:46 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.05.22 20:01:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.05.22 20:00:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.05.21 21:41:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.05.21 09:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[2013.05.08 21:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.07 20:13:44 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.28 18:11:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 18:11:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 18:02:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.28 18:01:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 18:01:40 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.27 23:21:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.27 23:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.27 22:56:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
[2013.05.27 22:24:47 | 000,106,376 | ---- | M] () -- C:\Users\Dominic\Desktop\TR Dropper.Gen entdeckt - was tun  - Trojaner-Board.htm
[2013.05.27 22:24:09 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
[2013.05.27 21:58:05 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.27 19:12:18 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
[2013.05.27 19:03:36 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
[2013.05.26 22:33:16 | 000,000,848 | ---- | M] () -- C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.26 21:17:18 | 000,000,892 | ---- | M] () -- C:\Users\Dominic\Desktop\CrystalDiskInfo.lnk
[2013.05.26 21:14:38 | 000,002,376 | ---- | M] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk
[2013.05.26 17:48:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 17:48:33 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 17:48:33 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 17:48:33 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 17:48:33 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.26 17:41:27 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 20:11:04 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.22 11:27:48 | 000,000,622 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.21 21:57:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013.05.21 21:57:37 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013.05.21 09:41:03 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.05.16 16:30:07 | 000,131,133 | ---- | M] () -- C:\Users\Dominic\Desktop\Germany.pdf
[2013.05.07 20:13:09 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.27 22:24:45 | 000,106,376 | ---- | C] () -- C:\Users\Dominic\Desktop\TR Dropper.Gen entdeckt - was tun  - Trojaner-Board.htm
[2013.05.27 21:58:05 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.26 22:33:16 | 000,000,848 | ---- | C] () -- C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.26 21:17:18 | 000,000,892 | ---- | C] () -- C:\Users\Dominic\Desktop\CrystalDiskInfo.lnk
[2013.05.26 21:14:38 | 000,002,376 | ---- | C] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk
[2013.05.22 20:11:04 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.21 09:41:03 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.05.16 16:30:07 | 000,131,133 | ---- | C] () -- C:\Users\Dominic\Desktop\Germany.pdf
[2013.01.13 22:07:13 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini
[2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.04 02:51:44 | 000,007,625 | ---- | C] () -- C:\Users\Dominic\AppData\Local\Resmon.ResmonCfg
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 22:19:02 | 000,003,584 | ---- | C] () -- C:\Users\Dominic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.01 20:31:53 | 000,000,718 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.16 16:20:17 | 000,000,000 | ---- | C] () -- C:\Users\Dominic\AppData\Local\{71D90A8B-6C5B-4710-A01C-C37C344ADDC5}
[2010.07.13 13:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.13 22:11:53 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Buhl Data Service
[2013.05.28 18:21:59 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Dropbox
[2013.03.07 00:34:17 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\DVDVideoSoft
[2012.04.28 12:26:47 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.02.16 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\ICQ
[2012.05.10 18:08:12 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Liteon
[2013.05.28 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\loadtbs
[2011.08.22 20:13:12 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\OpenOffice.org
[2012.06.18 12:11:25 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Origin
[2013.05.08 23:21:23 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\SoftGrid Client
[2011.03.06 14:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\TP
[2012.04.04 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 28.05.2013 18:10:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominic\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,78% Memory free
7,73 Gb Paging File | 5,51 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 6,35 Gb Free Space | 4,41% Space Free | Partition Type: NTFS
Drive P: | 140,95 Gb Total Space | 22,53 Gb Free Space | 15,99% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E6259D-7CDD-4800-BF6B-8C35C3BB4B20}" = lport=137 | protocol=17 | dir=in | app=system | 
"{190F95B1-8726-44BD-A2F5-7D1BF3118B6C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{32E08E3E-B1A7-46A3-8C3A-AFD8268ADE5B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3B5081F0-E60E-4974-8574-9DE0CF601040}" = lport=139 | protocol=6 | dir=in | app=system | 
"{40A3B9F9-7BCB-4352-8B39-72142E4CE5B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{47624B65-154B-477D-BDE8-CB2FED391854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{65D69AAD-82A9-460E-9975-B3199647B736}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{74C31532-5E19-49AB-81FA-EC565319BD15}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7A7CEDED-43BF-4C6A-9D5C-0F3F01605308}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D97BF95-9C99-4F34-AA76-CCA434FEAFE2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{92BF8E2F-6250-4F2B-A4FE-485A4BA42DC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9593422A-D0BA-4917-ADA4-2A54F9626A12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9F871B61-2F4D-43FE-A4DB-8794B8FDAE82}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0B14462-58BB-4ADA-94B1-D3803018AF5B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C5958036-DDEA-42C9-838E-F6ACEFE33160}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F11453BE-E9EB-463B-A297-E8341FF94DD6}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08757FD3-9F8A-44FC-A6EE-13D53F9AA6B5}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{0BB7A654-9293-459D-8B3F-604F2C0B7270}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1E4DD80A-89C8-4AFE-BA16-D690A5DD0CEF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{20CBF5AE-FD2C-4F7E-A354-4231E13F49A2}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe | 
"{2F326BE1-68C1-4269-9ABD-31E141F693A0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"{343BA5FE-FD65-45A9-890C-BD0C2043EF2D}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{37B607D2-28D3-495D-B313-42CA11EDE166}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{46E028C5-7ADE-489D-A90C-0B6DADD22CEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4B3E57D2-9A41-457D-B501-513FD8B54094}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{53293032-1630-4CD8-B120-BBF06396E67C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{5345F1C6-66FC-4190-AB45-BB4038C46AD4}" = protocol=6 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe | 
"{54476611-C3DB-4820-81F6-5A0A3C85E69E}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{54E0361C-19B2-4C19-9D32-2F3F610ABE3A}" = protocol=6 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{572B3711-BF54-41B7-AEC5-FCA9C418BC47}" = dir=in | app=c:\users\dominic\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{59483C95-DD1D-4F44-BCD7-2E376C69F6C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5C2530E3-1490-4935-BFDA-BB9161C6009C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{5EEAAA19-4B88-47A9-A944-B1B8B024B9CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{61A0696F-8107-4884-BE12-5039B6A29E6B}" = protocol=17 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe | 
"{6D63BD9D-CB0A-44D9-94D4-89B4D72F845B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70B57DEF-6C03-4869-A565-E9E5BC21230B}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{7560CAD5-2833-444B-AF09-8700BA77F23C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{90B735A1-D8CB-4C01-8B67-B8141AAA886F}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{966D2B8A-2F2E-4E5B-ACA3-5D31022FBEF5}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steam.exe | 
"{9BE989CB-5B6B-49B5-9DE2-D329E672C516}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steam.exe | 
"{9EEFF54A-F4A1-49A0-AFF5-A256FFD2E10A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC3105C5-73D9-4BAD-BB8B-7FEE549B2C8E}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{BCFF1487-B704-4032-90FE-E334B80C6CE7}" = protocol=17 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{C16CA4B9-512B-46C3-8AB5-365DD481E6FE}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{CAF76FB7-DB93-4C61-B440-902AD7F380AB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D9FAEB46-3C17-44A5-BAC2-EDB936E6283C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{F122F3B7-60C7-4638-B66D-6F5F2691FD81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{F55B3A92-27A4-4398-8AA4-546316115199}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"TCP Query User{1FEB5430-C188-45DC-9E75-AB47420DA4E9}P:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{31EE6465-96D8-4DC1-84D2-6F276F930D11}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{4DB65B7D-0F83-448C-9460-6B4272A03D9C}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{6E1B31C9-6EDC-4603-8801-6562B78A5CEF}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{BF37AD35-5AA9-4DC6-AC0D-F4D08BEE59F9}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{CBF5AEB9-C72F-46F2-BEE0-F04812CAD6D3}P:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=p:\programme\icq7.4\icq.exe | 
"TCP Query User{D10D88BE-7DCF-4AED-B1DC-39E6A2708E3F}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{E3693444-3605-4CEA-BD2D-B8A7D7FB2F9F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{F07FA1AD-986B-4522-9A43-AFC20CC19C18}P:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{26998D77-41A3-4134-930D-61A1AFF2F498}P:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{64708352-E5BE-465B-A972-4E301290222F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{680A7734-72A9-494B-948B-5F0803A57E99}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{70314CEB-91F2-4320-9FED-703FBBA243FA}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{82442E2F-13E5-46F4-832F-DC1306030EE2}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{D5A479AB-304F-4B22-8488-80B31339072F}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{D8252AF0-1AFA-4357-894C-4C0F9824466F}P:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=p:\programme\icq7.4\icq.exe | 
"UDP Query User{EFF1D862-EC0E-45A0-921D-DC05627472A2}P:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{FF92CE33-8012-4EC7-B30C-27F8778E00E8}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14EC371D-145C-9AC3-B3A8-EA90C6B0325E}" = PX Profile Update
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = Catalyst Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FA602928-EB59-449c-B9F7-1FBE1291B63D}" = Syndicate™
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ArgusMonitor" = ArgusMonitor
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.6.2
"ESN Sonar-0.70.3" = ESN Sonar
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.4.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 55230" = Saints Row: The Third
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.05.2012 08:32:33 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.05.2012 05:57:15 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 26.05.2012 12:32:58 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 27.05.2012 08:59:03 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 28.05.2012 07:20:03 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 29.05.2012 15:53:11 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.05.2012 08:58:49 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.06.2012 07:45:00 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.06.2012 08:24:13 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 01.06.2012 17:56:30 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 26.05.2013 12:28:23 | Computer Name = Dominic-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?05.?2013 um 18:25:07 unerwartet heruntergefahren.
 
Error - 26.05.2013 14:53:45 | Computer Name = Dominic-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?05.?2013 um 20:52:01 unerwartet heruntergefahren.
 
Error - 26.05.2013 16:30:45 | Computer Name = Dominic-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Yo-Safe" konnte der Transaktionsressourcen-Manager
 aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode
 ist in den Daten enthalten.
 
Error - 27.05.2013 12:58:11 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 27.05.2013 13:18:41 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Modules Installer erreicht.
 
Error - 27.05.2013 13:18:41 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 27.05.2013 13:18:46 | Computer Name = Dominic-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.05.2013 16:09:44 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Blockebenen-Sicherungsmodul erreicht.
 
Error - 27.05.2013 16:09:44 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Blockebenen-Sicherungsmodul" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 27.05.2013 16:09:44 | Computer Name = Dominic-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
__________________

Alt 28.05.2013, 23:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2013, 16:11   #5
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Hallo Cosinus hier das Logfile von combofix.
Code:
ATTFilter
ComboFix 13-05-29.01 - Dominic 29.05.2013  16:59:51.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2410 [GMT 2:00]
ausgeführt von:: c:\users\Dominic\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-29  ))))))))))))))))))))))))))))))
.
.
2013-05-29 15:05 . 2013-05-29 15:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-28 16:09 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7B33253-835E-41E1-ADCE-BC0AAD166EA5}\mpengine.dll
2013-05-28 16:08 . 2013-05-28 16:08	--------	d-----w-	c:\users\Dominic\AppData\Roaming\loadtbs
2013-05-27 19:58 . 2013-05-27 19:58	--------	d-----w-	c:\users\Dominic\AppData\Roaming\Malwarebytes
2013-05-27 19:58 . 2013-05-27 19:58	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-27 19:58 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-27 19:55 . 2013-05-27 20:52	--------	d-----w-	c:\program files (x86)\Navilog1
2013-05-27 19:50 . 2013-05-27 20:52	--------	d---a-w-	C:\Navilog1
2013-05-26 19:16 . 2013-05-26 19:16	--------	d-----w-	c:\users\Dominic\AppData\Local\Programs
2013-05-22 18:01 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-22 18:00 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-05-21 19:41 . 2013-05-21 19:41	--------	d-----w-	c:\windows\system32\SPReview
2013-05-08 19:34 . 2013-05-08 19:34	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-05-07 18:13 . 2013-05-07 18:13	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-06 14:46 . 2013-05-06 14:46	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 19:57 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-05-21 19:57 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-05-16 15:03 . 2011-02-19 17:23	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-11 19:18 . 2011-03-28 16:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-02-16 23:42	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-17 17:27 . 2013-04-17 17:27	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-17 17:27 . 2012-05-22 11:59	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-17 17:27 . 2011-02-24 22:34	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-17 14:29 . 2013-04-17 14:29	0	----a-w-	c:\windows\SysWow64\RENFDD3.tmp
2013-04-17 14:29 . 2013-04-17 14:29	0	----a-w-	c:\windows\SysWow64\RENFDD2.tmp
2013-04-13 05:49 . 2013-05-22 18:02	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-22 18:02	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-22 18:02	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-22 18:02	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-22 18:02	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-22 18:02	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 18:59	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 15:51 . 2013-04-10 15:51	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 15:51 . 2011-06-12 13:15	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-31 22:42 . 2013-03-31 22:44	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-31 22:42 . 2013-03-31 22:44	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-31 22:42 . 2013-03-31 22:44	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-09 18:24	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-09 18:24	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 18:24	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 18:24	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 18:24	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 18:24	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"avgnt"="p:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.4.1.lnk - p:\program files (x86)\open office\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys [x]
R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 25088]
R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [2011-04-12 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-17 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-31 28600]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;p:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 86752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 15:51]
.
2013-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
- c:\users\Dominic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 13:19]
.
2013-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
- c:\users\Dominic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 13:19]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-16 23:51]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-16 23:51]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
- c:\users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 23:50]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
- c:\users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 23:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526
uInternet Settings,ProxyServer = 41.0.202.145:8080
IE: Free YouTube to MP3 Converter - c:\users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - p:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-29  17:07:35
ComboFix-quarantined-files.txt  2013-05-29 15:07
ComboFix2.txt  2013-05-29 14:25
.
Vor Suchlauf: 9.796.206.592 Bytes frei
Nach Suchlauf: 9.732.825.088 Bytes frei
.
- - End Of File - - E7B37B1BB2A932C672C383A90D19E0B2
         
Danke


Alt 29.05.2013, 23:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> TR/Dropper.gen gefunden was nun?

Alt 30.05.2013, 17:55   #7
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Servus Cosinus!

Hier das logfile von "GMER":

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-30 15:37:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: w77yld2x.exe; Driver: C:\Users\Dominic\AppData\Local\Temp\pgliifod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          00000000760c1465 2 bytes [0C, 76]
.text   C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000760c14bb 2 bytes [0C, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe[3300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                 00000000760c1465 2 bytes [0C, 76]
.text   C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe[3300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                00000000760c14bb 2 bytes [0C, 76]
.text   ...                                                                                                                                                    * 2
.text   P:\Program Files (x86)\open office\program\soffice.bin[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000760c1465 2 bytes [0C, 76]
.text   P:\Program Files (x86)\open office\program\soffice.bin[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000760c14bb 2 bytes [0C, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000760c1465 2 bytes [0C, 76]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000760c14bb 2 bytes [0C, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000760c1465 2 bytes [0C, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000760c14bb 2 bytes [0C, 76]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:4748]                                                                                 0000000077357587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:2404]                                                                                 0000000067810cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:4976]                                                                                 0000000077bf2e25
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:5240]                                                                                 0000000077bf3e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:5324]                                                                                 0000000077bf3e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:5408]                                                                                 0000000077bf3e45

---- EOF - GMER 2.1 ----
         
Hier das Logfile von MBAR:

1.LOGFILE

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dominic :: DOMINIC-PC [administrator]

30.05.2013 18:10:47
mbar-log-2013-05-30 (18-10-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 239671
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Dominic\Downloads\FlashPlayer_V.52359204c.exe (Adware.DomaIQ) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
2.LOGFILE vom zweiten Suchdurchlauf, nach dem ersten Cleanup!!

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dominic :: DOMINIC-PC [administrator]

30.05.2013 18:35:35
mbar-log-2013-05-30 (18-35-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 239588
Time elapsed: 14 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 30.05.2013, 22:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2013, 22:54   #9
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Hallo,

ASWMBR file:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-30 23:28:14
-----------------------------
23:28:14.046    OS Version: Windows x64 6.1.7601 Service Pack 1
23:28:14.046    Number of processors: 4 586 0x2505
23:28:14.048    ComputerName: DOMINIC-PC  UserName: Dominic
23:28:16.478    Initialize success
23:29:24.123    AVAST engine defs: 13053001
23:29:42.433    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:29:42.439    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:29:42.612    Disk 0 MBR read successfully
23:29:42.617    Disk 0 MBR scan
23:29:42.639    Disk 0 Windows 7 default MBR code
23:29:42.658    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
23:29:42.679    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
23:29:42.697    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147502 MB offset 27469824
23:29:42.711    Disk 0 Partition - 00     0F Extended LBA            144329 MB offset 329553920
23:29:42.749    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       144328 MB offset 329555968
23:29:42.948    Disk 0 scanning C:\Windows\system32\drivers
23:30:00.759    Service scanning
23:30:44.381    Modules scanning
23:30:44.736    Disk 0 trace - called modules:
23:30:44.749    
23:30:45.783    AVAST engine scan C:\Windows
23:30:49.550    AVAST engine scan C:\Windows\system32
23:35:45.993    AVAST engine scan C:\Windows\system32\drivers
23:36:05.139    AVAST engine scan C:\Users\Dominic
23:43:24.677    AVAST engine scan C:\ProgramData
23:44:58.701    Scan finished successfully
23:48:42.882    Disk 0 MBR has been saved successfully to "C:\Users\Dominic\Desktop\MBR.dat"
23:48:42.898    The log file has been saved successfully to "C:\Users\Dominic\Desktop\aswMBR.txt"
         
TDSSKILLER file:

Code:
ATTFilter
23:49:33.0401 4700  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:49:33.0645 4700  ============================================================
23:49:33.0645 4700  Current date / time: 2013/05/30 23:49:33.0645
23:49:33.0645 4700  SystemInfo:
23:49:33.0645 4700  
23:49:33.0645 4700  OS Version: 6.1.7601 ServicePack: 1.0
23:49:33.0645 4700  Product type: Workstation
23:49:33.0645 4700  ComputerName: DOMINIC-PC
23:49:33.0646 4700  UserName: Dominic
23:49:33.0646 4700  Windows directory: C:\Windows
23:49:33.0646 4700  System windows directory: C:\Windows
23:49:33.0646 4700  Running under WOW64
23:49:33.0646 4700  Processor architecture: Intel x64
23:49:33.0646 4700  Number of processors: 4
23:49:33.0646 4700  Page size: 0x1000
23:49:33.0646 4700  Boot type: Normal boot
23:49:33.0646 4700  ============================================================
23:49:34.0522 4700  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:49:34.0534 4700  ============================================================
23:49:34.0534 4700  \Device\Harddisk0\DR0:
23:49:34.0534 4700  MBR partitions:
23:49:34.0534 4700  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
23:49:34.0534 4700  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x12017000
23:49:34.0554 4700  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13A4A000, BlocksNum 0x119E4000
23:49:34.0554 4700  ============================================================
23:49:34.0586 4700  C: <-> \Device\Harddisk0\DR0\Partition2
23:49:34.0617 4700  P: <-> \Device\Harddisk0\DR0\Partition3
23:49:34.0655 4700  ============================================================
23:49:34.0655 4700  Initialize success
23:49:34.0655 4700  ============================================================
23:50:49.0528 3804  ============================================================
23:50:49.0528 3804  Scan started
23:50:49.0528 3804  Mode: Manual; SigCheck; TDLFS; 
23:50:49.0528 3804  ============================================================
23:50:50.0074 3804  ================ Scan system memory ========================
23:50:50.0074 3804  System memory - ok
23:50:50.0074 3804  ================ Scan services =============================
23:50:50.0277 3804  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:50:50.0479 3804  1394ohci - ok
23:50:50.0495 3804  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:50:50.0542 3804  ACPI - ok
23:50:50.0589 3804  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:50:50.0698 3804  AcpiPmi - ok
23:50:50.0791 3804  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:50:50.0807 3804  AdobeARMservice - ok
23:50:50.0979 3804  [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:50:51.0010 3804  AdobeFlashPlayerUpdateSvc - ok
23:50:51.0072 3804  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:50:51.0119 3804  adp94xx - ok
23:50:51.0135 3804  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:50:51.0181 3804  adpahci - ok
23:50:51.0197 3804  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:50:51.0228 3804  adpu320 - ok
23:50:51.0259 3804  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:50:51.0431 3804  AeLookupSvc - ok
23:50:51.0478 3804  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:50:51.0571 3804  AFD - ok
23:50:51.0603 3804  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:50:51.0634 3804  agp440 - ok
23:50:51.0665 3804  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:50:51.0743 3804  ALG - ok
23:50:51.0790 3804  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:50:51.0821 3804  aliide - ok
23:50:51.0852 3804  [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:50:51.0961 3804  AMD External Events Utility - ok
23:50:51.0977 3804  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:50:52.0008 3804  amdide - ok
23:50:52.0039 3804  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:50:52.0117 3804  AmdK8 - ok
23:50:52.0461 3804  [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:50:52.0991 3804  amdkmdag - ok
23:50:53.0069 3804  [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:50:53.0163 3804  amdkmdap - ok
23:50:53.0194 3804  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:50:53.0256 3804  AmdPPM - ok
23:50:53.0303 3804  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:50:53.0334 3804  amdsata - ok
23:50:53.0365 3804  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:50:53.0397 3804  amdsbs - ok
23:50:53.0412 3804  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:50:53.0443 3804  amdxata - ok
23:50:53.0553 3804  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:50:53.0584 3804  AntiVirSchedulerService - ok
23:50:53.0631 3804  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:50:53.0662 3804  AntiVirService - ok
23:50:53.0709 3804  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:50:53.0911 3804  AppID - ok
23:50:53.0943 3804  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:50:54.0052 3804  AppIDSvc - ok
23:50:54.0130 3804  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
23:50:54.0208 3804  Appinfo - ok
23:50:54.0255 3804  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:50:54.0286 3804  arc - ok
23:50:54.0301 3804  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:50:54.0333 3804  arcsas - ok
23:50:54.0395 3804  [ 1EF2B0B5E3601DD8CB6EA90761F5555C ] ArgusMonitor    C:\Windows\syswow64\drivers\ArgusMonitor.sys
23:50:54.0442 3804  ArgusMonitor - ok
23:50:54.0473 3804  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:50:54.0598 3804  AsyncMac - ok
23:50:54.0660 3804  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:50:54.0691 3804  atapi - ok
23:50:54.0769 3804  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:50:54.0879 3804  athr - ok
23:50:54.0941 3804  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:50:54.0972 3804  AtiHDAudioService - ok
23:50:55.0019 3804  [ A6FAD7A5ADA4675BA9C9FEAF4E0542BA ] ATITool         C:\Windows\system32\DRIVERS\ATITool64.sys
23:50:55.0050 3804  ATITool ( UnsignedFile.Multi.Generic ) - warning
23:50:55.0050 3804  ATITool - detected UnsignedFile.Multi.Generic (1)
23:50:55.0097 3804  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:50:55.0237 3804  AudioEndpointBuilder - ok
23:50:55.0253 3804  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:50:55.0362 3804  AudioSrv - ok
23:50:55.0409 3804  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:50:55.0440 3804  avgntflt - ok
23:50:55.0503 3804  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:50:55.0534 3804  avipbb - ok
23:50:55.0549 3804  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:50:55.0581 3804  avkmgr - ok
23:50:55.0627 3804  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:50:55.0737 3804  AxInstSV - ok
23:50:55.0783 3804  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:50:55.0846 3804  b06bdrv - ok
23:50:55.0893 3804  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:50:55.0955 3804  b57nd60a - ok
23:50:56.0017 3804  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:50:56.0080 3804  BDESVC - ok
23:50:56.0095 3804  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:50:56.0220 3804  Beep - ok
23:50:56.0298 3804  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:50:56.0423 3804  BFE - ok
23:50:56.0470 3804  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
23:50:56.0626 3804  BITS - ok
23:50:56.0641 3804  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:50:56.0673 3804  blbdrive - ok
23:50:56.0719 3804  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:50:56.0766 3804  bowser - ok
23:50:56.0782 3804  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:50:56.0907 3804  BrFiltLo - ok
23:50:56.0907 3804  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:50:56.0953 3804  BrFiltUp - ok
23:50:56.0985 3804  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:50:57.0078 3804  BridgeMP - ok
23:50:57.0109 3804  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:50:57.0156 3804  Browser - ok
23:50:57.0172 3804  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:50:57.0219 3804  Brserid - ok
23:50:57.0234 3804  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:50:57.0281 3804  BrSerWdm - ok
23:50:57.0297 3804  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:50:57.0359 3804  BrUsbMdm - ok
23:50:57.0390 3804  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:50:57.0437 3804  BrUsbSer - ok
23:50:57.0437 3804  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:50:57.0484 3804  BTHMODEM - ok
23:50:57.0515 3804  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:50:57.0624 3804  bthserv - ok
23:50:57.0640 3804  catchme - ok
23:50:57.0655 3804  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:50:57.0796 3804  cdfs - ok
23:50:57.0843 3804  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:50:57.0889 3804  cdrom - ok
23:50:57.0921 3804  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:50:58.0030 3804  CertPropSvc - ok
23:50:58.0061 3804  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:50:58.0108 3804  circlass - ok
23:50:58.0139 3804  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:50:58.0170 3804  CLFS - ok
23:50:58.0233 3804  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:50:58.0264 3804  clr_optimization_v2.0.50727_32 - ok
23:50:58.0311 3804  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:50:58.0342 3804  clr_optimization_v2.0.50727_64 - ok
23:50:58.0420 3804  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:50:58.0435 3804  clr_optimization_v4.0.30319_32 - ok
23:50:58.0482 3804  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:50:58.0498 3804  clr_optimization_v4.0.30319_64 - ok
23:50:58.0529 3804  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:50:58.0576 3804  CmBatt - ok
23:50:58.0607 3804  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:50:58.0623 3804  cmdide - ok
23:50:58.0669 3804  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
23:50:58.0747 3804  CNG - ok
23:50:58.0794 3804  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:50:58.0825 3804  Compbatt - ok
23:50:58.0857 3804  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:50:58.0935 3804  CompositeBus - ok
23:50:58.0950 3804  COMSysApp - ok
23:50:58.0981 3804  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:50:58.0997 3804  crcdisk - ok
23:50:59.0044 3804  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:50:59.0122 3804  CryptSvc - ok
23:50:59.0215 3804  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:50:59.0278 3804  cvhsvc - ok
23:50:59.0325 3804  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:50:59.0449 3804  DcomLaunch - ok
23:50:59.0481 3804  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:50:59.0574 3804  defragsvc - ok
23:50:59.0605 3804  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:50:59.0699 3804  DfsC - ok
23:50:59.0730 3804  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:50:59.0793 3804  Dhcp - ok
23:50:59.0824 3804  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:50:59.0933 3804  discache - ok
23:50:59.0980 3804  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:51:00.0011 3804  Disk - ok
23:51:00.0042 3804  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:51:00.0120 3804  Dnscache - ok
23:51:00.0151 3804  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:51:00.0261 3804  dot3svc - ok
23:51:00.0292 3804  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:51:00.0385 3804  DPS - ok
23:51:00.0432 3804  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:51:00.0479 3804  drmkaud - ok
23:51:00.0541 3804  [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:51:00.0573 3804  DsiWMIService - ok
23:51:00.0635 3804  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:51:00.0697 3804  DXGKrnl - ok
23:51:00.0744 3804  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:51:00.0853 3804  EapHost - ok
23:51:00.0963 3804  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:51:01.0134 3804  ebdrv - ok
23:51:01.0181 3804  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:51:01.0228 3804  EFS - ok
23:51:01.0290 3804  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:51:01.0337 3804  elxstor - ok
23:51:01.0431 3804  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:51:01.0493 3804  ePowerSvc - ok
23:51:01.0509 3804  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:51:01.0555 3804  ErrDev - ok
23:51:01.0602 3804  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:51:01.0711 3804  EventSystem - ok
23:51:01.0774 3804  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:51:01.0883 3804  exfat - ok
23:51:01.0930 3804  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:51:02.0023 3804  fastfat - ok
23:51:02.0086 3804  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:51:02.0164 3804  Fax - ok
23:51:02.0195 3804  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:51:02.0242 3804  fdc - ok
23:51:02.0273 3804  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:51:02.0367 3804  fdPHost - ok
23:51:02.0382 3804  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:51:02.0491 3804  FDResPub - ok
23:51:02.0523 3804  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:51:02.0554 3804  FileInfo - ok
23:51:02.0569 3804  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:51:02.0663 3804  Filetrace - ok
23:51:02.0710 3804  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:51:02.0741 3804  FLEXnet Licensing Service - ok
23:51:02.0788 3804  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:02.0819 3804  flpydisk - ok
23:51:02.0866 3804  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:51:02.0897 3804  FltMgr - ok
23:51:02.0944 3804  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
23:51:03.0037 3804  FontCache - ok
23:51:03.0084 3804  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:03.0100 3804  FontCache3.0.0.0 - ok
23:51:03.0131 3804  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:51:03.0147 3804  FsDepends - ok
23:51:03.0178 3804  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:51:03.0209 3804  Fs_Rec - ok
23:51:03.0256 3804  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:51:03.0303 3804  fvevol - ok
23:51:03.0334 3804  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:03.0365 3804  gagp30kx - ok
23:51:03.0396 3804  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:51:03.0537 3804  gpsvc - ok
23:51:03.0599 3804  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
23:51:03.0615 3804  GREGService - ok
23:51:03.0693 3804  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:03.0724 3804  gupdate - ok
23:51:03.0755 3804  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:03.0771 3804  gupdatem - ok
23:51:03.0802 3804  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:51:03.0833 3804  gusvc - ok
23:51:03.0849 3804  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:51:03.0927 3804  hcw85cir - ok
23:51:03.0973 3804  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:51:04.0036 3804  HdAudAddService - ok
23:51:04.0067 3804  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:51:04.0114 3804  HDAudBus - ok
23:51:04.0145 3804  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:51:04.0161 3804  HECIx64 - ok
23:51:04.0192 3804  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:04.0223 3804  HidBatt - ok
23:51:04.0239 3804  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:51:04.0285 3804  HidBth - ok
23:51:04.0301 3804  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:51:04.0348 3804  HidIr - ok
23:51:04.0363 3804  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
23:51:04.0473 3804  hidserv - ok
23:51:04.0519 3804  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:51:04.0535 3804  HidUsb - ok
23:51:04.0582 3804  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:51:04.0675 3804  hkmsvc - ok
23:51:04.0707 3804  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:51:04.0769 3804  HomeGroupListener - ok
23:51:04.0800 3804  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:51:04.0831 3804  HomeGroupProvider - ok
23:51:04.0894 3804  [ 502433044773567F6CE942F8E0A621CA ] HPMo4DE3        C:\Windows\system32\DRIVERS\HPMo4DE3.sys
23:51:04.0956 3804  HPMo4DE3 - ok
23:51:05.0003 3804  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:51:05.0019 3804  HpSAMD - ok
23:51:05.0065 3804  [ A635DDB3ED98953BB4D42079017B4E30 ] HPub4DE3        C:\Windows\system32\Drivers\HPub4DE3.sys
23:51:05.0112 3804  HPub4DE3 - ok
23:51:05.0159 3804  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:51:05.0284 3804  HTTP - ok
23:51:05.0315 3804  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:51:05.0331 3804  hwpolicy - ok
23:51:05.0393 3804  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:51:05.0424 3804  i8042prt - ok
23:51:05.0455 3804  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:51:05.0502 3804  iaStor - ok
23:51:05.0549 3804  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:51:05.0565 3804  IAStorDataMgrSvc - ok
23:51:05.0627 3804  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:51:05.0658 3804  iaStorV - ok
23:51:05.0721 3804  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:05.0783 3804  idsvc - ok
23:51:05.0814 3804  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:51:05.0845 3804  iirsp - ok
23:51:05.0892 3804  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:51:06.0017 3804  IKEEXT - ok
23:51:06.0157 3804  [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:51:06.0282 3804  IntcAzAudAddService - ok
23:51:06.0298 3804  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:51:06.0329 3804  intelide - ok
23:51:06.0360 3804  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:51:06.0391 3804  intelppm - ok
23:51:06.0423 3804  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:51:06.0532 3804  IPBusEnum - ok
23:51:06.0547 3804  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:06.0657 3804  IpFilterDriver - ok
23:51:06.0719 3804  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:51:06.0781 3804  iphlpsvc - ok
23:51:06.0813 3804  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:51:06.0859 3804  IPMIDRV - ok
23:51:06.0891 3804  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:51:07.0000 3804  IPNAT - ok
23:51:07.0015 3804  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:51:07.0093 3804  IRENUM - ok
23:51:07.0140 3804  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:51:07.0171 3804  isapnp - ok
23:51:07.0203 3804  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:51:07.0249 3804  iScsiPrt - ok
23:51:07.0296 3804  [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
23:51:07.0327 3804  k57nd60a - ok
23:51:07.0359 3804  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:51:07.0374 3804  kbdclass - ok
23:51:07.0405 3804  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:51:07.0437 3804  kbdhid - ok
23:51:07.0468 3804  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:51:07.0499 3804  KeyIso - ok
23:51:07.0515 3804  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:51:07.0546 3804  KSecDD - ok
23:51:07.0577 3804  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:51:07.0608 3804  KSecPkg - ok
23:51:07.0624 3804  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:51:07.0733 3804  ksthunk - ok
23:51:07.0780 3804  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:51:07.0889 3804  KtmRm - ok
23:51:07.0936 3804  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:51:08.0045 3804  LanmanServer - ok
23:51:08.0076 3804  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:51:08.0185 3804  LanmanWorkstation - ok
23:51:08.0232 3804  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:51:08.0341 3804  lltdio - ok
23:51:08.0357 3804  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:51:08.0466 3804  lltdsvc - ok
23:51:08.0482 3804  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:51:08.0591 3804  lmhosts - ok
23:51:08.0638 3804  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:51:08.0669 3804  LMS - ok
23:51:08.0685 3804  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:08.0716 3804  LSI_FC - ok
23:51:08.0731 3804  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:08.0763 3804  LSI_SAS - ok
23:51:08.0778 3804  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:08.0809 3804  LSI_SAS2 - ok
23:51:08.0825 3804  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:08.0856 3804  LSI_SCSI - ok
23:51:08.0872 3804  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:51:08.0981 3804  luafv - ok
23:51:09.0012 3804  mbamswissarmy - ok
23:51:09.0028 3804  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:51:09.0043 3804  megasas - ok
23:51:09.0075 3804  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:09.0121 3804  MegaSR - ok
23:51:09.0137 3804  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:51:09.0246 3804  MMCSS - ok
23:51:09.0262 3804  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:51:09.0371 3804  Modem - ok
23:51:09.0402 3804  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:51:09.0449 3804  monitor - ok
23:51:09.0480 3804  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
23:51:09.0496 3804  mouclass - ok
23:51:09.0527 3804  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:51:09.0574 3804  mouhid - ok
23:51:09.0621 3804  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:51:09.0652 3804  mountmgr - ok
23:51:09.0683 3804  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:51:09.0714 3804  mpio - ok
23:51:09.0761 3804  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:51:09.0839 3804  mpsdrv - ok
23:51:09.0886 3804  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:51:10.0026 3804  MpsSvc - ok
23:51:10.0057 3804  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:51:10.0120 3804  MRxDAV - ok
23:51:10.0151 3804  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:10.0198 3804  mrxsmb - ok
23:51:10.0229 3804  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:10.0276 3804  mrxsmb10 - ok
23:51:10.0291 3804  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:10.0338 3804  mrxsmb20 - ok
23:51:10.0385 3804  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:51:10.0416 3804  msahci - ok
23:51:10.0447 3804  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:51:10.0479 3804  msdsm - ok
23:51:10.0510 3804  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:51:10.0572 3804  MSDTC - ok
23:51:10.0619 3804  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:51:10.0713 3804  Msfs - ok
23:51:10.0728 3804  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:51:10.0822 3804  mshidkmdf - ok
23:51:10.0837 3804  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:51:10.0869 3804  msisadrv - ok
23:51:10.0900 3804  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:51:10.0993 3804  MSiSCSI - ok
23:51:10.0993 3804  msiserver - ok
23:51:11.0009 3804  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:51:11.0103 3804  MSKSSRV - ok
23:51:11.0103 3804  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:11.0196 3804  MSPCLOCK - ok
23:51:11.0227 3804  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:51:11.0321 3804  MSPQM - ok
23:51:11.0352 3804  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:51:11.0399 3804  MsRPC - ok
23:51:11.0430 3804  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:51:11.0461 3804  mssmbios - ok
23:51:11.0477 3804  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:51:11.0586 3804  MSTEE - ok
23:51:11.0586 3804  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:11.0617 3804  MTConfig - ok
23:51:11.0633 3804  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:51:11.0664 3804  Mup - ok
23:51:11.0695 3804  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:51:11.0727 3804  mwlPSDFilter - ok
23:51:11.0727 3804  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:51:11.0758 3804  mwlPSDNServ - ok
23:51:11.0773 3804  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:51:11.0789 3804  mwlPSDVDisk - ok
23:51:11.0851 3804  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
23:51:11.0883 3804  MWLService - ok
23:51:11.0929 3804  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:51:12.0039 3804  napagent - ok
23:51:12.0085 3804  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:51:12.0148 3804  NativeWifiP - ok
23:51:12.0210 3804  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:51:12.0273 3804  NDIS - ok
23:51:12.0319 3804  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:12.0429 3804  NdisCap - ok
23:51:12.0444 3804  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:12.0538 3804  NdisTapi - ok
23:51:12.0569 3804  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:12.0678 3804  Ndisuio - ok
23:51:12.0709 3804  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:12.0819 3804  NdisWan - ok
23:51:12.0834 3804  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:51:12.0943 3804  NDProxy - ok
23:51:12.0975 3804  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:51:13.0068 3804  NetBIOS - ok
23:51:13.0115 3804  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:51:13.0209 3804  NetBT - ok
23:51:13.0240 3804  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:51:13.0271 3804  Netlogon - ok
23:51:13.0302 3804  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:51:13.0427 3804  Netman - ok
23:51:13.0458 3804  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:51:13.0567 3804  netprofm - ok
23:51:13.0599 3804  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:13.0630 3804  NetTcpPortSharing - ok
23:51:13.0661 3804  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:13.0692 3804  nfrd960 - ok
23:51:13.0755 3804  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:51:13.0786 3804  NlaSvc - ok
23:51:13.0833 3804  [ 903681BAB213D5F84717C0FC42AFB28A ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
23:51:13.0926 3804  nmwcd - ok
23:51:13.0926 3804  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:51:14.0035 3804  Npfs - ok
23:51:14.0067 3804  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:51:14.0176 3804  nsi - ok
23:51:14.0207 3804  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:51:14.0316 3804  nsiproxy - ok
23:51:14.0394 3804  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:51:14.0488 3804  Ntfs - ok
23:51:14.0566 3804  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
23:51:14.0597 3804  NTI IScheduleSvc - ok
23:51:14.0613 3804  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
23:51:14.0644 3804  NTIDrvr - ok
23:51:14.0659 3804  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:51:14.0769 3804  Null - ok
23:51:14.0831 3804  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:51:14.0862 3804  nvraid - ok
23:51:14.0878 3804  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:51:14.0909 3804  nvstor - ok
23:51:14.0956 3804  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:51:14.0987 3804  nv_agp - ok
23:51:15.0018 3804  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:51:15.0065 3804  ohci1394 - ok
23:51:15.0112 3804  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:51:15.0143 3804  ose - ok
23:51:15.0315 3804  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:51:15.0595 3804  osppsvc - ok
23:51:15.0642 3804  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:51:15.0705 3804  p2pimsvc - ok
23:51:15.0751 3804  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:51:15.0798 3804  p2psvc - ok
23:51:15.0814 3804  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:51:15.0861 3804  Parport - ok
23:51:15.0907 3804  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:51:15.0939 3804  partmgr - ok
23:51:15.0954 3804  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:51:16.0017 3804  PcaSvc - ok
23:51:16.0048 3804  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:51:16.0079 3804  pci - ok
23:51:16.0110 3804  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:51:16.0141 3804  pciide - ok
23:51:16.0157 3804  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:16.0188 3804  pcmcia - ok
23:51:16.0219 3804  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:51:16.0251 3804  pcw - ok
23:51:16.0282 3804  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:51:16.0391 3804  PEAUTH - ok
23:51:16.0500 3804  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:51:16.0547 3804  PerfHost - ok
23:51:16.0625 3804  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:51:16.0765 3804  pla - ok
23:51:16.0812 3804  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:51:16.0890 3804  PlugPlay - ok
23:51:16.0921 3804  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:51:16.0937 3804  PNRPAutoReg - ok
23:51:16.0968 3804  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:51:16.0999 3804  PNRPsvc - ok
23:51:17.0031 3804  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:51:17.0155 3804  PolicyAgent - ok
23:51:17.0202 3804  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:51:17.0296 3804  Power - ok
23:51:17.0327 3804  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:51:17.0421 3804  PptpMiniport - ok
23:51:17.0452 3804  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:51:17.0483 3804  Processor - ok
23:51:17.0514 3804  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:51:17.0577 3804  ProfSvc - ok
23:51:17.0592 3804  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:51:17.0623 3804  ProtectedStorage - ok
23:51:17.0670 3804  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:51:17.0764 3804  Psched - ok
23:51:17.0842 3804  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:51:17.0935 3804  ql2300 - ok
23:51:17.0935 3804  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:17.0967 3804  ql40xx - ok
23:51:17.0998 3804  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:51:18.0045 3804  QWAVE - ok
23:51:18.0060 3804  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:51:18.0107 3804  QWAVEdrv - ok
23:51:18.0123 3804  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:51:18.0232 3804  RasAcd - ok
23:51:18.0263 3804  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:18.0372 3804  RasAgileVpn - ok
23:51:18.0403 3804  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:51:18.0497 3804  RasAuto - ok
23:51:18.0528 3804  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:18.0637 3804  Rasl2tp - ok
23:51:18.0669 3804  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:51:18.0825 3804  RasMan - ok
23:51:18.0871 3804  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:18.0965 3804  RasPppoe - ok
23:51:18.0981 3804  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:51:19.0074 3804  RasSstp - ok
23:51:19.0121 3804  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:51:19.0230 3804  rdbss - ok
23:51:19.0246 3804  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:19.0277 3804  rdpbus - ok
23:51:19.0308 3804  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:19.0417 3804  RDPCDD - ok
23:51:19.0433 3804  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:51:19.0558 3804  RDPENCDD - ok
23:51:19.0605 3804  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:51:19.0698 3804  RDPREFMP - ok
23:51:19.0729 3804  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:51:19.0792 3804  RDPWD - ok
23:51:19.0839 3804  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:51:19.0885 3804  rdyboost - ok
23:51:19.0917 3804  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:51:20.0010 3804  RemoteAccess - ok
23:51:20.0041 3804  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:51:20.0151 3804  RemoteRegistry - ok
23:51:20.0166 3804  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:51:20.0260 3804  RpcEptMapper - ok
23:51:20.0275 3804  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:51:20.0307 3804  RpcLocator - ok
23:51:20.0338 3804  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:51:20.0447 3804  RpcSs - ok
23:51:20.0478 3804  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:51:20.0587 3804  rspndr - ok
23:51:20.0650 3804  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
23:51:20.0681 3804  RSUSBSTOR - ok
23:51:20.0728 3804  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
23:51:20.0759 3804  RTHDMIAzAudService - ok
23:51:20.0759 3804  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:51:20.0790 3804  SamSs - ok
23:51:20.0821 3804  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:51:20.0853 3804  sbp2port - ok
23:51:20.0884 3804  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:51:20.0977 3804  SCardSvr - ok
23:51:21.0009 3804  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:51:21.0102 3804  scfilter - ok
23:51:21.0149 3804  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:51:21.0274 3804  Schedule - ok
23:51:21.0305 3804  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:51:21.0399 3804  SCPolicySvc - ok
23:51:21.0414 3804  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:51:21.0461 3804  SDRSVC - ok
23:51:21.0492 3804  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:51:21.0601 3804  secdrv - ok
23:51:21.0633 3804  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:51:21.0742 3804  seclogon - ok
23:51:21.0789 3804  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
23:51:21.0882 3804  SENS - ok
23:51:21.0913 3804  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:51:21.0960 3804  SensrSvc - ok
23:51:21.0991 3804  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:51:22.0023 3804  Serenum - ok
23:51:22.0038 3804  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:51:22.0069 3804  Serial - ok
23:51:22.0101 3804  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:51:22.0132 3804  sermouse - ok
23:51:22.0163 3804  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:51:22.0272 3804  SessionEnv - ok
23:51:22.0319 3804  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:51:22.0366 3804  sffdisk - ok
23:51:22.0366 3804  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:51:22.0397 3804  sffp_mmc - ok
23:51:22.0413 3804  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:51:22.0459 3804  sffp_sd - ok
23:51:22.0491 3804  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:51:22.0522 3804  sfloppy - ok
23:51:22.0600 3804  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:51:22.0647 3804  Sftfs - ok
23:51:22.0709 3804  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:51:22.0756 3804  sftlist - ok
23:51:22.0787 3804  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:51:22.0818 3804  Sftplay - ok
23:51:22.0849 3804  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:51:22.0865 3804  Sftredir - ok
23:51:22.0896 3804  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:51:22.0912 3804  Sftvol - ok
23:51:22.0959 3804  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:51:22.0990 3804  sftvsa - ok
23:51:23.0021 3804  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:51:23.0115 3804  SharedAccess - ok
23:51:23.0161 3804  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:51:23.0271 3804  ShellHWDetection - ok
23:51:23.0317 3804  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:51:23.0333 3804  SiSRaid2 - ok
23:51:23.0349 3804  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:51:23.0380 3804  SiSRaid4 - ok
23:51:23.0567 3804  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:51:23.0739 3804  Skype C2C Service - ok
23:51:23.0895 3804  [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:51:23.0926 3804  SkypeUpdate - ok
23:51:23.0941 3804  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:51:24.0051 3804  Smb - ok
23:51:24.0097 3804  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:51:24.0129 3804  SNMPTRAP - ok
23:51:24.0144 3804  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:51:24.0175 3804  spldr - ok
23:51:24.0207 3804  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:51:24.0269 3804  Spooler - ok
23:51:24.0394 3804  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:51:24.0659 3804  sppsvc - ok
23:51:24.0690 3804  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:51:24.0784 3804  sppuinotify - ok
23:51:24.0815 3804  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:51:24.0877 3804  srv - ok
23:51:24.0924 3804  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:51:24.0955 3804  srv2 - ok
23:51:24.0971 3804  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:51:25.0002 3804  srvnet - ok
23:51:25.0049 3804  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:51:25.0143 3804  SSDPSRV - ok
23:51:25.0158 3804  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:51:25.0267 3804  SstpSvc - ok
23:51:25.0330 3804  Steam Client Service - ok
23:51:25.0345 3804  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:51:25.0377 3804  stexstor - ok
23:51:25.0423 3804  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:51:25.0501 3804  stisvc - ok
23:51:25.0533 3804  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:51:25.0548 3804  swenum - ok
23:51:25.0579 3804  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:51:25.0689 3804  swprv - ok
23:51:25.0735 3804  [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:51:25.0767 3804  SynTP - ok
23:51:25.0845 3804  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:51:25.0954 3804  SysMain - ok
23:51:25.0985 3804  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:51:26.0032 3804  TabletInputService - ok
23:51:26.0079 3804  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:51:26.0188 3804  TapiSrv - ok
23:51:26.0219 3804  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:51:26.0313 3804  TBS - ok
23:51:26.0391 3804  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:51:26.0500 3804  Tcpip - ok
23:51:26.0562 3804  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:51:26.0656 3804  TCPIP6 - ok
23:51:26.0703 3804  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:51:26.0749 3804  tcpipreg - ok
23:51:26.0781 3804  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:51:26.0843 3804  TDPIPE - ok
23:51:26.0859 3804  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:51:26.0890 3804  TDTCP - ok
23:51:26.0921 3804  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:51:27.0030 3804  tdx - ok
23:51:27.0061 3804  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:51:27.0077 3804  TermDD - ok
23:51:27.0124 3804  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:51:27.0249 3804  TermService - ok
23:51:27.0280 3804  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:51:27.0311 3804  Themes - ok
23:51:27.0342 3804  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:51:27.0436 3804  THREADORDER - ok
23:51:27.0467 3804  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:51:27.0561 3804  TrkWks - ok
23:51:27.0623 3804  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:51:27.0717 3804  TrustedInstaller - ok
23:51:27.0748 3804  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:51:27.0841 3804  tssecsrv - ok
23:51:27.0873 3804  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:51:27.0919 3804  TsUsbFlt - ok
23:51:27.0951 3804  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:51:28.0075 3804  tunnel - ok
23:51:28.0107 3804  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:51:28.0138 3804  uagp35 - ok
23:51:28.0169 3804  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:51:28.0185 3804  UBHelper - ok
23:51:28.0216 3804  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:51:28.0325 3804  udfs - ok
23:51:28.0356 3804  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:51:28.0387 3804  UI0Detect - ok
23:51:28.0403 3804  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:51:28.0419 3804  uliagpkx - ok
23:51:28.0481 3804  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
23:51:28.0512 3804  umbus - ok
23:51:28.0543 3804  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:51:28.0575 3804  UmPass - ok
23:51:28.0684 3804  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:51:28.0809 3804  UNS - ok
23:51:28.0840 3804  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:51:28.0871 3804  Updater Service - ok
23:51:28.0902 3804  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:51:29.0027 3804  upnphost - ok
23:51:29.0058 3804  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:51:29.0121 3804  usbccgp - ok
23:51:29.0167 3804  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:51:29.0230 3804  usbcir - ok
23:51:29.0261 3804  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:51:29.0292 3804  usbehci - ok
23:51:29.0339 3804  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:51:29.0370 3804  usbhub - ok
23:51:29.0401 3804  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:51:29.0433 3804  usbohci - ok
23:51:29.0448 3804  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:51:29.0495 3804  usbprint - ok
23:51:29.0526 3804  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
23:51:29.0589 3804  USBSTOR - ok
23:51:29.0635 3804  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:51:29.0682 3804  usbuhci - ok
23:51:29.0729 3804  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:51:29.0791 3804  usbvideo - ok
23:51:29.0838 3804  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
23:51:29.0869 3804  usb_rndisx - ok
23:51:29.0901 3804  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:51:29.0994 3804  UxSms - ok
23:51:30.0025 3804  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:51:30.0057 3804  VaultSvc - ok
23:51:30.0072 3804  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:51:30.0088 3804  vdrvroot - ok
23:51:30.0135 3804  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:51:30.0244 3804  vds - ok
23:51:30.0259 3804  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:51:30.0291 3804  vga - ok
23:51:30.0322 3804  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:51:30.0415 3804  VgaSave - ok
23:51:30.0447 3804  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:51:30.0478 3804  vhdmp - ok
23:51:30.0509 3804  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:51:30.0540 3804  viaide - ok
23:51:30.0556 3804  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:51:30.0587 3804  volmgr - ok
23:51:30.0634 3804  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:51:30.0665 3804  volmgrx - ok
23:51:30.0696 3804  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:51:30.0743 3804  volsnap - ok
23:51:30.0774 3804  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:51:30.0805 3804  vsmraid - ok
23:51:30.0868 3804  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:51:31.0024 3804  VSS - ok
23:51:31.0039 3804  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:51:31.0086 3804  vwifibus - ok
23:51:31.0133 3804  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:51:31.0180 3804  vwififlt - ok
23:51:31.0195 3804  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:51:31.0242 3804  vwifimp - ok
23:51:31.0305 3804  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:51:31.0398 3804  W32Time - ok
23:51:31.0429 3804  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:51:31.0476 3804  WacomPen - ok
23:51:31.0507 3804  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:51:31.0617 3804  WANARP - ok
23:51:31.0617 3804  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:51:31.0710 3804  Wanarpv6 - ok
23:51:31.0804 3804  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:51:31.0913 3804  WatAdminSvc - ok
23:51:31.0991 3804  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:51:32.0085 3804  wbengine - ok
23:51:32.0116 3804  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:51:32.0163 3804  WbioSrvc - ok
23:51:32.0209 3804  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:51:32.0272 3804  wcncsvc - ok
23:51:32.0287 3804  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:51:32.0334 3804  WcsPlugInService - ok
23:51:32.0350 3804  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:51:32.0381 3804  Wd - ok
23:51:32.0412 3804  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:51:32.0475 3804  Wdf01000 - ok
23:51:32.0506 3804  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:51:32.0584 3804  WdiServiceHost - ok
23:51:32.0584 3804  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:51:32.0631 3804  WdiSystemHost - ok
23:51:32.0662 3804  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:51:32.0709 3804  WebClient - ok
23:51:32.0740 3804  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:51:32.0849 3804  Wecsvc - ok
23:51:32.0880 3804  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:51:32.0974 3804  wercplsupport - ok
23:51:33.0021 3804  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:51:33.0114 3804  WerSvc - ok
23:51:33.0145 3804  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:51:33.0239 3804  WfpLwf - ok
23:51:33.0255 3804  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:51:33.0270 3804  WIMMount - ok
23:51:33.0301 3804  WinDefend - ok
23:51:33.0317 3804  WinHttpAutoProxySvc - ok
23:51:33.0379 3804  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:51:33.0489 3804  Winmgmt - ok
23:51:33.0567 3804  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:51:33.0738 3804  WinRM - ok
23:51:33.0816 3804  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:51:33.0847 3804  WinUsb - ok
23:51:33.0910 3804  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:51:33.0972 3804  Wlansvc - ok
23:51:34.0113 3804  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:51:34.0222 3804  wlidsvc - ok
23:51:34.0269 3804  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:51:34.0300 3804  WmiAcpi - ok
23:51:34.0331 3804  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:51:34.0393 3804  wmiApSrv - ok
23:51:34.0425 3804  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:51:34.0456 3804  WPCSvc - ok
23:51:34.0487 3804  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:51:34.0549 3804  WPDBusEnum - ok
23:51:34.0581 3804  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:51:34.0674 3804  ws2ifsl - ok
23:51:34.0690 3804  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
23:51:34.0721 3804  wscsvc - ok
23:51:34.0737 3804  WSearch - ok
23:51:34.0830 3804  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:51:34.0939 3804  wuauserv - ok
23:51:34.0986 3804  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:51:35.0033 3804  WudfPf - ok
23:51:35.0080 3804  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:51:35.0127 3804  WUDFRd - ok
23:51:35.0158 3804  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:51:35.0205 3804  wudfsvc - ok
23:51:35.0251 3804  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:51:35.0314 3804  WwanSvc - ok
23:51:35.0485 3804  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:51:35.0532 3804  YahooAUService - ok
23:51:35.0548 3804  ================ Scan global ===============================
23:51:35.0579 3804  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:51:35.0610 3804  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:51:35.0610 3804  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:51:35.0641 3804  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:51:35.0673 3804  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:51:35.0673 3804  [Global] - ok
23:51:35.0688 3804  ================ Scan MBR ==================================
23:51:35.0688 3804  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:51:36.0031 3804  \Device\Harddisk0\DR0 - ok
23:51:36.0031 3804  ================ Scan VBR ==================================
23:51:36.0031 3804  [ 59D065DEA30057D126A0F925EA51B408 ] \Device\Harddisk0\DR0\Partition1
23:51:36.0031 3804  \Device\Harddisk0\DR0\Partition1 - ok
23:51:36.0063 3804  [ 97FB8E9740BACBE221A50F92D90CC55E ] \Device\Harddisk0\DR0\Partition2
23:51:36.0063 3804  \Device\Harddisk0\DR0\Partition2 - ok
23:51:36.0094 3804  [ E11BC11EDAE24ACAD419E616D738C1B8 ] \Device\Harddisk0\DR0\Partition3
23:51:36.0094 3804  \Device\Harddisk0\DR0\Partition3 - ok
23:51:36.0094 3804  ============================================================
23:51:36.0094 3804  Scan finished
23:51:36.0094 3804  ============================================================
23:51:36.0109 5760  Detected object count: 1
23:51:36.0109 5760  Actual detected object count: 1
23:51:44.0393 5760  ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:44.0393 5760  ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:51:46.0998 5608  Deinitialize success
         

Alt 30.05.2013, 23:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.05.2013, 12:59   #11
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Hallo lieber Helfer,

JRT file:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dominic on 31.05.2013 at 13:23:51,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Dominic\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Dominic\AppData\Roaming\loadtbs"
Successfully deleted: [Folder] "C:\Users\Dominic\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Dominic\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{01F8FB6B-207B-48C9-B351-9A5563140397}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{02542B20-474F-4DBD-A0EA-B7656E9AF210}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{058E23C7-8ABE-4BDD-AB33-A58FA6BF51CD}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{062F9E00-A287-41B8-AB4E-8CAF9DB5AAAB}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{078E8AF3-991D-4CD9-B6EF-A25EF9F83B15}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{08328267-1E66-4684-996D-30996436905D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{0B8337BC-DB7D-42F7-8E2E-62966606ACBF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{0D9851FB-30C1-4C7F-BF30-E97637B5A00C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{0EED2D60-EDCD-4E8D-AB1B-171C2BAFFF5A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1118CAD1-8D1A-48AD-A9E4-CEEAD05C058D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1642E000-93D8-479D-B9C1-CC6FE60FF7DA}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{16C69E5D-315B-466F-8E91-D2ED273ED65D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1794741C-5698-4054-98AC-BC2EAAA41357}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{199C5ED8-3EC8-4449-B486-89AD49EA861F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1E8CD9C2-ACE5-4EBE-B332-4C27D6D5BD6F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{21BAF03E-C26A-489F-A6A5-84F63DA6C184}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{22A7B144-AD9F-4712-BE60-5360FB963FCB}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2444176C-FD64-46C7-969D-BA281F393F4B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2900A96A-9FBE-4ECE-AE87-B1F22CE98376}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{292FA6BC-F751-49C4-A9AD-6DFAACC39BB6}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{29D61218-3FD6-4A0D-A4DB-68A320ACEF86}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2A4F6EE6-7EE2-4474-99A1-D0A1588CB912}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2BC6CAF2-2777-4968-9D7F-0C04E25D426D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2EF45248-8A29-4D80-B83A-A7EE077FEECE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2F6583DC-1F83-48E9-9F5D-EE0BEEC562E6}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{30B1C8EB-19BE-48F2-874A-97E86CDD7042}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{30F8C236-D7E5-4ED7-A77A-315B80385C6C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{31CF6DC2-5DA4-4413-AE19-910C05DBCE1F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3273CA27-667A-49B3-8094-99AC055C4031}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{327689E6-DED1-4F55-9A08-863670204BF7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{338AD03A-BD34-4C5C-8797-E628FEC33153}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3461DA13-CD11-4E0E-95E7-0052D78F74BE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{368894A4-0C57-4448-8F93-9812940688F2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3A9D3BDF-6AAF-4AAC-9F95-55A8218F5D06}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3B9229C1-09D3-44AB-ADB2-C29A57274ED4}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3C56B34F-2A65-4221-8C12-132E0B9BE8DF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3FB8F2E2-669D-45F3-82F4-944DB3C02973}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{41CB959B-35C6-4B00-A350-A1299CEA1E2A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{441673A4-70DF-4BAC-A075-7D57EFE0CF51}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4AFD3C12-F00A-4A99-853F-754AF6FC7B24}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4C1B7DA0-687F-4B7F-BE32-765BC5FB7E67}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4CEEA122-6BC3-4633-A89E-D73AB72CE2C7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4E385FEA-F71C-4891-BB04-A599D9B72C8A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4EEFB186-920E-4C75-A5E0-A3A3DA38B7A5}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{51CCF607-A129-4E19-975D-CA2A9D266DA7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{52086DD1-97A3-4337-A77D-AD0CA45A248F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{54238409-4600-41E5-90FA-5267C7EB1EBE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{5504B3C3-50BA-4957-9996-97A2C70534C1}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{5786D357-A897-4061-BC2B-65A0D20AAC57}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{57C5501E-952D-43AE-BA75-CC99B83BEA7B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{596B53F6-E19C-4075-A6AE-57BA84886AC0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{5ECF4939-3E46-4F93-A788-B0A8E266110B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{60C6437A-4B18-49AB-A385-1FE0BF7A6F43}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{641C9A2D-734A-4ACB-88DA-7844145BB7B7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{67A03D35-5270-41BD-8FF4-0775190EF512}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{68439F71-DF37-4400-945F-393321C67A5F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{69F6AC28-6479-475E-935F-D7EE4D2352E2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{6B5E893E-326A-4C0A-9C3B-D775DADE340C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{6C6715B0-0D4E-40EB-A880-2E347B62A7F6}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{6F8BA779-F923-4288-9E0C-A29EFC8F4DE5}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{71496A5D-C69C-40A3-B6EF-FF9B7CAA715F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{731C39CD-E4B8-4C6D-8243-7E9E0F2EAF07}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{74FB6F64-8260-4A0A-B792-F74D1399812A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{76FBD0AC-2CB3-4BBC-B05C-550372E5C886}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{774329BA-A01C-42F5-96DF-5D50EAA81342}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{77BEA92A-0763-46AE-96FD-317C4A5DE2F5}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{78485FF2-2559-4B63-A2A4-98906A5171DC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{7AEC0BD0-37D3-4B8C-B233-F549DC8D6C9B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{7CAC15E6-048B-48D2-BEA4-69EF3DDFBDEF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{7DEF9E11-7F83-47EC-9DEF-CBDCFB69903C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{8063FDF9-CFB8-4B50-9204-F61661CCA2AC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{80B972DA-34DD-4F80-BB4C-C9FDA2FE69B1}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{85303BB7-11AA-4C43-8E6C-AF673DBD1E9E}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{876F11C5-182C-4300-A3D0-4C63BAFD1A0C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{87CF2DEC-69DB-4134-A9C0-508FEC19D677}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{8873F635-8DED-491D-87AB-2D5ED2D574FC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{890E4039-6C3A-4F5C-9552-D87D5788C29A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{8B93023A-8BB8-426F-B27E-338D169BD019}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9055B579-66BA-47C0-AF78-A527FEC56B42}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{92A7C13A-E814-431F-92B8-A8D55EAEBEF0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{957806CD-6AE5-469F-BC9F-AC26E755A2E0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9725585E-F06E-4FF9-A2BF-8B928E0AAE84}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{973798AA-A47E-4522-A970-E4609E571293}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9782B083-4F3F-4C4A-B36B-124DE0A13E13}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9894DC89-59FD-4DD7-91B5-1C4017B82CB8}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9D6EE5D8-E873-47A9-9360-7CE68E792149}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A1D08E2B-6B57-4DF4-A948-A45AB5C9D0FA}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A57470E3-30B6-4AA7-92F8-FF51751D10EF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A634D7C7-C236-46AD-B18A-1FFE9450307E}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A7CF5052-296A-4B5A-A329-D8FABD5956D9}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A9223511-8B3B-478B-91FE-F336DF07A3A2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{AC05CBEA-A0A8-490B-AC45-DAD360DCE43F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{ADA97E34-D697-4E69-9C4F-C1994397E619}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{AF05AA3C-7DCF-468A-A355-573E1F50CDAD}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B2768729-4357-4E49-9BF6-729DB69528A9}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B2910725-3E95-4DB7-9E28-6274CB4101E8}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B355B3DD-87EE-414A-8CE7-E7650A0337C2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B493BA2B-02B0-4A70-9FD0-1FDF26E20077}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B505E12F-8C00-4688-9D02-013420C0DE41}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B5F69279-3089-4ED9-AF15-6D4DDCED30C0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B87C5836-5145-476B-85A1-643322CE87E3}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B8A2755D-D49D-4DCF-A460-82FB7630B48E}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B9BBA288-8F1B-411A-9217-A30215D4F455}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{BA498D4D-92B3-4103-AC26-EE7E58B66359}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{BD707464-327B-45C7-B44F-B522BBD4AF3C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{BEBD4382-C600-4A33-A527-DB2F17222BA3}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C07C54F1-69E5-47EA-8F67-99324C672662}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C110639E-16A3-4069-B57A-4DA5265E3346}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C30E2902-9236-4B53-AE73-067C26814695}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C319B8D5-5646-411F-8C92-E3FAF8325BA7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C508EA0B-31A3-46BA-AA86-5840E66FBFBC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C50E666D-9DF4-47AA-BE7D-3FFF6BE0065F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C5F988E6-9ACF-4F14-88DC-5D292B78ACCE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C8B80A7A-CEA3-41C8-97A4-46DC6D2DE88F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C9E07312-2DB0-4D48-BF46-C39AADD73421}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{CC151B65-2DA4-4219-ADB4-5802AF2D95CB}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{CCE40144-D977-4330-8E65-ECBD49876CF8}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D0901E21-6A6D-4AD2-BBD3-3575B0158C4D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D15EE1F2-F6D8-4BF0-A3EC-0EEF683292F0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D2CCA8DF-7D77-4282-A8E2-82A99BBE575D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D52F9E43-854F-4380-A8B8-F44BED0B28DF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D5CAC484-D731-4B5C-91EC-379B0CC772EF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D7BED9F8-7C50-49E4-89AE-9030F3946264}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D9AFCE6E-489A-476C-845C-F29B267DCDA4}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{DA28FF56-B92D-4FD8-A667-BC3CB965B7E7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{DAA26628-50C7-4A62-BA51-90F227C75077}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E2CB4E41-EC0C-44FF-AAF0-F8A64F138C0D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E5D9395E-6944-46F2-97B7-D650E4CCD271}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E6436B24-7B64-41C1-B86F-3102161DAD84}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E79E9B8A-1F85-405D-9935-BC6DAFCA91E7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{EB048B11-D67B-4AE1-91FD-5FDF65BB38BC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{EC121481-3C47-4AA1-A6E4-9ABADBC704D2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{ED8C3C8C-3999-4458-AF73-391389FC86C4}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F1F25203-329E-4459-B4AA-98A2F78EF25D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F294EE4F-CCD6-4ED5-8D3D-2067F9B49E90}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F31EB6F1-B9F0-4749-B2EF-D20D31AFEB91}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F38A5A4B-C67C-4E8B-9627-A50CCD584825}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F3A4E968-F6B7-46FB-AE38-420ECB5D2A82}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F443DC3F-5370-45D0-8D45-F45AE08D5336}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F5FF6A74-3848-488A-87E5-398ADC258003}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{FA6D9212-29CF-431B-827D-95FD20AE03ED}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{FAEF6DD1-B82D-4EFF-9971-5FA3A75112BB}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2013 at 13:30:22,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwcleaner file:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 31/05/2013 um 13:32:07 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dominic - DOMINIC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominic\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2418 octets] - [31/05/2013 13:32:07]

########## EOF - C:\AdwCleaner[S1].txt - [2478 octets] ##########
         
OTL file:

Code:
ATTFilter
OTL logfile created on: 31.05.2013 13:37:11 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominic\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,15% Memory free
7,73 Gb Paging File | 6,23 Gb Available in Paging File | 80,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 9,09 Gb Free Space | 6,31% Space Free | Partition Type: NTFS
Drive P: | 140,95 Gb Total Space | 22,56 Gb Free Space | 16,01% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominic\Desktop\OTL.exe (OldTimer Tools)
PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 41.0.202.145:8080
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: VLC Web Plugin (Enabled) = P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.05.29 16:44:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C715D9B-320F-4739-BACC-2B483D6DE224}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B692E382-B46B-49E0-8CA6-6356ABB96264}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.31 13:23:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.31 13:23:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.31 13:20:56 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dominic\Desktop\JRT.exe
[2013.05.30 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\Unified Remote
[2013.05.30 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Dominic\Desktop\mbar
[2013.05.30 15:13:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.29 16:02:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.29 16:02:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.29 16:02:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.29 16:01:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.29 16:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.29 15:56:31 | 005,073,804 | R--- | C] (Swearware) -- C:\Users\Dominic\Desktop\ComboFix.exe
[2013.05.28 18:07:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dominic\Desktop\OTL.exe
[2013.05.27 21:58:32 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\Malwarebytes
[2013.05.27 21:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.27 21:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.27 21:58:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.27 21:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1
[2013.05.27 21:50:54 | 000,000,000 | ---D | C] -- C:\Navilog1
[2013.05.26 22:34:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2013.05.26 21:16:55 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Local\Programs
[2013.05.22 20:11:04 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.22 20:02:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.22 20:02:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.22 20:02:28 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.05.22 20:02:28 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.05.22 20:02:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.05.22 20:02:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.22 20:02:10 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.22 20:02:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.22 20:02:10 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.22 20:01:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.22 20:01:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.05.22 20:01:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.05.22 20:01:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.05.22 20:01:46 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.05.22 20:01:46 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.05.22 20:01:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.05.22 20:00:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.05.21 21:41:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.05.21 09:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[2013.05.08 21:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.07 20:13:44 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.31 13:41:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 13:41:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.31 13:34:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.31 13:33:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.31 13:33:08 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.31 13:24:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
[2013.05.31 13:21:33 | 000,632,031 | ---- | M] () -- C:\Users\Dominic\Desktop\adwcleaner.exe
[2013.05.31 13:21:07 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dominic\Desktop\JRT.exe
[2013.05.31 13:21:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.31 13:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 23:56:04 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
[2013.05.30 23:48:42 | 000,000,512 | ---- | M] () -- C:\Users\Dominic\Desktop\MBR.dat
[2013.05.30 20:19:30 | 000,000,801 | ---- | M] () -- C:\Users\Dominic\Desktop\Unified Remote.lnk
[2013.05.30 18:56:02 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
[2013.05.30 18:09:23 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.30 18:09:23 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.30 18:09:23 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.30 18:09:23 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.30 18:09:23 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.30 15:18:55 | 013,169,742 | ---- | M] () -- C:\Users\Dominic\Desktop\mbar-1.06.0.1003.zip
[2013.05.30 15:16:50 | 000,377,856 | ---- | M] () -- C:\Users\Dominic\Desktop\w77yld2x.exe
[2013.05.29 16:44:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.29 16:24:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
[2013.05.29 15:56:48 | 005,073,804 | R--- | M] (Swearware) -- C:\Users\Dominic\Desktop\ComboFix.exe
[2013.05.28 19:53:44 | 000,002,384 | ---- | M] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk
[2013.05.28 18:07:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominic\Desktop\OTL.exe
[2013.05.27 21:58:05 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.26 17:41:27 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 20:11:04 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.22 11:27:48 | 000,000,622 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.21 21:57:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013.05.21 21:57:37 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013.05.21 09:41:03 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.05.16 16:30:07 | 000,131,133 | ---- | M] () -- C:\Users\Dominic\Desktop\Germany.pdf
[2013.05.07 20:13:09 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.31 13:21:22 | 000,632,031 | ---- | C] () -- C:\Users\Dominic\Desktop\adwcleaner.exe
[2013.05.30 23:48:42 | 000,000,512 | ---- | C] () -- C:\Users\Dominic\Desktop\MBR.dat
[2013.05.30 20:19:30 | 000,000,801 | ---- | C] () -- C:\Users\Dominic\Desktop\Unified Remote.lnk
[2013.05.30 15:18:24 | 013,169,742 | ---- | C] () -- C:\Users\Dominic\Desktop\mbar-1.06.0.1003.zip
[2013.05.30 15:16:36 | 000,377,856 | ---- | C] () -- C:\Users\Dominic\Desktop\w77yld2x.exe
[2013.05.29 16:02:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.29 16:02:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.29 16:02:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.29 16:02:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.29 16:02:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.27 21:58:05 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.26 21:14:38 | 000,002,384 | ---- | C] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk
[2013.05.22 20:11:04 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.21 09:41:03 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2013.05.16 16:30:07 | 000,131,133 | ---- | C] () -- C:\Users\Dominic\Desktop\Germany.pdf
[2013.01.13 22:07:13 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini
[2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.04 02:51:44 | 000,007,625 | ---- | C] () -- C:\Users\Dominic\AppData\Local\Resmon.ResmonCfg
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 22:19:02 | 000,003,584 | ---- | C] () -- C:\Users\Dominic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.16 16:20:17 | 000,000,000 | ---- | C] () -- C:\Users\Dominic\AppData\Local\{71D90A8B-6C5B-4710-A01C-C37C344ADDC5}
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 31.05.2013 13:37:11 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominic\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,15% Memory free
7,73 Gb Paging File | 6,23 Gb Available in Paging File | 80,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 9,09 Gb Free Space | 6,31% Space Free | Partition Type: NTFS
Drive P: | 140,95 Gb Total Space | 22,56 Gb Free Space | 16,01% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E6259D-7CDD-4800-BF6B-8C35C3BB4B20}" = lport=137 | protocol=17 | dir=in | app=system | 
"{190F95B1-8726-44BD-A2F5-7D1BF3118B6C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{32E08E3E-B1A7-46A3-8C3A-AFD8268ADE5B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3B5081F0-E60E-4974-8574-9DE0CF601040}" = lport=139 | protocol=6 | dir=in | app=system | 
"{40A3B9F9-7BCB-4352-8B39-72142E4CE5B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{47624B65-154B-477D-BDE8-CB2FED391854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{65D69AAD-82A9-460E-9975-B3199647B736}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{74C31532-5E19-49AB-81FA-EC565319BD15}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7A7CEDED-43BF-4C6A-9D5C-0F3F01605308}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D97BF95-9C99-4F34-AA76-CCA434FEAFE2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{92BF8E2F-6250-4F2B-A4FE-485A4BA42DC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9593422A-D0BA-4917-ADA4-2A54F9626A12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9F871B61-2F4D-43FE-A4DB-8794B8FDAE82}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0B14462-58BB-4ADA-94B1-D3803018AF5B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C5958036-DDEA-42C9-838E-F6ACEFE33160}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F11453BE-E9EB-463B-A297-E8341FF94DD6}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08757FD3-9F8A-44FC-A6EE-13D53F9AA6B5}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{0BB7A654-9293-459D-8B3F-604F2C0B7270}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1E4DD80A-89C8-4AFE-BA16-D690A5DD0CEF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{20CBF5AE-FD2C-4F7E-A354-4231E13F49A2}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe | 
"{2F326BE1-68C1-4269-9ABD-31E141F693A0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"{343BA5FE-FD65-45A9-890C-BD0C2043EF2D}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{37B607D2-28D3-495D-B313-42CA11EDE166}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{46E028C5-7ADE-489D-A90C-0B6DADD22CEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4B3E57D2-9A41-457D-B501-513FD8B54094}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{53293032-1630-4CD8-B120-BBF06396E67C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{5345F1C6-66FC-4190-AB45-BB4038C46AD4}" = protocol=6 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe | 
"{54476611-C3DB-4820-81F6-5A0A3C85E69E}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{54E0361C-19B2-4C19-9D32-2F3F610ABE3A}" = protocol=6 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{572B3711-BF54-41B7-AEC5-FCA9C418BC47}" = dir=in | app=c:\users\dominic\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{59483C95-DD1D-4F44-BCD7-2E376C69F6C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5C2530E3-1490-4935-BFDA-BB9161C6009C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{5EEAAA19-4B88-47A9-A944-B1B8B024B9CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{61A0696F-8107-4884-BE12-5039B6A29E6B}" = protocol=17 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe | 
"{6D63BD9D-CB0A-44D9-94D4-89B4D72F845B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70B57DEF-6C03-4869-A565-E9E5BC21230B}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{7560CAD5-2833-444B-AF09-8700BA77F23C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{90B735A1-D8CB-4C01-8B67-B8141AAA886F}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{966D2B8A-2F2E-4E5B-ACA3-5D31022FBEF5}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steam.exe | 
"{9BE989CB-5B6B-49B5-9DE2-D329E672C516}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steam.exe | 
"{9EEFF54A-F4A1-49A0-AFF5-A256FFD2E10A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC3105C5-73D9-4BAD-BB8B-7FEE549B2C8E}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{BCFF1487-B704-4032-90FE-E334B80C6CE7}" = protocol=17 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{C16CA4B9-512B-46C3-8AB5-365DD481E6FE}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"{CAF76FB7-DB93-4C61-B440-902AD7F380AB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D9FAEB46-3C17-44A5-BAC2-EDB936E6283C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{F122F3B7-60C7-4638-B66D-6F5F2691FD81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{F55B3A92-27A4-4398-8AA4-546316115199}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"TCP Query User{1CFB7FCD-30C0-454B-9BCA-67D80AAA3D07}P:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=p:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{1FEB5430-C188-45DC-9E75-AB47420DA4E9}P:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{31EE6465-96D8-4DC1-84D2-6F276F930D11}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"TCP Query User{4DB65B7D-0F83-448C-9460-6B4272A03D9C}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{6E1B31C9-6EDC-4603-8801-6562B78A5CEF}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{BF37AD35-5AA9-4DC6-AC0D-F4D08BEE59F9}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{CBF5AEB9-C72F-46F2-BEE0-F04812CAD6D3}P:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=p:\programme\icq7.4\icq.exe | 
"TCP Query User{D10D88BE-7DCF-4AED-B1DC-39E6A2708E3F}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{E3693444-3605-4CEA-BD2D-B8A7D7FB2F9F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{F07FA1AD-986B-4522-9A43-AFC20CC19C18}P:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{26998D77-41A3-4134-930D-61A1AFF2F498}P:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{64708352-E5BE-465B-A972-4E301290222F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{680A7734-72A9-494B-948B-5F0803A57E99}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{70314CEB-91F2-4320-9FED-703FBBA243FA}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{82442E2F-13E5-46F4-832F-DC1306030EE2}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"UDP Query User{AC74BF75-81CA-4F23-878A-A7804465A6C7}P:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=p:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{D5A479AB-304F-4B22-8488-80B31339072F}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{D8252AF0-1AFA-4357-894C-4C0F9824466F}P:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=p:\programme\icq7.4\icq.exe | 
"UDP Query User{EFF1D862-EC0E-45A0-921D-DC05627472A2}P:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{FF92CE33-8012-4EC7-B30C-27F8778E00E8}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E04AD66-9C5A-46DF-836B-29BD26194820}" = Unified Remote
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14EC371D-145C-9AC3-B3A8-EA90C6B0325E}" = PX Profile Update
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = Catalyst Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FA602928-EB59-449c-B9F7-1FBE1291B63D}" = Syndicate™
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ArgusMonitor" = ArgusMonitor
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.3" = ESN Sonar
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Identity Card" = Identity Card
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.4.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 55230" = Saints Row: The Third
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.05.2013 07:43:53 | Computer Name = Dominic-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
 
< End of report >
         

Alt 31.05.2013, 13:27   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.05.2013, 22:27   #13
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Hallo Cosinus,

ich habe jetzt Malewarebytes im Vollscanmodus, 3 mal versucht durchlaufen zu lassen, jedoch stürzt das Programm kurz vor Ende ab und der PC startet neu. Der Scan ist bei der letzten Partition und fast am Ende!

Alt 01.06.2013, 00:48   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Probier es im abgesicherten Modus mit Netzwerktreibern
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.06.2013, 21:53   #15
Trooper01010
 
TR/Dropper.gen gefunden was nun? - Standard

TR/Dropper.gen gefunden was nun?



Hallo,

sorry das es was länger gedauert hat!

Hier die logfiles.

Logfile Malewarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.02.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Dominic :: DOMINIC-PC [Administrator]

02.06.2013 18:05:44
mbam-log-2013-06-02 (18-05-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|P:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378139
Laufzeit: 1 Stunde(n), 31 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Logfile ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=88c3575aa54f5d49894e56ae6256c933
# engine=13977
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-02 08:48:22
# local_time=2013-06-02 10:48:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775166 100 96 25299 235625792 18078 0
# compatibility_mode=5893 16776573 100 94 170429 121835952 0 0
# scanned=168459
# found=3
# cleaned=0
# scan_time=7316
sh=2418E85920CA6DC829CC9C77BB9B22C5ADAE6BB4 ft=1 fh=6b49b5fbef41f671 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Dominic\Downloads\blondehexe---Meine-18-Ju00e4hrige-Stiefschwester-entjungfert---- (1).exe"
sh=2418E85920CA6DC829CC9C77BB9B22C5ADAE6BB4 ft=1 fh=6b49b5fbef41f671 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Dominic\Downloads\blondehexe---Meine-18-Ju00e4hrige-Stiefschwester-entjungfert----.exe"
sh=D47E68BDBBC03FFCB62D37D378C9A22C5B0470E1 ft=1 fh=90e4ae4d8c44f9a0 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\Dominic\Downloads\codec_pack_12918_ch.exe"
         

Antwort

Themen zu TR/Dropper.gen gefunden was nun?
administrator, adware.domaiq, anti-malware, appdata, autostart, avira, code, datei, explorer, hilfe!, install.exe, internet, internet explorer, malware, malwarebytes, microsoft, programm, roaming, scan, software, speicher, system, temp, tr/dropper.gen, trojaner, virus



Ähnliche Themen: TR/Dropper.gen gefunden was nun?


  1. Trojaner TR/Dropper.gen gefunden!
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (12)
  2. Tr/Ramnit.D und TR/Trash.GEn von Antivir gefunden, Symantec hat 097M.Dropper gefunden
    Log-Analyse und Auswertung - 20.04.2011 (7)
  3. TR Dropper.gen gefunden
    Log-Analyse und Auswertung - 13.01.2011 (29)
  4. Tr/Dropper.Gen auf dem Pc gefunden!
    Log-Analyse und Auswertung - 22.08.2010 (1)
  5. dropper gen von anti vir gefunden
    Log-Analyse und Auswertung - 30.07.2010 (1)
  6. TR/Dropper Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.06.2010 (10)
  7. TR/Dropper.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.04.2010 (10)
  8. Dropper.gen mit antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (1)
  9. dropper.gen gefunden
    Log-Analyse und Auswertung - 15.01.2010 (8)
  10. Programm 'TR/Dropper.Gen' gefunden
    Plagegeister aller Art und deren Bekämpfung - 31.07.2009 (2)
  11. TR/Dropper.Gen (Gefunden) !!!
    Log-Analyse und Auswertung - 29.07.2009 (7)
  12. TR/Dropper.gen gefunden
    Log-Analyse und Auswertung - 24.07.2009 (1)
  13. TR/Dropper.Gen gefunden
    Log-Analyse und Auswertung - 20.03.2009 (5)
  14. Trojaner TR/Dropper.gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.11.2008 (6)
  15. Trojaner Dropper.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.11.2008 (8)
  16. TR/Dropper.Gen wurde gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.10.2008 (4)
  17. TR/Dropper.Gen gefunden!!!
    Log-Analyse und Auswertung - 20.06.2008 (17)

Zum Thema TR/Dropper.gen gefunden was nun? - Guten Abend liebe Helfer, der Echtzeitscanner von AVIRA hat die Datei TR/Dropper.gen bei mir auf dem System gefunden! Was kann ich nun machen damit dieser Trojaner ordnungsgemäß entfernt wird. Bitte - TR/Dropper.gen gefunden was nun?...
Archiv
Du betrachtest: TR/Dropper.gen gefunden was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.