Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Onlinebanking Postbank durch Trojaner blockiert (https://www.trojaner-board.de/135383-onlinebanking-postbank-trojaner-blockiert.html)

Jeep 22.05.2013 21:39
Onlinebanking Postbank durch Trojaner blockiert
 
Ich komme nicht mehr ins Onlinebanking der Postbank.
Immer wenn ich die Onlineseite starte und mich eingeloggt habe, verlangt das System die Eingabe einer Tan-Nummer. Diese bekomme ich dann auch umgehend auf mein Handy geschickt. Und zwar, um eine Überweisung bei der Western Union über 450 Euro auszuführen. Habe ich natürlich nicht gemacht.
Nach Recherche im Internet weist die Postbank auf Trojaner hin, die bei Aktivierung des Postbankonlinebankings auf eine andere Seite lotsen, die haargenau so aussieht.
Ich habe dann mehrere Antivirusprogramme laufen lassen und die Probleme, die die Programme anzeigten, entfernt. Der Rechner wurde dann zwar wieder schneller, das Postbankproblem bleibt aber. Dementsprechend muß der Trojaner noch vorhanden sein.

Wie bekomme ich dieses Mistding wieder los?

Hier mein OTL-Editor:OTL Logfile:
Code:
OTL logfile created on: 22.05.2013 21:42:35 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Guido\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 42,35% Memory free
6,21 Gb Paging File | 4,29 Gb Available in Paging File | 69,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 64,96 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
 
Computer Name: GUIDO-PC | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Guido\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files\BlueStacks\HD-SharedFolder.exe (BlueStack Systems)
PRC - C:\Program Files\BlueStacks\HD-BlockDevice.exe (BlueStack Systems)
PRC - C:\Program Files\BlueStacks\HD-Network.exe (BlueStack Systems)
PRC - C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software)
PRC - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\Users\Guido\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\FS\Spyro Portal\FlashPortal.exe (FS)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Freemake)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\a1fe8589d1da1fca2fb44d351fe0598f\HD-Agent.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\88d16c876f27d3d2276494202c830597\JSON.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3440.38412__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3440.38483__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3440.38394__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3440.38413__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3440.38464__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3440.38446__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3440.38408__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3440.38437__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3440.38403__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3440.38439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3440.38414__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3440.38404__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3440.38459__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3440.38451__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3440.38414__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3440.38483__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3440.38451__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3440.38444__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3440.38438__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3440.38403__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3440.38450__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3440.38484__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3440.38482__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3440.38418__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3440.38443__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3440.38438__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3440.38433__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3440.38445__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3440.38418__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3400.34760__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3400.34770__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3440.38437__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3400.34782__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3400.34788__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3440.38438__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3400.34755__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3440.38445__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3400.34756__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3400.34807__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3400.34788__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3400.34779__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3400.34768__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3400.34770__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3400.34764__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3400.34767__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3400.34762__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3400.34774__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3400.34789__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3400.34767__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3400.34779__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3400.34777__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3400.34792__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3400.34791__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3400.34775__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3400.34791__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3440.38506__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3440.38472__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3440.38408__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3440.38478__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3440.38476__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3400.34783__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3440.38393__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3440.38392__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3400.34780__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3400.34776__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3440.38488__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3400.34762__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3400.34782__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3400.34764__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3400.34773__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3400.34776__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3400.34776__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3400.34766__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3400.34775__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3400.34774__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3400.34775__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3400.34767__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3440.38390__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3440.38399__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3440.38392__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3440.38390__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3400.34772__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3400.34783__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3440.38478__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_net_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_core_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_adv_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_html_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\ShellExtension.dll ()
MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool8) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software)
SRV - (NitroReaderDriverReadSpool3) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (SpyroService) -- C:\Program Files\FS\Spyro Portal\FlashPortal.exe (FS)
SRV - (FreemakeVideoCapture) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Freemake)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (BstHdDrv) -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech                  )
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=811&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=1612065716524915&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9003017034694632&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de___DE346
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de___DE346&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=811&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=1612065716524915&q={searchTerms}
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9003017034694632&q={searchTerms}
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF.PrevVerNPR: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Guido\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2012.10.28 14:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2012.10.28 14:52:08 | 000,000,000 | ---D | M]
 
[2012.04.13 00:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.bearshare.net
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.bearshare.net
CHR - Extension: No name found = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\
CHR - Extension: No name found = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.4.5_0\
CHR - Extension: No name found = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.4_0\
CHR - Extension: No name found = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.4_0\funmoods\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000..\Run: [IExplorer Util] C:\Users\Guido\AppData\Roaming\ie_util.exe File not found
O4 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000..\Run: [Ogyxidi] C:\Users\Guido\AppData\Roaming\Hioxa\ymniz.exe (Sysinternals - www.sysinternals.com)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86BD7927-8685-4264-AEA4-A69B37407E66}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2008666a-9ed7-11de-8881-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{2008666a-9ed7-11de-8881-001f16b5c5b1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{20f1377e-e760-11df-9ba2-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{20f1377e-e760-11df-9ba2-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3c4f97b7-195e-11e0-bd12-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{3c4f97b7-195e-11e0-bd12-001f16b5c5b1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{464d1fad-220f-11e0-ba4f-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{464d1fad-220f-11e0-ba4f-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{464d1fae-220f-11e0-ba4f-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{464d1fae-220f-11e0-ba4f-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{681d63cc-cc17-11e1-9504-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{681d63cc-cc17-11e1-9504-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{72fa5ee9-e04b-11df-b792-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72fa5ee9-e04b-11df-b792-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{97626f6b-e2c7-11df-aa36-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97626f6b-e2c7-11df-aa36-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9c8276c6-aeca-11de-84ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c8276c6-aeca-11de-84ea-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9e5ca46-fbcd-11df-b074-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b9e5ca46-fbcd-11df-b074-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c896d5c9-9e97-11de-a00c-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c896d5c9-9e97-11de-a00c-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c896d5ea-9e97-11de-a00c-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c896d5ea-9e97-11de-a00c-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c896d626-9e97-11de-a00c-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c896d626-9e97-11de-a00c-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c896d65c-9e97-11de-a00c-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c896d65c-9e97-11de-a00c-001f16b5c5b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c896d65e-9e97-11de-a00c-001f16b5c5b1}\Shell - "" = AutoRun
O33 - MountPoints2\{c896d65e-9e97-11de-a00c-001f16b5c5b1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ea077e4d-020e-11e0-bdb3-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{ea077e4d-020e-11e0-bdb3-028037ec0200}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ea077e4f-020e-11e0-bdb3-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{ea077e4f-020e-11e0-bdb3-028037ec0200}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 21:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2013.05.20 15:46:49 | 000,000,000 | ---D | C] -- C:\Users\Guido\untere Wohnung
[2013.05.17 16:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013.05.17 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\BlueStacks
[2013.05.17 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013.05.17 16:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013.05.14 17:35:21 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Ivly
[2013.05.14 17:35:21 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Ilvy
[2013.05.14 17:35:21 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Hioxa
[2013.05.09 14:09:36 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\libimobiledevice
[2013.04.29 21:13:08 | 000,000,000 | ---D | C] -- C:\Users\Guido\Onkel Dieter 3
[2013.04.29 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\Guido\Onkel Dieter 2
[2013.04.29 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\Guido\Onkel Dieter 1
[2011.04.17 20:05:38 | 000,695,296 | R--- | C] (AnjoCaido) -- C:\Users\Guido\Minecraft.exe
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Guido\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Guido\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Guido\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Guido\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 21:40:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 21:25:18 | 000,002,591 | ---- | M] () -- C:\Users\Guido\Desktop\Microsoft Office Word 2007.lnk
[2013.05.22 21:06:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2013.05.22 21:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 20:58:32 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.22 20:58:32 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.22 20:58:32 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.22 20:58:32 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.22 20:54:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 20:51:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 20:51:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 20:51:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 20:47:38 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.21 16:33:40 | 000,002,633 | ---- | M] () -- C:\Users\Guido\Desktop\Microsoft Office PowerPoint 2007.lnk
[2013.05.18 12:40:52 | 000,007,160 | ---- | M] () -- C:\Users\Guido\AppData\Local\d3d9caps.dat
[2013.05.17 16:49:38 | 000,001,640 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2013.05.16 03:32:23 | 000,406,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.12 23:02:07 | 000,003,072 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\fotobook Designer Prefsv3
[2013.05.10 22:27:18 | 000,145,920 | ---- | M] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.09 19:19:22 | 000,002,593 | ---- | M] () -- C:\Users\Guido\Desktop\Microsoft Office Excel 2007.lnk
[2013.05.01 09:02:45 | 000,002,722 | ---- | M] () -- C:\Users\Guido\AppData\Local\recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2013.05.17 16:49:38 | 000,001,640 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2013.05.01 09:02:45 | 000,002,722 | ---- | C] () -- C:\Users\Guido\AppData\Local\recently-used.xbel
[2013.04.17 21:39:06 | 000,003,072 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\fotobook Designer Prefsv3
[2012.11.01 13:00:37 | 000,412,640 | ---- | C] () -- C:\Users\Guido\Unbenannt.xcf
[2012.03.11 18:29:16 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.12.01 10:00:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.11.18 22:47:54 | 000,000,930 | ---- | C] () -- C:\ProgramData\AF9005 BDA Tuner Filter.DTV
[2010.09.18 11:53:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.05 03:05:06 | 000,001,463 | ---- | C] () -- C:\Users\Guido\AppData\Local\RecConfig.xml
[2009.10.02 23:40:52 | 000,007,160 | ---- | C] () -- C:\Users\Guido\AppData\Local\d3d9caps.dat
[2009.09.10 18:27:24 | 000,145,920 | ---- | C] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Guido\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Guido\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Guido\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Guido\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Guido\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Guido\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.11.23 18:49:09 | 000,000,000 | -HSD | M] -- C:\Users\Guido\AppData\Roaming\.#
[2013.05.21 09:51:09 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\.minecraft
[2009.07.26 17:29:35 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Acer GameZone Console
[2013.03.03 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Audacity
[2013.03.09 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\BOM
[2012.06.09 14:20:53 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canneverbe Limited
[2012.07.24 17:40:42 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canon
[2013.03.21 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\cef-cache
[2012.12.28 22:11:06 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Downloaded Installations
[2012.11.29 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\DVDVideoSoft
[2012.07.10 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\elsterformular
[2009.11.02 16:17:09 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\eSobi
[2012.12.28 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\FileOpen
[2013.04.17 21:37:47 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\fotobook Designer
[2010.11.16 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\GetRightToGo
[2013.05.14 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Hioxa
[2013.05.14 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Ilvy
[2013.05.21 16:31:09 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Ivly
[2013.03.17 10:14:25 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MusicNet
[2013.01.04 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MyPhoneExplorer
[2013.02.04 16:00:41 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Nitro
[2013.04.14 16:09:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Nitro PDF
[2012.11.29 21:00:57 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\OpenCandy
[2013.01.06 17:06:46 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pacman3d
[2012.09.26 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Party
[2013.01.06 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pax_full.exe
[2012.12.29 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\pdfforge
[2010.03.10 10:48:49 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\PowerCinema
[2010.03.10 10:48:56 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\SoftDMA
[2012.12.29 16:53:39 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Steganos
[2012.10.28 14:52:18 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\TuneUp Software
[2009.10.04 14:12:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Ulead Systems
[2012.07.03 20:01:16 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Unity
[2013.03.23 23:34:45 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\UseNeXT
[2013.01.06 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Wildlife Park 2
[2013.01.06 17:56:35 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
[2012.06.05 22:36:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Windows Live Writer
[2012.07.08 13:08:11 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\WordToPDF
[2012.09.21 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\PowerCinema
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E

< End of report >
--- --- ---


und der Extras-Editor:OTL Logfile:
Code:
OTL Extras logfile created on: 22.05.2013 21:42:35 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Guido\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 42,35% Memory free
6,21 Gb Paging File | 4,29 Gb Available in Paging File | 69,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 64,96 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
 
Computer Name: GUIDO-PC | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Classes\<extension>]
.html [@ = TorchHTML.WNQRDRLHKAYAJCSGB2H6BDIYMY] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22444459-4761-48BA-9F45-72CE345E7145}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{299645F0-2C24-433F-A9AB-1F055ED717A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{3EB4D2A5-D551-4B0C-AEB5-1B1AFA2EE6EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4597D81B-E5DA-4DB3-A631-9504447402CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{46A49843-EFD4-40C4-9812-C53BE4BE8C63}" = rport=137 | protocol=17 | dir=out | app=system |
"{48AA549E-6CB0-4437-8710-4CD34C97179D}" = rport=139 | protocol=6 | dir=out | app=system |
"{611E7233-5E8E-4843-962C-88553C598FE7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64D2B997-7C5A-4BBE-8EA8-B8A5B455C4F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{697F4D32-0BA2-42B2-8463-5547AD1FE41E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76555E63-CBD8-4C74-B5E1-B7E3320BFF7C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{78DF719F-29FF-4115-AAEF-C2F2527FE1BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F086BA4-E5EE-4191-BF94-0F6A6CC71746}" = rport=445 | protocol=6 | dir=out | app=system |
"{83F672E8-4266-42CB-83C2-3BE20A9E52BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{8EABF21C-7A43-4700-AF27-FBC7FEFD0FC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A18F001B-CD46-45CB-B8A2-5E8BD48CAFFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5076E40-C470-4A04-829B-D3F877330A3B}" = lport=445 | protocol=6 | dir=in | app=system |
"{AA0B5545-2E9D-4B59-85A4-21B68A0FA270}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6D4711C-47CC-468A-9941-9BDF3BCD1543}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C06E7E2D-2EBC-4995-870F-720061610CA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8DF27F-B59B-478C-A9C2-774AE31F5427}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0D505F0F-38D8-44DE-BDF6-638A98531CFA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{244296A5-6088-4A4E-8A24-715467AFA15D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{382DF885-C275-4018-A0DF-F5FC0B388BF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B36DB5A-3407-4D96-A4BF-24F6B30F3CA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C646190-E672-44DB-8BEE-5C881361777C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FCF5EA5-376D-4B33-8859-8D913A9AD1E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{44416420-7649-4DE0-9A31-62F42ACA0AC5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{52EEA51E-D15A-4B10-A45D-A4AF2AF29ED6}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{55A2FE4C-D4D1-48E4-A9B0-4DCF48B64850}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{61F64626-C418-4AB6-A7DB-0F2C3C103EBF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6C675CFB-6DD6-4134-8D74-E67B719EABF2}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9B072503-62C0-48BF-A00E-98C6751360DF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{9C4D2F0C-797F-46A1-A1F1-7D87EE39DE26}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{9C98D24F-A8BB-4410-BD88-168F94E203EB}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A5991681-B1B2-484B-94C6-CF8D4AA2DBA0}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AED7C14A-F90F-4AA5-895C-E9FFFDA5627C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{B5489057-C9CB-4FA6-B0ED-57FC30B36094}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C1583E57-A6C9-4C67-A4FA-DC560AD7990F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C923D616-4F6C-4E32-9407-DFF63303A6ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CB0091D1-6AC5-413D-BA3E-AC7BF7AE9354}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{DBD1E3BD-E754-4828-8A87-9B2684D9A564}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{DED89334-4FF3-4E05-9CEE-315919EA2D54}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{E3EF5A5E-02D4-45C1-AC89-9A1AFC3752FA}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{F753AA40-166D-42B9-8DF7-09C273AEE09D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD3C145F-CD52-4858-AC78-45C70D193D33}" = dir=in | app=c:\users\guido\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{FF052B33-F7F0-49EA-8579-A0B8EFFFBBA2}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{FFA19EB9-F028-4C19-A3CE-F454AC42AE22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{82EAE218-DBF8-4A96-A6D6-C08533C30A40}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{8A6B9D98-267F-4DC5-8E0E-C7CCC74C4167}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{8FAE25AF-2A6D-42AE-860C-3C30D6444836}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B8933E21-4ABF-4FAA-AA43-C9D4F3A50A75}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{BC4CFE83-9EB8-48C7-ABC9-AEF7407C6E89}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{C9BCD880-82B2-4579-9FFD-62211F6FB8D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{300DF0A7-04B1-499A-9AD7-B084E5329931}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{599DA7E1-09FA-4D9F-A767-CD7523FE3E06}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{5A10A075-564D-4EAC-976A-231F28A32D50}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{62CD9362-16F8-4042-87F0-ABF0C2481349}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A96CA291-28BD-4EB4-9DA6-5FA950E1EDB7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{DDA31DA7-2282-4C3F-B0C3-75B49D61730B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033F0CE1-B6FC-EC7A-7914-81F14C8DBA0F}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B95480-732A-1081-8A94-D924326AF36F}" = CCC Help English
"{0945589B-6CC4-FA00-3CBE-BD6028B26063}" = CCC Help Turkish
"{0EAE6EF9-010E-0734-D0A0-2BB8040F90EA}" = CCC Help French
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{133C8002-B64F-C9E7-7DAC-21BAE58DC041}" = CCC Help Russian
"{150715F0-2800-A3C5-836E-F4F98AE3A775}" = ccc-core-static
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EFABF6-7373-7755-4EA4-5240E7CCEEF7}" = Catalyst Control Center Graphics Previews Vista
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 38
"{270629EB-D776-04FC-0631-256177B7A021}" = CCC Help Swedish
"{29D2987A-9FBC-1BD3-E463-12D50D94DBFC}" = Catalyst Control Center Graphics Full New
"{2AB22900-5718-4617-523B-9DFDECB4749D}" = CCC Help Italian
"{32167B80-C0C6-4AB8-A5A6-3177FC8F069A}" = Nitro Pro 8
"{3956AEA0-9299-CA45-5BF1-5A721F8E3A21}" = CCC Help Chinese Traditional
"{3C152296-D7E4-59F4-B07E-43587CE985FE}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{502D4628-92AD-416A-0580-00D64320DBB7}" = ATI Catalyst Install Manager
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63104E84-532C-4011-A4F4-AD6EDF8CC214}" = SpyroDriver
"{66CB1DC8-FBA1-7436-08F3-061F7CB72C80}" = Skins
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C497312-7C1E-BB3C-D143-B8FD0C894CF1}" = CCC Help Polish
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A92A322-1A10-4153-B551-D547AA9B4649}" = Die Legende von Kongo King
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD
"{88FC0C01-E4AA-3C3E-4612-3F11E69EF188}" = CCC Help German
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E3A37D-D424-C725-E06A-71C1151F682A}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{A141F87A-A73B-368D-AB65-A997B3D1D2C4}" = CCC Help Spanish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4B004B0-B6D3-4BA8-B012-3F79A931CF9E}" = BlueStacks Notification Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD2CA33-F716-4D1B-31F9-B52A847C4AF1}" = CCC Help Hungarian
"{AB104276-19BC-D12E-90EE-D358003A4EAF}" = CCC Help Greek
"{ABBD20D8-60E7-885B-734A-DE745BFDF43B}" = CCC Help Czech
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AEE701D3-6AF7-A8D5-145E-D0C01D528FAD}" = ccc-utility
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5080F69-EE95-49DC-F8A1-B7CBB2B5028D}" = CCC Help Korean
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CB5308-3B67-9861-97F5-0EB31CE21E63}" = CCC Help Chinese Standard
"{B7020783-0AB1-8D67-E850-673BD0C61E7F}" = CCC Help Thai
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81EB1DB-8F56-4852-BCEB-B598DF3F63E6}_is1" = Mustrum 2.1.2
"{B8C72ECE-87C6-4676-B949-519C1954F9F2}" = SpyroPortalDriver
"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0354121-07AF-DE06-1D0F-7490EFE2F67A}" = Catalyst Control Center Graphics Full Existing
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{DA163DB8-C795-9EF2-7CF2-8B570BA9E39E}" = CCC Help Portuguese
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E36BE564-B727-A80D-E9F0-7FFEB69120E5}" = CCC Help Dutch
"{E5A56A6C-7656-969C-457A-E7600A6F169B}" = Catalyst Control Center Graphics Light
"{E5D9A29A-8903-968F-6394-CB8CC151084C}" = Catalyst Control Center Localization All
"{EE03DA2C-2154-7298-4461-F76C615932A9}" = CCC Help Japanese
"{EE9DEA81-3B77-7135-0E5B-B8C3092FE88A}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A3F881-2154-4456-A767-2D638454BCED}" = Nitro Reader 3
"3D Pickman" = 3D Pickman
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"BearShare" = BearShare
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"BlueStacks App Player" = BlueStacks App Player
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E.M. Free Photo Collage 1.30_is1" = E.M. Free Photo Collage 1.30
"E.M. Multilayer Image Processing SDK 1.30_is1" = E.M. Multilayer Image Processing SDK 1.30
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.20.1031
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"iLivid" = iLivid
"ilividtoolbargaw" = Search-Results Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"Kate's Video Cutter_is1" = Kate's Video Cutter 2.8.4
"Lexmark X1100 Series" = Lexmark X1100 Series
"LG Internet Kit" = LG Internet Kit
"LManager" = Launch Manager
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Midifile Optimizer 7 DEMO_is1" = Midifile Optimizer 7 - Version 7.4.1.9296
"Mobile Partner" = Mobile Partner
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"PartyGammon" = PartyGammon
"Recuva" = Recuva
"Searchqu Toolbar" = Searchqu Toolbar
"Sweet Home 3D_is1" = Sweet Home 3D version 3.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VLC media player" = VLC media player 1.1.5
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"VueScan" = VueScan
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fotobook Designer" = fotobook Designer
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2013 06:42:28 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4067929
 
Error - 09.02.2013 06:42:28 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4067929
 
Error - 09.02.2013 06:42:30 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.02.2013 06:42:30 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4069691
 
Error - 09.02.2013 06:42:30 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4069691
 
Error - 09.02.2013 06:42:31 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.02.2013 06:42:31 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4070783
 
Error - 09.02.2013 06:42:31 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4070783
 
Error - 09.02.2013 06:42:32 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.02.2013 06:42:32 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4071875
 
Error - 09.02.2013 06:42:32 | Computer Name = Guido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4071875
 
[ OSession Events ]
Error - 05.11.2012 11:50:37 | Computer Name = Guido-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session
lasted 194142 seconds with 2520 seconds of active time.  This session ended with
 a crash.
 
Error - 28.11.2012 14:01:02 | Computer Name = Guido-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session
lasted 2051 seconds with 780 seconds of active time.  This session ended with a
crash.
 
[ System Events ]
Error - 21.05.2013 11:04:32 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.05.2013 16:48:36 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.05.2013 17:00:25 | Computer Name = Guido-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 22.05.2013 13:08:25 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 22.05.2013 13:09:08 | Computer Name = Guido-PC | Source = DCOM | ID = 10005
Description =
 
Error - 22.05.2013 13:09:08 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 22.05.2013 13:09:08 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 22.05.2013 14:45:12 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 22.05.2013 14:47:30 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 22.05.2013 14:52:43 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


Gmer funktioniert nicht bis zum Ende und wird aufgrund eines Problems geschlossen.

Wer kann mir helfen?:heulen:

Mist,
falsches Thema erwischt.
Diese Hilfe suche sollte iegentlich in 'Plagegeister aller Art und deren Bekämpfung' landen.
Wie kann ich den o.a. Beitrag dahin verschieben?

Besten Dank an alle im Voraus

Mist,
falsches Thema erwischt.
Diese Hilfe suche sollte iegentlich in 'Plagegeister aller Art und deren Bekämpfung' landen.
Wie kann ich den o.a. Beitrag dahin verschieben?

Besten Dank an alle im Voraus

cosinus 22.05.2013 22:16
Hallo und :hallo:

Dieses Unterforum ist schon ok für deinen Strang.

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Jeep 23.05.2013 16:15
Hallo Cosinus,

allerbesten Dank schon einmal im Voraus für Deine Hilfe.
Es ist schon sehr beruhigend, dass da jemand ist, der einem helfen will.

Ich habe die Ereignisse der letzten Monate blöderweise letzte Woche entfernt. Von daher kann ich Dir nur folgende Berichte zeigen:

Berichte von Aviara Anti Virus:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 22. Mai 2013 21:14

Es wird nach 4686945 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : GUIDO-PC

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 15.11.2012 18:39:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.05.2012 15:46:18
LUKE.DLL : 12.3.0.15 68304 Bytes 10.05.2012 15:46:18
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.05.2012 15:46:19
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 15:46:19
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:40:34
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:26:40
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 18:26:40
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 18:26:40
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 18:26:40
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 18:26:40
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 18:26:40
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 18:26:40
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 18:26:40
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 18:26:40
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 18:26:40
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 18:26:40
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 18:26:40
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 18:26:40
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 05:08:11
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 06:34:41
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 06:34:39
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 16:29:24
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 16:29:32
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 17:15:15
VBASE020.VDF : 7.11.77.145 141312 Bytes 10.05.2013 19:21:59
VBASE021.VDF : 7.11.77.225 155648 Bytes 12.05.2013 15:27:28
VBASE022.VDF : 7.11.78.21 202752 Bytes 13.05.2013 15:27:29
VBASE023.VDF : 7.11.78.71 140800 Bytes 13.05.2013 15:27:43
VBASE024.VDF : 7.11.78.147 167936 Bytes 15.05.2013 18:32:37
VBASE025.VDF : 7.11.78.207 147456 Bytes 16.05.2013 20:34:51
VBASE026.VDF : 7.11.79.17 198656 Bytes 17.05.2013 05:43:45
VBASE027.VDF : 7.11.79.81 251392 Bytes 20.05.2013 07:56:50
VBASE028.VDF : 7.11.79.149 242688 Bytes 22.05.2013 18:47:46
VBASE029.VDF : 7.11.79.150 2048 Bytes 22.05.2013 18:47:46
VBASE030.VDF : 7.11.79.151 2048 Bytes 22.05.2013 18:47:46
VBASE031.VDF : 7.11.79.174 122880 Bytes 22.05.2013 18:47:46
Engineversion : 8.2.12.44
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 09:36:04
AESCRIPT.DLL : 8.1.4.116 487805 Bytes 16.05.2013 20:34:56
AESCN.DLL : 8.1.10.4 131446 Bytes 27.03.2013 18:02:42
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:45:55
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 17:49:26
AEPACK.DLL : 8.3.2.12 754040 Bytes 08.05.2013 16:29:40
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 07:28:02
AEHEUR.DLL : 8.1.4.368 5943673 Bytes 16.05.2013 20:34:56
AEHELP.DLL : 8.1.25.10 258425 Bytes 08.05.2013 16:29:34
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 16:29:33
AEEXP.DLL : 8.4.0.30 201078 Bytes 16.05.2013 20:34:56
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 09:36:04
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 16:08:29
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:49:43
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.05.2012 15:46:18
AVPREF.DLL : 12.3.0.32 50720 Bytes 15.11.2012 18:39:48
AVREP.DLL : 12.3.0.15 179208 Bytes 10.05.2012 15:46:19
AVARKT.DLL : 12.3.0.33 209696 Bytes 15.11.2012 18:39:47
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.05.2012 15:46:18
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.05.2012 15:46:19
AVSMTP.DLL : 12.3.0.32 63480 Bytes 09.08.2012 17:03:58
NETNT.DLL : 12.3.0.15 17104 Bytes 10.05.2012 15:46:19
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 09.08.2012 17:02:07
RCTEXT.DLL : 12.3.0.32 98848 Bytes 15.11.2012 18:39:42

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_519d13a1\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Mittwoch, 22. Mai 2013 21:14

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OTL.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_7_700_202_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkbmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-Agent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'datamngrUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LXBKbmgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteganosHotKeyService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-SharedFolder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-BlockDevice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-Network.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPortal.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService8.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkcoms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CaptureLibService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HD-LogRotatorService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Guido\AppData\Roaming\ie_util.exe.vir'
C:\Users\Guido\AppData\Roaming\ie_util.exe.vir
[FUND] Ist das Trojanische Pferd TR/Ransom.Blocker.bfwg
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5235b329.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 22. Mai 2013 21:14
Benötigte Zeit: 00:24 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
96 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
95 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 10. Mai 2013 13:00

Es wird nach 4548366 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : GUIDO-PC

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 15.11.2012 18:39:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.05.2012 15:46:18
LUKE.DLL : 12.3.0.15 68304 Bytes 10.05.2012 15:46:18
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.05.2012 15:46:19
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 15:46:19
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:40:34
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:26:40
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 18:26:40
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 18:26:40
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 18:26:40
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 18:26:40
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 18:26:40
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 18:26:40
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 18:26:40
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 18:26:40
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 18:26:40
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 18:26:40
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 18:26:40
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 18:26:40
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 05:08:11
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 06:34:41
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 06:34:39
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 16:29:24
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 16:29:32
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 17:15:15
VBASE020.VDF : 7.11.77.42 2048 Bytes 08.05.2013 17:15:15
VBASE021.VDF : 7.11.77.43 2048 Bytes 08.05.2013 17:15:15
VBASE022.VDF : 7.11.77.44 2048 Bytes 08.05.2013 17:15:15
VBASE023.VDF : 7.11.77.45 2048 Bytes 08.05.2013 17:15:15
VBASE024.VDF : 7.11.77.46 2048 Bytes 08.05.2013 17:15:15
VBASE025.VDF : 7.11.77.47 2048 Bytes 08.05.2013 17:15:15
VBASE026.VDF : 7.11.77.48 2048 Bytes 08.05.2013 17:15:15
VBASE027.VDF : 7.11.77.49 2048 Bytes 08.05.2013 17:15:15
VBASE028.VDF : 7.11.77.50 2048 Bytes 08.05.2013 17:15:15
VBASE029.VDF : 7.11.77.51 2048 Bytes 08.05.2013 17:15:15
VBASE030.VDF : 7.11.77.52 2048 Bytes 08.05.2013 17:15:15
VBASE031.VDF : 7.11.77.112 91136 Bytes 09.05.2013 17:15:16
Engineversion : 8.2.12.38
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 09:36:04
AESCRIPT.DLL : 8.1.4.112 483709 Bytes 08.05.2013 16:29:41
AESCN.DLL : 8.1.10.4 131446 Bytes 27.03.2013 18:02:42
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:45:55
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 17:49:26
AEPACK.DLL : 8.3.2.12 754040 Bytes 08.05.2013 16:29:40
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 07:28:02
AEHEUR.DLL : 8.1.4.348 5890425 Bytes 08.05.2013 16:29:39
AEHELP.DLL : 8.1.25.10 258425 Bytes 08.05.2013 16:29:34
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 16:29:33
AEEXP.DLL : 8.4.0.26 201078 Bytes 04.05.2013 06:34:49
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 09:36:04
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 16:08:29
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:49:43
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.05.2012 15:46:18
AVPREF.DLL : 12.3.0.32 50720 Bytes 15.11.2012 18:39:48
AVREP.DLL : 12.3.0.15 179208 Bytes 10.05.2012 15:46:19
AVARKT.DLL : 12.3.0.33 209696 Bytes 15.11.2012 18:39:47
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.05.2012 15:46:18
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.05.2012 15:46:19
AVSMTP.DLL : 12.3.0.32 63480 Bytes 09.08.2012 17:03:58
NETNT.DLL : 12.3.0.15 17104 Bytes 10.05.2012 15:46:19
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 09.08.2012 17:02:07
RCTEXT.DLL : 12.3.0.32 98848 Bytes 15.11.2012 18:39:42

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51827b17\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Freitag, 10. Mai 2013 13:00

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'javaw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_6_602_180_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'POWERPNT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fotobook Designer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkbmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'datamngrUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LXBKbmgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteganosHotKeyService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPortal.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService8.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkcoms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CaptureLibService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HT6VHZEQ\iLividSetup-r390-n-bi[1].exe'
C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HT6VHZEQ\iLividSetup-r390-n-bi[1].exe
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!


Ende des Suchlaufs: Freitag, 10. Mai 2013 13:02
Benötigte Zeit: 01:48 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
120 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
119 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise




Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 10. Mai 2013 13:00

Es wird nach 4548366 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : GUIDO-PC

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 15.11.2012 18:39:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.05.2012 15:46:18
LUKE.DLL : 12.3.0.15 68304 Bytes 10.05.2012 15:46:18
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.05.2012 15:46:19
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 15:46:19
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:40:34
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:26:40
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 18:26:40
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 18:26:40
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 18:26:40
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 18:26:40
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 18:26:40
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 18:26:40
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 18:26:40
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 18:26:40
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 18:26:40
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 18:26:40
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 18:26:40
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 18:26:40
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 05:08:11
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 06:34:41
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 06:34:39
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 16:29:24
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 16:29:32
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 17:15:15
VBASE020.VDF : 7.11.77.42 2048 Bytes 08.05.2013 17:15:15
VBASE021.VDF : 7.11.77.43 2048 Bytes 08.05.2013 17:15:15
VBASE022.VDF : 7.11.77.44 2048 Bytes 08.05.2013 17:15:15
VBASE023.VDF : 7.11.77.45 2048 Bytes 08.05.2013 17:15:15
VBASE024.VDF : 7.11.77.46 2048 Bytes 08.05.2013 17:15:15
VBASE025.VDF : 7.11.77.47 2048 Bytes 08.05.2013 17:15:15
VBASE026.VDF : 7.11.77.48 2048 Bytes 08.05.2013 17:15:15
VBASE027.VDF : 7.11.77.49 2048 Bytes 08.05.2013 17:15:15
VBASE028.VDF : 7.11.77.50 2048 Bytes 08.05.2013 17:15:15
VBASE029.VDF : 7.11.77.51 2048 Bytes 08.05.2013 17:15:15
VBASE030.VDF : 7.11.77.52 2048 Bytes 08.05.2013 17:15:15
VBASE031.VDF : 7.11.77.112 91136 Bytes 09.05.2013 17:15:16
Engineversion : 8.2.12.38
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 09:36:04
AESCRIPT.DLL : 8.1.4.112 483709 Bytes 08.05.2013 16:29:41
AESCN.DLL : 8.1.10.4 131446 Bytes 27.03.2013 18:02:42
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:45:55
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 17:49:26
AEPACK.DLL : 8.3.2.12 754040 Bytes 08.05.2013 16:29:40
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 07:28:02
AEHEUR.DLL : 8.1.4.348 5890425 Bytes 08.05.2013 16:29:39
AEHELP.DLL : 8.1.25.10 258425 Bytes 08.05.2013 16:29:34
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 16:29:33
AEEXP.DLL : 8.4.0.26 201078 Bytes 04.05.2013 06:34:49
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 09:36:04
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 16:08:29
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:49:43
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.05.2012 15:46:18
AVPREF.DLL : 12.3.0.32 50720 Bytes 15.11.2012 18:39:48
AVREP.DLL : 12.3.0.15 179208 Bytes 10.05.2012 15:46:19
AVARKT.DLL : 12.3.0.33 209696 Bytes 15.11.2012 18:39:47
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.05.2012 15:46:18
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.05.2012 15:46:19
AVSMTP.DLL : 12.3.0.32 63480 Bytes 09.08.2012 17:03:58
NETNT.DLL : 12.3.0.15 17104 Bytes 10.05.2012 15:46:19
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 09.08.2012 17:02:07
RCTEXT.DLL : 12.3.0.32 98848 Bytes 15.11.2012 18:39:42

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51827b17\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Freitag, 10. Mai 2013 13:00

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'javaw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_6_602_180_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'POWERPNT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyncServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fotobook Designer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkbmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'datamngrUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LXBKbmgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteganosHotKeyService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPortal.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService8.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbkcoms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CaptureLibService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HT6VHZEQ\iLividSetup-r390-n-bi[1].exe'
C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HT6VHZEQ\iLividSetup-r390-n-bi[1].exe
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '526d78f5.qua' verschoben!


Ende des Suchlaufs: Freitag, 10. Mai 2013 13:02
Benötigte Zeit: 01:40 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
119 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
118 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise

Aus Aviara Ereignisse habe ich nur noch folgendes:
Die Datei 'C:\Users\Guido\AppData\Roaming\ie_util.exe.vir'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bfwg' [trojan].
Durchgeführte Aktion(en):
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5235b329.qua' verschoben!

In der Datei 'C:\Users\Guido\AppData\Roaming\ie_util.exe.vir'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bfwg' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Users\Guido\AppData\Roaming\ie_util.exe.vir'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bfwg' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Mehr kann ich Dir leider nicht anbieten.

Wie gesagt, besten Dank schon mal im Voraus
Gruß
Guido

cosinus 23.05.2013 21:05
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jeep 25.05.2013 07:52
so, hier ist das Logfile von Combofix:

Combofix Logfile:
Code:
ComboFix 13-05-24.01 - Guido 25.05.2013  8:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1601 [GMT 2:00]
ausgeführt von:: c:\users\Guido\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\SEARCH~1\Datamngr\BROWSE~1.DLL
c:\programdata\AF9005 BDA Tuner Filter.DTV
c:\users\Guido\AppData\Local\lame_enc.dll
c:\users\Guido\AppData\Local\no23xwrapper.dll
c:\users\Guido\AppData\Local\ogg.dll
c:\users\Guido\AppData\Local\vorbis.dll
c:\users\Guido\AppData\Local\vorbisenc.dll
c:\users\Guido\AppData\Local\vorbisfile.dll
c:\users\Guido\AppData\Roaming\.#
c:\users\Guido\AppData\Roaming\.#\MBX@F84@372928.###
c:\users\Guido\AppData\Roaming\.#\MBX@F84@372958.###
c:\users\Guido\AppData\Roaming\.#\MBX@F84@372988.###
c:\users\Guido\AppData\Roaming\Hioxa
c:\users\Guido\AppData\Roaming\Hioxa\ymniz.exe
c:\windows\system32\AF05BDAEX.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-25 bis 2013-05-25  ))))))))))))))))))))))))))))))
.
.
2013-05-25 06:33 . 2013-05-25 06:33        --------        d-----w-        c:\users\Sicherheit\AppData\Local\temp
2013-05-25 06:33 . 2013-05-25 06:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-24 14:00 . 2013-05-24 14:00        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B84F827B-4F53-42D1-9193-D014EB31A35C}\offreg.dll
2013-05-24 13:51 . 2013-05-13 23:49        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B84F827B-4F53-42D1-9193-D014EB31A35C}\mpengine.dll
2013-05-23 19:51 . 2013-05-23 19:51        --------        d-----w-        c:\program files\Common Files\Java
2013-05-23 19:51 . 2013-05-23 19:50        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-05-23 14:58 . 2013-05-02 00:06        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-20 13:46 . 2013-05-20 13:47        --------        d-----w-        c:\users\Guido\untere Wohnung
2013-05-17 14:48 . 2013-05-22 18:56        --------        d-----w-        c:\programdata\BlueStacksSetup
2013-05-16 01:12 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-15 18:37 . 2013-04-15 14:20        638328        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:37 . 2013-04-13 10:56        37376        ----a-w-        c:\windows\system32\cdd.dll
2013-05-15 18:37 . 2013-04-09 01:36        2049024        ----a-w-        c:\windows\system32\win32k.sys
2013-05-14 15:35 . 2013-05-21 14:31        --------        d-----w-        c:\users\Guido\AppData\Roaming\Ivly
2013-05-14 15:35 . 2013-05-14 15:35        --------        d-----w-        c:\users\Guido\AppData\Roaming\Ilvy
2013-05-10 07:57 . 2013-05-10 07:57        187456        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 12:09 . 2013-05-13 17:06        --------        d-----w-        c:\users\Guido\AppData\Local\libimobiledevice
2013-04-29 19:13 . 2013-05-06 18:51        --------        d-----w-        c:\users\Guido\Onkel Dieter 3
2013-04-29 19:09 . 2013-04-30 08:21        --------        d-----w-        c:\users\Guido\Onkel Dieter 2
2013-04-29 19:02 . 2013-05-06 18:26        --------        d-----w-        c:\users\Guido\Onkel Dieter 1
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-23 19:50 . 2012-07-12 12:07        866720        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-05-23 19:50 . 2010-12-29 21:30        788896        ----a-w-        c:\windows\system32\deployJava1.dll
2013-05-15 18:33 . 2012-05-28 18:52        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 18:33 . 2012-05-28 18:52        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-03-11 13:25 . 2013-04-10 16:06        3603816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 16:06        3551080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 16:06        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 16:06        64000        ----a-w-        c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 16:05        376320        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 16:05        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 16:06        1082232        ----a-w-        c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFile.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
2011-05-09 09:49        176936        ----a-w-        c:\program files\FileConverter_1.3\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-08 09:55        297808        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFile.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02        120104        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-26 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-18 30192]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"SAFEOEM HotKeys"="c:\program files\Steganos Safe OEM\SteganosHotKeyService.exe" [2008-12-11 26112]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~2\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BstHdDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 13:49        1165776        ----a-w-        c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 18:33]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 20:30]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 20:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.freenet.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Ogyxidi - c:\users\Guido\AppData\Roaming\Hioxa\ymniz.exe
HKCU-Run-IExplorer Util - c:\users\Guido\AppData\Roaming\ie_util.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-25 08:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-05-25  08:36:54
ComboFix-quarantined-files.txt  2013-05-25 06:36
.
Vor Suchlauf: 18 Verzeichnis(se), 81.331.949.568 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 82.256.175.104 Bytes frei
.
- - End Of File - - A5AB964091FEF67DD3554EE3382D35F1
--- --- ---

cosinus 25.05.2013 19:35
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    Folder::
    c:\users\Guido\AppData\Roaming\Ivly
    c:\users\Guido\AppData\Roaming\Ilvy
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Jeep 26.05.2013 20:32
nachdem Cobofix den Log erstellt hatte, habe ich Avira zunächst nicht wieder starten können. Nach einem Neustart funktioniert aber wieder alles.
Hier der Log:

Combofix Logfile:
Code:
ComboFix 13-05-25.02 - Guido 26.05.2013  20:46:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1669 [GMT 2:00]
ausgeführt von:: c:\users\Guido\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Guido\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\Guido\AppData\Roaming\Ilvy
c:\users\Guido\AppData\Roaming\Ilvy\esvi.edm
c:\users\Guido\AppData\Roaming\Ivly
c:\users\Guido\AppData\Roaming\Ivly\ynbo.akp
c:\users\Guido\AppData\Roaming\Ivly\ynbo.tmp
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-26 bis 2013-05-26  ))))))))))))))))))))))))))))))
.
.
2013-05-26 18:55 . 2013-05-26 18:55        --------        d-----w-        c:\users\Sicherheit\AppData\Local\temp
2013-05-26 18:55 . 2013-05-26 18:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-24 13:51 . 2013-05-13 23:49        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B84F827B-4F53-42D1-9193-D014EB31A35C}\mpengine.dll
2013-05-23 19:51 . 2013-05-23 19:51        --------        d-----w-        c:\program files\Common Files\Java
2013-05-23 19:51 . 2013-05-23 19:50        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-05-23 14:58 . 2013-05-02 00:06        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-20 13:46 . 2013-05-20 13:47        --------        d-----w-        c:\users\Guido\untere Wohnung
2013-05-17 14:48 . 2013-05-22 18:56        --------        d-----w-        c:\programdata\BlueStacksSetup
2013-05-16 01:12 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-15 18:37 . 2013-04-15 14:20        638328        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:37 . 2013-04-13 10:56        37376        ----a-w-        c:\windows\system32\cdd.dll
2013-05-15 18:37 . 2013-04-09 01:36        2049024        ----a-w-        c:\windows\system32\win32k.sys
2013-05-10 07:57 . 2013-05-10 07:57        187456        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 12:09 . 2013-05-13 17:06        --------        d-----w-        c:\users\Guido\AppData\Local\libimobiledevice
2013-04-29 19:13 . 2013-05-06 18:51        --------        d-----w-        c:\users\Guido\Onkel Dieter 3
2013-04-29 19:09 . 2013-04-30 08:21        --------        d-----w-        c:\users\Guido\Onkel Dieter 2
2013-04-29 19:02 . 2013-05-06 18:26        --------        d-----w-        c:\users\Guido\Onkel Dieter 1
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-23 19:50 . 2012-07-12 12:07        866720        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-05-23 19:50 . 2010-12-29 21:30        788896        ----a-w-        c:\windows\system32\deployJava1.dll
2013-05-15 18:33 . 2012-05-28 18:52        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 18:33 . 2012-05-28 18:52        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-03-11 13:25 . 2013-04-10 16:06        3603816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 16:06        3551080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 16:06        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 16:06        64000        ----a-w-        c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 16:05        376320        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 16:05        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 16:06        1082232        ----a-w-        c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFil0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
2013-04-14 12:35        231712        ----a-w-        c:\program files\FileConverter_1.3\prxtbFil0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-08 09:55        297808        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFil0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{78E516EF-11DE-47A1-8364-A99B917EC5EE}"= "c:\program files\FileConverter_1.3\prxtbFil0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02        120104        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Ogyxidi"="c:\users\Guido\AppData\Roaming\Hioxa\ymniz.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-26 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-18 30192]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"SAFEOEM HotKeys"="c:\program files\Steganos Safe OEM\SteganosHotKeyService.exe" [2008-12-11 26112]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~2\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 13:49        1165776        ----a-w-        c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 18:33]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 20:30]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 20:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.freenet.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-26 21:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3336)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\windows\System32\SyncCenter.dll
c:\windows\System32\QAgent.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
c:\program files\Freemake\CaptureLib\CaptureLibService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\lxbkcoms.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Nitro\Pro 8\NitroPDFDriverService8.exe
c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\FS\Spyro Portal\FlashPortal.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-26  21:07:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-26 19:07
ComboFix2.txt  2013-05-25 06:36
.
Vor Suchlauf: 21 Verzeichnis(se), 89.154.187.264 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 89.466.867.712 Bytes frei
.
- - End Of File - - 5C307A846B3A93183A95A783A9D5A995
--- --- ---

cosinus 26.05.2013 22:02
Das ist schon wieder was neues:

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ogyxidi"=-

    File::
    c:\users\Guido\AppData\Roaming\Hioxa\ymniz.exe
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Jeep 28.05.2013 06:51
auch dieses mal mußte ich, nach dem ComboFix fertig war, den Rechner neu starten um Programme wieder aufrufen zu können.
Hier der Log:

Combofix Logfile:
Code:
ComboFix 13-05-27.02 - Guido 28.05.2013  7:19.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1710 [GMT 2:00]
ausgeführt von:: c:\users\Guido\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Guido\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Guido\AppData\Roaming\Hioxa\ymniz.exe"
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-28 bis 2013-05-28  ))))))))))))))))))))))))))))))
.
.
2013-05-28 05:27 . 2013-05-28 05:27        --------        d-----w-        c:\users\Sicherheit\AppData\Local\temp
2013-05-28 05:27 . 2013-05-28 05:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-26 19:07 . 2013-05-28 05:27        --------        d-----w-        c:\users\Guido\AppData\Local\temp
2013-05-24 13:51 . 2013-05-13 23:49        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B84F827B-4F53-42D1-9193-D014EB31A35C}\mpengine.dll
2013-05-23 19:51 . 2013-05-23 19:51        --------        d-----w-        c:\program files\Common Files\Java
2013-05-23 19:51 . 2013-05-23 19:50        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-05-23 14:58 . 2013-05-02 00:06        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-20 13:46 . 2013-05-20 13:47        --------        d-----w-        c:\users\Guido\untere Wohnung
2013-05-17 14:48 . 2013-05-22 18:56        --------        d-----w-        c:\programdata\BlueStacksSetup
2013-05-16 01:12 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-15 18:37 . 2013-04-15 14:20        638328        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:37 . 2013-04-13 10:56        37376        ----a-w-        c:\windows\system32\cdd.dll
2013-05-15 18:37 . 2013-04-09 01:36        2049024        ----a-w-        c:\windows\system32\win32k.sys
2013-05-10 07:57 . 2013-05-10 07:57        187456        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 12:09 . 2013-05-13 17:06        --------        d-----w-        c:\users\Guido\AppData\Local\libimobiledevice
2013-04-29 19:13 . 2013-05-06 18:51        --------        d-----w-        c:\users\Guido\Onkel Dieter 3
2013-04-29 19:09 . 2013-04-30 08:21        --------        d-----w-        c:\users\Guido\Onkel Dieter 2
2013-04-29 19:02 . 2013-05-06 18:26        --------        d-----w-        c:\users\Guido\Onkel Dieter 1
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-23 19:50 . 2012-07-12 12:07        866720        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-05-23 19:50 . 2010-12-29 21:30        788896        ----a-w-        c:\windows\system32\deployJava1.dll
2013-05-15 18:33 . 2012-05-28 18:52        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 18:33 . 2012-05-28 18:52        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-03-11 13:25 . 2013-04-10 16:06        3603816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 16:06        3551080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 16:06        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 16:06        64000        ----a-w-        c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 16:05        376320        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 16:05        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 16:06        1082232        ----a-w-        c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFil0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
2013-04-14 12:35        231712        ----a-w-        c:\program files\FileConverter_1.3\prxtbFil0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-08 09:55        297808        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{78e516ef-11de-47a1-8364-a99b917ec5ee}"= "c:\program files\FileConverter_1.3\prxtbFil0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{78E516EF-11DE-47A1-8364-A99B917EC5EE}"= "c:\program files\FileConverter_1.3\prxtbFil0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{78e516ef-11de-47a1-8364-a99b917ec5ee}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02        120104        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-26 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-18 30192]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"SAFEOEM HotKeys"="c:\program files\Steganos Safe OEM\SteganosHotKeyService.exe" [2008-12-11 26112]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~2\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 13:49        1165776        ----a-w-        c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 18:33]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 20:30]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 20:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.freenet.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-28 07:27
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5632)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
c:\windows\system32\authui.dll
c:\windows\system32\mssprxy.dll
.
Zeit der Fertigstellung: 2013-05-28  07:30:04
ComboFix-quarantined-files.txt  2013-05-28 05:30
ComboFix2.txt  2013-05-25 06:36
.
Vor Suchlauf: 21 Verzeichnis(se), 88.385.875.968 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 88.348.282.880 Bytes frei
.
- - End Of File - - 44308A780194CEB5F454A7C4E9450DE4
--- --- ---

cosinus 28.05.2013 08:50
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Jeep 28.05.2013 13:16
Hallo Cosinus,

leider gab es ein Problem. Habe alles so gemacht wie aufgeführt (es gab keine Warnmeldung), die Häkchen entsprechend gesetzt und den scan gestartet. Dann kamm leider die Meldung:
Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen. Ich werde benachrichtigt, wenn eine Lösung für das Problem vorhanden ist (inhaltliche Wiedergabe)

der Scan ist bis zum Eintrag
device\Harddisk Volume Shadow Copy 2
gelaufen, dann kam die Meldung.

Den Rest der Anweisungen habe ich dann erst einmal nicht durchgeführt.

cosinus 28.05.2013 13:37
Es wurden extra Hinweise gepostet was du probieren sollst, wenn GMER auf dem normalen Weg nicht funktioniert, bitte das auch umsetzen

Jeep 29.05.2013 16:40
Sorry, wer lesen kann ist klar im Vorteil...

Nachdem ich Gmer im abgesicherten Modus gestartet habe, hier der log
GMER Logfile:
Code:
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-29 16:40:21
Windows 6.0.6002 Service Pack 2
Running: kt04sc1q.exe


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86BD7927-8685-4264-AEA4-A69B37407E66}@LeaseObtainedTime  1369836994
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86BD7927-8685-4264-AEA4-A69B37407E66}@T1                -777646655
Reg  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86BD7927-8685-4264-AEA4-A69B37407E66}@T2                1906707905

---- EOF - GMER 2.1 ----
--- --- ---


Malwarebytes Anti Root-Kit hat keine Malware gefunden. Hier der Lofile:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
Malwarebytes : Free anti-malware download

Database version: v2013.05.29.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Guido :: GUIDO-PC [administrator]

29.05.2013 16:52:43
mbar-log-2013-05-29 (16-52-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 252302
Time elapsed: 36 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 29.05.2013 23:12
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Jeep 03.06.2013 21:55
Hallo Cosinus,
sorry, musste mich ein paar Tage um die Familie kümmern.

aswMBR hat leider abgebrochen.
Ich habe none ausgewählt. Wie geht es da jetzt weiter?

Hier ist der log file von TDSSKiller

22:41:00.0170 4236 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:41:00.0319 4236 ============================================================
22:41:00.0319 4236 Current date / time: 2013/06/03 22:41:00.0319
22:41:00.0319 4236 SystemInfo:
22:41:00.0319 4236
22:41:00.0319 4236 OS Version: 6.0.6002 ServicePack: 2.0
22:41:00.0319 4236 Product type: Workstation
22:41:00.0319 4236 ComputerName: GUIDO-PC
22:41:00.0319 4236 UserName: Guido
22:41:00.0320 4236 Windows directory: C:\Windows
22:41:00.0320 4236 System windows directory: C:\Windows
22:41:00.0320 4236 Processor architecture: Intel x86
22:41:00.0320 4236 Number of processors: 2
22:41:00.0320 4236 Page size: 0x1000
22:41:00.0320 4236 Boot type: Normal boot
22:41:00.0320 4236 ============================================================
22:41:01.0166 4236 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:41:01.0176 4236 ============================================================
22:41:01.0176 4236 \Device\Harddisk0\DR0:
22:41:01.0177 4236 MBR partitions:
22:41:01.0177 4236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
22:41:01.0177 4236 ============================================================
22:41:01.0208 4236 C: <-> \Device\Harddisk0\DR0\Partition1
22:41:01.0209 4236 ============================================================
22:41:01.0209 4236 Initialize success
22:41:01.0209 4236 ============================================================
22:42:02.0937 5160 ============================================================
22:42:02.0937 5160 Scan started
22:42:02.0937 5160 Mode: Manual; SigCheck; TDLFS;
22:42:02.0937 5160 ============================================================
22:42:03.0348 5160 ================ Scan system memory ========================
22:42:03.0348 5160 System memory - ok
22:42:03.0349 5160 ================ Scan services =============================
22:42:03.0743 5160 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:42:03.0882 5160 ACPI - ok
22:42:04.0089 5160 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:42:04.0107 5160 AdobeARMservice - ok
22:42:04.0240 5160 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:42:04.0265 5160 AdobeFlashPlayerUpdateSvc - ok
22:42:04.0341 5160 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:42:04.0367 5160 adp94xx - ok
22:42:04.0416 5160 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:42:04.0437 5160 adpahci - ok
22:42:04.0495 5160 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:42:04.0530 5160 adpu160m - ok
22:42:04.0575 5160 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:42:04.0591 5160 adpu320 - ok
22:42:04.0669 5160 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:42:04.0836 5160 AeLookupSvc - ok
22:42:04.0937 5160 [ 593DA4D53AED56F4172D270649333957 ] AF05BDA C:\Windows\system32\drivers\AF05BDA.sys
22:42:04.0990 5160 AF05BDA - ok
22:42:05.0105 5160 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
22:42:05.0169 5160 AFD - ok
22:42:05.0271 5160 [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
22:42:05.0518 5160 AgereSoftModem - ok
22:42:05.0678 5160 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:42:05.0698 5160 agp440 - ok
22:42:05.0758 5160 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:42:05.0771 5160 aic78xx - ok
22:42:05.0820 5160 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:42:06.0058 5160 ALG - ok
22:42:06.0146 5160 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:42:06.0164 5160 aliide - ok
22:42:06.0349 5160 [ C5450AEB65B100E10404A4B4B4DA821C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:42:06.0496 5160 AMD External Events Utility - ok
22:42:06.0600 5160 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:42:06.0619 5160 amdagp - ok
22:42:06.0661 5160 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:42:06.0677 5160 amdide - ok
22:42:06.0714 5160 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:42:06.0776 5160 AmdK7 - ok
22:42:06.0813 5160 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:42:06.0855 5160 AmdK8 - ok
22:42:07.0088 5160 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:42:07.0103 5160 AntiVirSchedulerService - ok
22:42:07.0247 5160 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:42:07.0261 5160 AntiVirService - ok
22:42:07.0325 5160 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:42:07.0384 5160 Appinfo - ok
22:42:07.0511 5160 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:42:07.0535 5160 Apple Mobile Device - ok
22:42:07.0620 5160 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:42:07.0637 5160 arc - ok
22:42:07.0672 5160 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:42:07.0699 5160 arcsas - ok
22:42:07.0732 5160 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:07.0875 5160 AsyncMac - ok
22:42:07.0923 5160 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
22:42:07.0949 5160 atapi - ok
22:42:08.0013 5160 [ ACDB46B1A467752A2F280C68C8461556 ] athr C:\Windows\system32\DRIVERS\athr.sys
22:42:08.0265 5160 athr - ok
22:42:08.0571 5160 [ 83287134958B679AA40BFB00E23BDCA7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:42:09.0143 5160 atikmdag - ok
22:42:09.0245 5160 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:42:09.0296 5160 AudioEndpointBuilder - ok
22:42:09.0368 5160 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:42:09.0393 5160 Audiosrv - ok
22:42:09.0468 5160 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:42:09.0487 5160 avgntflt - ok
22:42:09.0679 5160 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:42:09.0694 5160 avipbb - ok
22:42:09.0737 5160 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:42:09.0749 5160 avkmgr - ok
22:42:09.0892 5160 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:42:09.0955 5160 b57nd60x - ok
22:42:10.0024 5160 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:42:10.0067 5160 Beep - ok
22:42:10.0251 5160 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
22:42:10.0281 5160 BFE - ok
22:42:10.0432 5160 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
22:42:10.0494 5160 BITS - ok
22:42:10.0536 5160 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:42:10.0563 5160 blbdrive - ok
22:42:10.0654 5160 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:42:10.0673 5160 Bonjour Service - ok
22:42:10.0746 5160 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:42:10.0781 5160 bowser - ok
22:42:10.0855 5160 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:42:10.0896 5160 BrFiltLo - ok
22:42:10.0912 5160 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:42:10.0952 5160 BrFiltUp - ok
22:42:11.0040 5160 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:42:11.0091 5160 Browser - ok
22:42:11.0318 5160 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
22:42:11.0432 5160 Brserid - ok
22:42:11.0469 5160 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:42:11.0540 5160 BrSerWdm - ok
22:42:11.0605 5160 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:42:11.0652 5160 BrUsbMdm - ok
22:42:11.0669 5160 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
22:42:11.0743 5160 BrUsbSer - ok
22:42:11.0811 5160 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:42:11.0892 5160 BTHMODEM - ok
22:42:12.0012 5160 catchme - ok
22:42:12.0059 5160 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:42:12.0151 5160 cdfs - ok
22:42:12.0203 5160 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:42:12.0225 5160 cdrom - ok
22:42:12.0299 5160 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:42:12.0321 5160 CertPropSvc - ok
22:42:12.0387 5160 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
22:42:12.0435 5160 circlass - ok
22:42:12.0521 5160 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
22:42:12.0541 5160 CLFS - ok
22:42:12.0719 5160 [ 2B272D0A6E5071829B516FFDC7F841CA ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
22:42:12.0730 5160 CLHNService - ok
22:42:12.0860 5160 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:42:12.0881 5160 clr_optimization_v2.0.50727_32 - ok
22:42:13.0036 5160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:42:13.0052 5160 clr_optimization_v4.0.30319_32 - ok
22:42:13.0077 5160 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:42:13.0118 5160 CmBatt - ok
22:42:13.0146 5160 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:42:13.0160 5160 cmdide - ok
22:42:13.0191 5160 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:42:13.0212 5160 Compbatt - ok
22:42:13.0221 5160 COMSysApp - ok
22:42:13.0247 5160 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:42:13.0260 5160 crcdisk - ok
22:42:13.0283 5160 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:42:13.0312 5160 Crusoe - ok
22:42:13.0371 5160 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:42:13.0478 5160 CryptSvc - ok
22:42:13.0666 5160 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:42:13.0821 5160 DcomLaunch - ok
22:42:13.0880 5160 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:42:13.0959 5160 DfsC - ok
22:42:14.0111 5160 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
22:42:14.0330 5160 DFSR - ok
22:42:14.0460 5160 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:42:14.0499 5160 Dhcp - ok
22:42:14.0570 5160 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
22:42:14.0586 5160 disk - ok
22:42:14.0643 5160 [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
22:42:14.0655 5160 DKbFltr - ok
22:42:14.0739 5160 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:42:14.0800 5160 Dnscache - ok
22:42:14.0875 5160 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:42:14.0936 5160 dot3svc - ok
22:42:14.0981 5160 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:42:15.0011 5160 DPS - ok
22:42:15.0060 5160 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:42:15.0118 5160 drmkaud - ok
22:42:15.0229 5160 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:42:15.0307 5160 DXGKrnl - ok
22:42:15.0330 5160 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:42:15.0358 5160 E1G60 - ok
22:42:15.0419 5160 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:42:15.0442 5160 EapHost - ok
22:42:15.0542 5160 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:42:15.0563 5160 Ecache - ok
22:42:15.0627 5160 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:42:15.0702 5160 ehRecvr - ok
22:42:15.0730 5160 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
22:42:15.0866 5160 ehSched - ok
22:42:15.0932 5160 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
22:42:15.0969 5160 ehstart - ok
22:42:16.0071 5160 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:42:16.0093 5160 elxstor - ok
22:42:16.0199 5160 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:42:16.0304 5160 EMDMgmt - ok
22:42:16.0441 5160 [ 2072CBE938DD355C4A52E9A4DCF5439F ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
22:42:16.0484 5160 ePowerSvc - ok
22:42:16.0548 5160 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:42:16.0618 5160 ErrDev - ok
22:42:16.0704 5160 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
22:42:16.0765 5160 EventSystem - ok
22:42:16.0874 5160 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
22:42:16.0975 5160 exfat - ok
22:42:17.0048 5160 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:42:17.0077 5160 fastfat - ok
22:42:17.0161 5160 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:42:17.0201 5160 fdc - ok
22:42:17.0258 5160 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:42:17.0285 5160 fdPHost - ok
22:42:17.0332 5160 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:42:17.0410 5160 FDResPub - ok
22:42:17.0481 5160 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:42:17.0495 5160 FileInfo - ok
22:42:17.0523 5160 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:42:17.0599 5160 Filetrace - ok
22:42:17.0635 5160 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:42:17.0681 5160 flpydisk - ok
22:42:17.0744 5160 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:42:17.0762 5160 FltMgr - ok
22:42:17.0880 5160 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
22:42:17.0979 5160 FontCache - ok
22:42:18.0072 5160 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:42:18.0091 5160 FontCache3.0.0.0 - ok
22:42:18.0270 5160 [ 8D3B3AD7F9B6EE8AC96B1AD293BB0FB0 ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
22:42:18.0318 5160 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
22:42:18.0318 5160 FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
22:42:18.0384 5160 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:42:18.0504 5160 Fs_Rec - ok
22:42:18.0548 5160 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:42:18.0568 5160 gagp30kx - ok
22:42:18.0615 5160 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:42:18.0626 5160 GEARAspiWDM - ok
22:42:18.0779 5160 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:42:18.0795 5160 GoogleDesktopManager-051210-111108 - ok
22:42:18.0865 5160 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:42:18.0988 5160 gpsvc - ok
22:42:19.0088 5160 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca3255a4e7fb60 C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:19.0113 5160 gupdate1ca3255a4e7fb60 - ok
22:42:19.0177 5160 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:19.0189 5160 gupdatem - ok
22:42:19.0276 5160 [ A036414384B1F3F36D7E40286CF6DD07 ] hcw95bda C:\Windows\system32\Drivers\hcw95bda.sys
22:42:19.0451 5160 hcw95bda - ok
22:42:19.0590 5160 [ A83862F32F86DA77B1AB3A11E18BB62F ] hcw95rc C:\Windows\system32\DRIVERS\hcw95rc.sys
22:42:19.0630 5160 hcw95rc - ok
22:42:19.0723 5160 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:42:19.0773 5160 HdAudAddService - ok
22:42:19.0831 5160 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:42:19.0889 5160 HDAudBus - ok
22:42:19.0938 5160 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:42:20.0055 5160 HidBth - ok
22:42:20.0116 5160 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:42:20.0162 5160 HidIr - ok
22:42:20.0211 5160 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
22:42:20.0329 5160 hidserv - ok
22:42:20.0373 5160 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:42:20.0416 5160 HidUsb - ok
22:42:20.0457 5160 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:42:20.0485 5160 hkmsvc - ok
22:42:20.0522 5160 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:42:20.0535 5160 HpCISSs - ok
22:42:20.0626 5160 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:42:20.0732 5160 HSFHWAZL - ok
22:42:20.0817 5160 [ 1E7C79CBAF71AA92E0EEE924907DCB55 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
22:42:20.0890 5160 HsfXAudioService - ok
22:42:20.0993 5160 [ EFED6BD9B9D5F407ADCA918BBE2D410D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:42:21.0118 5160 HSF_DPV - ok
22:42:21.0158 5160 [ C2EB8396C46E13F76037D70EAE8820A9 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:42:21.0175 5160 HSXHWAZL - ok
22:42:21.0217 5160 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:42:21.0270 5160 HTTP - ok
22:42:21.0450 5160 [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:42:21.0509 5160 hwdatacard - ok
22:42:21.0564 5160 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:42:21.0578 5160 i2omp - ok
22:42:21.0655 5160 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:42:21.0708 5160 i8042prt - ok
22:42:21.0809 5160 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:42:21.0827 5160 iaStor - ok
22:42:21.0917 5160 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:42:21.0936 5160 iaStorV - ok
22:42:22.0043 5160 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:42:22.0153 5160 idsvc - ok
22:42:22.0180 5160 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:42:22.0193 5160 iirsp - ok
22:42:22.0327 5160 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
22:42:22.0365 5160 IJPLMSVC - ok
22:42:22.0455 5160 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:42:22.0554 5160 IKEEXT - ok
22:42:22.0651 5160 [ 80919A856693B1D1D4177F11F5BDA545 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:42:22.0983 5160 IntcAzAudAddService - ok
22:42:23.0048 5160 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
22:42:23.0061 5160 intelide - ok
22:42:23.0147 5160 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:42:23.0203 5160 intelppm - ok
22:42:23.0246 5160 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:42:23.0313 5160 IPBusEnum - ok
22:42:23.0361 5160 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:23.0434 5160 IpFilterDriver - ok
22:42:23.0497 5160 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:42:23.0626 5160 iphlpsvc - ok
22:42:23.0632 5160 IpInIp - ok
22:42:23.0739 5160 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:42:23.0792 5160 IPMIDRV - ok
22:42:23.0819 5160 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:42:23.0850 5160 IPNAT - ok
22:42:23.0934 5160 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:42:23.0990 5160 iPod Service - ok
22:42:24.0030 5160 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
22:42:24.0107 5160 irda - ok
22:42:24.0196 5160 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:42:24.0224 5160 IRENUM - ok
22:42:24.0336 5160 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
22:42:24.0397 5160 Irmon - ok
22:42:24.0443 5160 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:42:24.0458 5160 isapnp - ok
22:42:24.0497 5160 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:42:24.0515 5160 iScsiPrt - ok
22:42:24.0550 5160 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:42:24.0563 5160 iteatapi - ok
22:42:24.0596 5160 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:42:24.0608 5160 iteraid - ok
22:42:24.0659 5160 [ EAC21E8014C7E6EE341AFFFB7E2BBD54 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
22:42:24.0699 5160 k57nd60x - ok
22:42:24.0723 5160 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:24.0755 5160 kbdclass - ok
22:42:24.0813 5160 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:24.0835 5160 kbdhid - ok
22:42:24.0861 5160 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
22:42:24.0911 5160 KeyIso - ok
22:42:24.0956 5160 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:42:24.0981 5160 KSecDD - ok
22:42:25.0058 5160 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:42:25.0130 5160 KtmRm - ok
22:42:25.0208 5160 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
22:42:25.0276 5160 LanmanServer - ok
22:42:25.0361 5160 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:42:25.0517 5160 LanmanWorkstation - ok
22:42:25.0662 5160 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:42:25.0691 5160 lltdio - ok
22:42:25.0728 5160 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:42:25.0772 5160 lltdsvc - ok
22:42:25.0804 5160 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:42:25.0858 5160 lmhosts - ok
22:42:25.0897 5160 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:42:25.0913 5160 LSI_FC - ok
22:42:25.0932 5160 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:42:25.0965 5160 LSI_SAS - ok
22:42:25.0986 5160 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:42:26.0000 5160 LSI_SCSI - ok
22:42:26.0031 5160 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:42:26.0113 5160 luafv - ok
22:42:26.0118 5160 lxbk_device - ok
22:42:26.0164 5160 mbamswissarmy - ok
22:42:26.0267 5160 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:42:26.0325 5160 Mcx2Svc - ok
22:42:26.0378 5160 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:42:26.0392 5160 mdmxsdk - ok
22:42:26.0483 5160 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:42:26.0497 5160 megasas - ok
22:42:26.0572 5160 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:42:26.0596 5160 MegaSR - ok
22:42:26.0712 5160 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:42:26.0733 5160 Microsoft Office Groove Audit Service - ok
22:42:26.0780 5160 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:42:26.0830 5160 MMCSS - ok
22:42:26.0851 5160 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:42:26.0880 5160 Modem - ok
22:42:26.0913 5160 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:42:26.0999 5160 monitor - ok
22:42:27.0024 5160 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:42:27.0051 5160 mouclass - ok
22:42:27.0076 5160 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:42:27.0115 5160 mouhid - ok
22:42:27.0146 5160 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:42:27.0164 5160 MountMgr - ok
22:42:27.0255 5160 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:42:27.0271 5160 mpio - ok
22:42:27.0313 5160 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:42:27.0367 5160 mpsdrv - ok
22:42:27.0428 5160 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
22:42:27.0552 5160 MpsSvc - ok
22:42:27.0614 5160 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:42:27.0627 5160 Mraid35x - ok
22:42:27.0733 5160 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:42:27.0777 5160 MRxDAV - ok
22:42:27.0826 5160 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:27.0879 5160 mrxsmb - ok
22:42:27.0887 5160 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:27.0946 5160 mrxsmb10 - ok
22:42:27.0961 5160 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:28.0017 5160 mrxsmb20 - ok
22:42:28.0078 5160 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
22:42:28.0092 5160 msahci - ok
22:42:28.0131 5160 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:42:28.0146 5160 msdsm - ok
22:42:28.0205 5160 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:42:28.0264 5160 MSDTC - ok
22:42:28.0293 5160 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:42:28.0385 5160 Msfs - ok
22:42:28.0453 5160 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:42:28.0482 5160 msisadrv - ok
22:42:28.0554 5160 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:42:28.0617 5160 MSiSCSI - ok
22:42:28.0624 5160 msiserver - ok
22:42:28.0643 5160 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:42:28.0702 5160 MSKSSRV - ok
22:42:28.0769 5160 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:28.0795 5160 MSPCLOCK - ok
22:42:28.0824 5160 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:42:28.0858 5160 MSPQM - ok
22:42:28.0925 5160 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:42:28.0943 5160 MsRPC - ok
22:42:29.0004 5160 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:42:29.0020 5160 mssmbios - ok
22:42:29.0071 5160 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:42:29.0118 5160 MSTEE - ok
22:42:29.0154 5160 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
22:42:29.0169 5160 Mup - ok
22:42:29.0211 5160 [ 2DE94E435C3EFDE58C7B1856D4F20724 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:42:29.0222 5160 mwlPSDFilter - ok
22:42:29.0242 5160 [ 61920A7146EED3D903DBBB8EC295AF76 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:42:29.0252 5160 mwlPSDNServ - ok
22:42:29.0267 5160 [ E0F49721E68EBD2983E84C44FADA6665 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:42:29.0278 5160 mwlPSDVDisk - ok
22:42:29.0402 5160 [ FD257CD94057D02108B954156D7B2770 ] MWLService C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
22:42:29.0420 5160 MWLService - ok
22:42:29.0494 5160 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
22:42:29.0546 5160 napagent - ok
22:42:29.0654 5160 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:42:29.0673 5160 NativeWifiP - ok
22:42:29.0771 5160 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:42:29.0800 5160 NDIS - ok
22:42:29.0864 5160 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:29.0885 5160 NdisTapi - ok
22:42:29.0934 5160 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:29.0961 5160 Ndisuio - ok
22:42:30.0062 5160 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:30.0085 5160 NdisWan - ok
22:42:30.0180 5160 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:42:30.0219 5160 NDProxy - ok
22:42:30.0258 5160 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:42:30.0355 5160 NetBIOS - ok
22:42:30.0402 5160 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:42:30.0468 5160 netbt - ok
22:42:30.0498 5160 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
22:42:30.0519 5160 Netlogon - ok
22:42:30.0548 5160 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:42:30.0626 5160 Netman - ok
22:42:30.0669 5160 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:42:30.0746 5160 netprofm - ok
22:42:30.0779 5160 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:42:30.0800 5160 NetTcpPortSharing - ok
22:42:30.0823 5160 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:42:30.0850 5160 nfrd960 - ok
22:42:31.0018 5160 [ 43C9A197D0ADD13118EB8E75BA9627BA ] NitroDriverReadSpool8 C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
22:42:31.0034 5160 NitroDriverReadSpool8 - ok
22:42:31.0079 5160 [ 09E91618713E7117323E5338A7906F47 ] NitroReaderDriverReadSpool3 C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
22:42:31.0094 5160 NitroReaderDriverReadSpool3 - ok
22:42:31.0138 5160 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:42:31.0209 5160 NlaSvc - ok
22:42:31.0259 5160 [ 4CA56D07BA38588EE96BE2BF157BA4D4 ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE
22:42:31.0273 5160 nlsX86cc - ok
22:42:31.0408 5160 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\Windows\system32\drivers\npf.sys
22:42:31.0419 5160 npf - ok
22:42:31.0491 5160 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:42:31.0515 5160 Npfs - ok
22:42:31.0557 5160 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
22:42:31.0584 5160 NSCIRDA - ok
22:42:31.0660 5160 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:42:31.0691 5160 nsi - ok
22:42:31.0697 5160 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:42:31.0725 5160 nsiproxy - ok
22:42:31.0838 5160 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:42:31.0940 5160 Ntfs - ok
22:42:32.0049 5160 [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:42:32.0062 5160 NTI IScheduleSvc - ok
22:42:32.0149 5160 [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:42:32.0169 5160 NTIBackupSvc - ok
22:42:32.0212 5160 [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
22:42:32.0222 5160 NTIDrvr - ok
22:42:32.0259 5160 [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:42:32.0271 5160 NTISchedulerSvc - ok
22:42:32.0309 5160 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:42:32.0355 5160 ntrigdigi - ok
22:42:32.0388 5160 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:42:32.0480 5160 Null - ok
22:42:32.0518 5160 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:42:32.0533 5160 nvraid - ok
22:42:32.0573 5160 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:42:32.0586 5160 nvstor - ok
22:42:32.0614 5160 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:42:32.0630 5160 nv_agp - ok
22:42:32.0637 5160 NwlnkFlt - ok
22:42:32.0645 5160 NwlnkFwd - ok
22:42:32.0871 5160 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:42:32.0922 5160 odserv - ok
22:42:32.0980 5160 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:42:33.0044 5160 ohci1394 - ok
22:42:33.0162 5160 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:42:33.0183 5160 ose - ok
22:42:33.0283 5160 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:42:33.0400 5160 p2pimsvc - ok
22:42:33.0428 5160 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:42:33.0453 5160 p2psvc - ok
22:42:33.0490 5160 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:42:33.0537 5160 Parport - ok
22:42:33.0590 5160 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:42:33.0605 5160 partmgr - ok
22:42:33.0627 5160 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:42:33.0691 5160 Parvdm - ok
22:42:33.0721 5160 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:42:33.0804 5160 PcaSvc - ok
22:42:33.0877 5160 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
22:42:33.0900 5160 pci - ok
22:42:33.0934 5160 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
22:42:33.0972 5160 pciide - ok
22:42:34.0082 5160 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:42:34.0099 5160 pcmcia - ok
22:42:34.0175 5160 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:42:34.0275 5160 PEAUTH - ok
22:42:34.0400 5160 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:42:34.0604 5160 pla - ok
22:42:34.0698 5160 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:42:34.0725 5160 PlugPlay - ok
22:42:34.0765 5160 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:42:34.0875 5160 PNRPAutoReg - ok
22:42:34.0887 5160 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:42:34.0913 5160 PNRPsvc - ok
22:42:34.0981 5160 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:42:35.0042 5160 PolicyAgent - ok
22:42:35.0110 5160 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:42:35.0182 5160 PptpMiniport - ok
22:42:35.0260 5160 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
22:42:35.0316 5160 Processor - ok
22:42:35.0393 5160 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:42:35.0433 5160 ProfSvc - ok
22:42:35.0453 5160 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:42:35.0468 5160 ProtectedStorage - ok
22:42:35.0535 5160 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:42:35.0566 5160 PSched - ok
22:42:35.0683 5160 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:42:35.0781 5160 ql2300 - ok
22:42:35.0831 5160 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:42:35.0846 5160 ql40xx - ok
22:42:35.0883 5160 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:42:35.0939 5160 QWAVE - ok
22:42:35.0975 5160 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:42:36.0030 5160 QWAVEdrv - ok
22:42:36.0050 5160 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:42:36.0092 5160 RasAcd - ok
22:42:36.0167 5160 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:42:36.0210 5160 RasAuto - ok
22:42:36.0285 5160 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:36.0363 5160 Rasl2tp - ok
22:42:36.0434 5160 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
22:42:36.0481 5160 RasMan - ok
22:42:36.0536 5160 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:36.0579 5160 RasPppoe - ok
22:42:36.0617 5160 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:42:36.0632 5160 RasSstp - ok
22:42:36.0720 5160 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:42:36.0778 5160 rdbss - ok
22:42:36.0821 5160 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:36.0874 5160 RDPCDD - ok
22:42:36.0907 5160 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:42:36.0966 5160 rdpdr - ok
22:42:36.0980 5160 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:42:37.0028 5160 RDPENCDD - ok
22:42:37.0105 5160 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:42:37.0158 5160 RDPWD - ok
22:42:37.0252 5160 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:42:37.0283 5160 RemoteAccess - ok
22:42:37.0348 5160 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:42:37.0374 5160 RemoteRegistry - ok
22:42:37.0408 5160 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:42:37.0457 5160 RpcLocator - ok
22:42:37.0494 5160 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
22:42:37.0564 5160 RpcSs - ok
22:42:37.0626 5160 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:42:37.0695 5160 rspndr - ok
22:42:37.0788 5160 [ D85DA4371AF61359EDFCA4EA06619DD4 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
22:42:37.0801 5160 RTHDMIAzAudService - ok
22:42:37.0864 5160 [ 9B09F336DE36A7A6CA871DE8A7847B65 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
22:42:37.0903 5160 RTSTOR ( UnsignedFile.Multi.Generic ) - warning
22:42:37.0903 5160 RTSTOR - detected UnsignedFile.Multi.Generic (1)
22:42:37.0963 5160 [ 69013A123A00B3042C260B0056DF0152 ] s1029bus C:\Windows\system32\DRIVERS\s1029bus.sys
22:42:37.0979 5160 s1029bus - ok
22:42:38.0004 5160 [ 1565FC31F872963FE8AF471123D8424C ] s1029mdfl C:\Windows\system32\DRIVERS\s1029mdfl.sys
22:42:38.0014 5160 s1029mdfl - ok
22:42:38.0042 5160 [ D67A8042ECF6C983AC0E308B36603677 ] s1029mdm C:\Windows\system32\DRIVERS\s1029mdm.sys
22:42:38.0060 5160 s1029mdm - ok
22:42:38.0101 5160 [ 9AC56F06C1E13A963C82EBD067FDF274 ] s1029mgmt C:\Windows\system32\DRIVERS\s1029mgmt.sys
22:42:38.0113 5160 s1029mgmt - ok
22:42:38.0235 5160 [ 00C66C6BAAFB2747F15F94F15888C94A ] s1029nd5 C:\Windows\system32\DRIVERS\s1029nd5.sys
22:42:38.0248 5160 s1029nd5 - ok
22:42:38.0283 5160 [ 6FC093ABA554E45755DC2F3896B6C8D7 ] s1029obex C:\Windows\system32\DRIVERS\s1029obex.sys
22:42:38.0303 5160 s1029obex - ok
22:42:38.0366 5160 [ 9979B0E68815394665B2109B03D15FA1 ] s1029unic C:\Windows\system32\DRIVERS\s1029unic.sys
22:42:38.0389 5160 s1029unic - ok
22:42:38.0415 5160 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
22:42:38.0430 5160 SamSs - ok
22:42:38.0457 5160 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:42:38.0471 5160 sbp2port - ok
22:42:38.0549 5160 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:42:38.0595 5160 SCardSvr - ok
22:42:38.0649 5160 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
22:42:38.0758 5160 Schedule - ok
22:42:38.0796 5160 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:42:38.0818 5160 SCPolicySvc - ok
22:42:38.0849 5160 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:42:38.0913 5160 sdbus - ok
22:42:38.0951 5160 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:42:39.0061 5160 SDRSVC - ok
22:42:39.0089 5160 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:42:39.0163 5160 secdrv - ok
22:42:39.0199 5160 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:42:39.0229 5160 seclogon - ok
22:42:39.0253 5160 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
22:42:39.0282 5160 SENS - ok
22:42:39.0342 5160 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:42:39.0431 5160 Serenum - ok
22:42:39.0462 5160 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
22:42:39.0534 5160 Serial - ok
22:42:39.0574 5160 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:42:39.0617 5160 sermouse - ok
22:42:39.0695 5160 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:42:39.0754 5160 SessionEnv - ok
22:42:39.0804 5160 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:42:39.0826 5160 sffdisk - ok
22:42:39.0858 5160 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:42:39.0917 5160 sffp_mmc - ok
22:42:39.0951 5160 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:42:39.0998 5160 sffp_sd - ok
22:42:40.0028 5160 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:42:40.0098 5160 sfloppy - ok
22:42:40.0153 5160 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:42:40.0254 5160 SharedAccess - ok
22:42:40.0304 5160 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:42:40.0418 5160 ShellHWDetection - ok
22:42:40.0474 5160 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:42:40.0488 5160 sisagp - ok
22:42:40.0534 5160 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:42:40.0548 5160 SiSRaid2 - ok
22:42:40.0579 5160 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:42:40.0601 5160 SiSRaid4 - ok
22:42:40.0640 5160 [ 4723512C035A3A880DB4657705466240 ] SLEE_16_DRIVER C:\Windows\system32\drivers\Sleen16.sys
22:42:40.0654 5160 SLEE_16_DRIVER - ok
22:42:40.0792 5160 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
22:42:41.0217 5160 slsvc - ok
22:42:41.0257 5160 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:42:41.0335 5160 SLUINotify - ok
22:42:41.0376 5160 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:42:41.0416 5160 Smb - ok
22:42:41.0458 5160 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:42:41.0486 5160 SNMPTRAP - ok
22:42:41.0524 5160 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:42:41.0541 5160 spldr - ok
22:42:41.0582 5160 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
22:42:41.0655 5160 Spooler - ok
22:42:41.0753 5160 [ 6FBEB99A5AB20BC6AD390BE2AA12CDF9 ] SpyroService C:\Program Files\FS\Spyro Portal\FlashPortal.exe
22:42:41.0779 5160 SpyroService ( UnsignedFile.Multi.Generic ) - warning
22:42:41.0779 5160 SpyroService - detected UnsignedFile.Multi.Generic (1)
22:42:41.0858 5160 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:42:41.0965 5160 srv - ok
22:42:42.0024 5160 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:42:42.0111 5160 srv2 - ok
22:42:42.0172 5160 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:42:42.0236 5160 srvnet - ok
22:42:42.0269 5160 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:42:42.0333 5160 SSDPSRV - ok
22:42:42.0365 5160 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:42:42.0376 5160 ssmdrv - ok
22:42:42.0420 5160 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:42:42.0454 5160 SstpSvc - ok
22:42:42.0513 5160 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
22:42:42.0550 5160 StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:42:42.0550 5160 StarOpen - detected UnsignedFile.Multi.Generic (1)
22:42:42.0626 5160 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
22:42:42.0683 5160 stisvc - ok
22:42:42.0722 5160 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:42:42.0735 5160 swenum - ok
22:42:42.0798 5160 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
22:42:42.0909 5160 swprv - ok
22:42:42.0944 5160 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:42:42.0958 5160 Symc8xx - ok
22:42:43.0040 5160 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:42:43.0055 5160 Sym_hi - ok
22:42:43.0090 5160 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:42:43.0103 5160 Sym_u3 - ok
22:42:43.0183 5160 [ AEE6E411A915F50101895BA8DC5C15D4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:42:43.0199 5160 SynTP - ok
22:42:43.0304 5160 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
22:42:43.0408 5160 SysMain - ok
22:42:43.0453 5160 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:42:43.0562 5160 TabletInputService - ok
22:42:43.0675 5160 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:42:43.0725 5160 TapiSrv - ok
22:42:43.0773 5160 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:42:43.0814 5160 TBS - ok
22:42:43.0899 5160 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:42:44.0017 5160 Tcpip - ok
22:42:44.0065 5160 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:42:44.0120 5160 Tcpip6 - ok
22:42:44.0173 5160 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:42:44.0252 5160 tcpipreg - ok
22:42:44.0301 5160 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:42:44.0385 5160 TDPIPE - ok
22:42:44.0409 5160 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:42:44.0454 5160 TDTCP - ok
22:42:44.0497 5160 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:42:44.0545 5160 tdx - ok
22:42:44.0609 5160 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:42:44.0626 5160 TermDD - ok
22:42:44.0678 5160 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
22:42:44.0762 5160 TermService - ok
22:42:44.0815 5160 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
22:42:44.0899 5160 Themes - ok
22:42:44.0923 5160 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:42:44.0960 5160 THREADORDER - ok
22:42:45.0062 5160 [ DDB8A339E57D514768F45D33B11BDB50 ] Tosrfusb C:\Windows\system32\Drivers\tosrfusb.sys
22:42:45.0067 5160 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
22:42:45.0067 5160 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
22:42:45.0116 5160 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:42:45.0147 5160 TrkWks - ok
22:42:45.0245 5160 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:42:45.0334 5160 TrustedInstaller - ok
22:42:45.0366 5160 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:42:45.0407 5160 tssecsrv - ok
22:42:45.0448 5160 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:42:45.0477 5160 tunmp - ok
22:42:45.0558 5160 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:42:45.0573 5160 tunnel - ok
22:42:45.0592 5160 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:42:45.0612 5160 uagp35 - ok
22:42:45.0650 5160 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
22:42:45.0662 5160 UBHelper - ok
22:42:45.0709 5160 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:42:45.0736 5160 udfs - ok
22:42:45.0805 5160 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:42:45.0858 5160 UI0Detect - ok
22:42:45.0903 5160 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:42:45.0918 5160 uliagpkx - ok
22:42:45.0964 5160 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:42:46.0008 5160 uliahci - ok
22:42:46.0039 5160 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:42:46.0055 5160 UlSata - ok
22:42:46.0091 5160 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:42:46.0108 5160 ulsata2 - ok
22:42:46.0128 5160 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:42:46.0182 5160 umbus - ok
22:42:46.0213 5160 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:42:46.0285 5160 upnphost - ok
22:42:46.0366 5160 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:42:46.0431 5160 USBAAPL - ok
22:42:46.0478 5160 [ 8EF48FF1C23B1CE6F96D09A45959EB20 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
22:42:46.0577 5160 usbbus - ok
22:42:46.0606 5160 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:42:46.0637 5160 usbccgp - ok
22:42:46.0663 5160 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:42:46.0723 5160 usbcir - ok
22:42:46.0817 5160 [ A0E24C5C2D0CFF04BBD3753A72FAE80B ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
22:42:46.0828 5160 UsbDiag - ok
22:42:46.0891 5160 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:42:46.0926 5160 usbehci - ok
22:42:47.0028 5160 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:42:47.0113 5160 usbhub - ok
22:42:47.0152 5160 [ CC09A1132B1F6A8362107CC134E90D0B ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
22:42:47.0186 5160 USBModem - ok
22:42:47.0249 5160 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:42:47.0294 5160 usbohci - ok
22:42:47.0364 5160 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:42:47.0410 5160 usbprint - ok
22:42:47.0460 5160 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:42:47.0501 5160 usbscan - ok
22:42:47.0550 5160 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:42:47.0572 5160 USBSTOR - ok
22:42:47.0602 5160 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:42:47.0626 5160 usbuhci - ok
22:42:47.0645 5160 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:42:47.0676 5160 usbvideo - ok
22:42:47.0748 5160 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
22:42:47.0777 5160 UxSms - ok
22:42:47.0847 5160 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
22:42:47.0922 5160 vds - ok
22:42:48.0014 5160 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:42:48.0043 5160 vga - ok
22:42:48.0117 5160 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:42:48.0178 5160 VgaSave - ok
22:42:48.0193 5160 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:42:48.0207 5160 viaagp - ok
22:42:48.0235 5160 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:42:48.0277 5160 ViaC7 - ok
22:42:48.0315 5160 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:42:48.0328 5160 viaide - ok
22:42:48.0367 5160 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:42:48.0383 5160 volmgr - ok
22:42:48.0422 5160 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:42:48.0444 5160 volmgrx - ok
22:42:48.0483 5160 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:42:48.0507 5160 volsnap - ok
22:42:48.0584 5160 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:42:48.0600 5160 vsmraid - ok
22:42:48.0666 5160 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
22:42:48.0788 5160 VSS - ok
22:42:48.0840 5160 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
22:42:48.0931 5160 W32Time - ok
22:42:48.0950 5160 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:42:49.0025 5160 WacomPen - ok
22:42:49.0067 5160 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:42:49.0094 5160 Wanarp - ok
22:42:49.0100 5160 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:42:49.0127 5160 Wanarpv6 - ok
22:42:49.0172 5160 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:42:49.0200 5160 wcncsvc - ok
22:42:49.0272 5160 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:42:49.0328 5160 WcsPlugInService - ok
22:42:49.0364 5160 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:42:49.0377 5160 Wd - ok
22:42:49.0432 5160 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:42:49.0476 5160 Wdf01000 - ok
22:42:49.0506 5160 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:42:49.0567 5160 WdiServiceHost - ok
22:42:49.0571 5160 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:42:49.0601 5160 WdiSystemHost - ok
22:42:49.0693 5160 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
22:42:49.0721 5160 WebClient - ok
22:42:49.0805 5160 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:42:49.0878 5160 Wecsvc - ok
22:42:49.0928 5160 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:42:49.0971 5160 wercplsupport - ok
22:42:50.0008 5160 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:42:50.0063 5160 WerSvc - ok
22:42:50.0089 5160 [ D0116C473EF3C381A42BB55036A1ADB1 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:42:50.0165 5160 winachsf - ok
22:42:50.0315 5160 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:42:50.0333 5160 WinDefend - ok
22:42:50.0339 5160 WinHttpAutoProxySvc - ok
22:42:50.0480 5160 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:42:50.0504 5160 Winmgmt - ok
22:42:50.0609 5160 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:42:50.0667 5160 WinRM - ok
22:42:50.0741 5160 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
22:42:50.0803 5160 WinUSB - ok
22:42:50.0891 5160 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:42:51.0003 5160 Wlansvc - ok
22:42:51.0042 5160 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:42:51.0064 5160 WmiAcpi - ok
22:42:51.0227 5160 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:42:51.0275 5160 wmiApSrv - ok
22:42:51.0383 5160 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:42:51.0563 5160 WMPNetworkSvc - ok
22:42:51.0620 5160 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:42:51.0719 5160 WPCSvc - ok
22:42:51.0760 5160 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:42:51.0815 5160 WPDBusEnum - ok
22:42:51.0893 5160 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:42:51.0908 5160 WpdUsb - ok
22:42:52.0048 5160 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:42:52.0105 5160 WPFFontCache_v0400 - ok
22:42:52.0161 5160 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:42:52.0199 5160 ws2ifsl - ok
22:42:52.0286 5160 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
22:42:52.0314 5160 wscsvc - ok
22:42:52.0319 5160 WSearch - ok
22:42:52.0480 5160 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:42:52.0801 5160 wuauserv - ok
22:42:52.0882 5160 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:42:52.0914 5160 WudfPf - ok
22:42:52.0965 5160 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:42:53.0023 5160 WUDFRd - ok
22:42:53.0110 5160 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:42:53.0141 5160 wudfsvc - ok
22:42:53.0201 5160 [ 22A08B9FAECD6A306868F59B7F03F188 ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
22:42:53.0213 5160 XAudio - ok
22:42:53.0242 5160 ================ Scan global ===============================
22:42:53.0312 5160 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:42:53.0372 5160 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:42:53.0386 5160 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:42:53.0439 5160 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:42:53.0445 5160 [Global] - ok
22:42:53.0446 5160 ================ Scan MBR ==================================
22:42:53.0532 5160 [ BEEDF9B7F43A72A91456F7131AFC11B2 ] \Device\Harddisk0\DR0
22:42:54.0124 5160 \Device\Harddisk0\DR0 - ok
22:42:54.0124 5160 ================ Scan VBR ==================================
22:42:54.0182 5160 [ 3998E5CDFFB144E56E82B7317DF3083C ] \Device\Harddisk0\DR0\Partition1
22:42:54.0183 5160 \Device\Harddisk0\DR0\Partition1 - ok
22:42:54.0184 5160 ============================================================
22:42:54.0184 5160 Scan finished
22:42:54.0184 5160 ============================================================
22:42:54.0198 5376 Detected object count: 5
22:42:54.0198 5376 Actual detected object count: 5
22:48:43.0822 5376 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0822 5376 FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0822 5376 RTSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0822 5376 RTSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0823 5376 SpyroService ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0823 5376 SpyroService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0823 5376 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0823 5376 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0824 5376 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0824 5376 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 04.06.2013 10:26
Die Logs bitte in CODE-Tags!
und bei aswMBR sollst du none wählen und dann scannen lassen

Jeep 05.06.2013 06:47
hier der log file von aswMBR

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-05 07:26:27
-----------------------------
07:26:27.976    OS Version: Windows 6.0.6002 Service Pack 2
07:26:27.976    Number of processors: 2 586 0x170A
07:26:27.977    ComputerName: GUIDO-PC  UserName: Guido
07:26:29.375    Initialize success
07:30:36.790    AVAST engine defs: 13060401
07:32:35.247    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:32:35.250    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
07:32:35.882    Disk 0 MBR read successfully
07:32:35.885    Disk 0 MBR scan
07:32:35.891    Disk 0 unknown MBR code
07:32:35.928    Disk 0 Partition 1 00    27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
07:32:35.976    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      466938 MB offset 20482048
07:32:36.031    Disk 0 scanning sectors +976771072
07:32:36.814    Disk 0 scanning C:\Windows\system32\drivers
07:33:46.400    Service scanning
07:34:17.363    Modules scanning
07:35:22.896    Disk 0 trace - called modules:
07:35:22.955    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
07:35:22.961    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c955b8]
07:35:22.966    3 CLASSPNP.SYS[8b3a68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x860f1028]
07:35:22.972    Scan finished successfully
07:39:40.697    Disk 0 MBR has been saved successfully to "C:\Users\Guido\Desktop\MBR.dat"
07:39:40.704    The log file has been saved successfully to "C:\Users\Guido\Desktop\aswMBR.txt"
und hier nochmal der log file von TDSSKiller (ich hoffe, dass es diesesmal als CODE angezeigt wird)

Code:
22:41:00.0170 4236  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:41:00.0319 4236  ============================================================
22:41:00.0319 4236  Current date / time: 2013/06/03 22:41:00.0319
22:41:00.0319 4236  SystemInfo:
22:41:00.0319 4236 
22:41:00.0319 4236  OS Version: 6.0.6002 ServicePack: 2.0
22:41:00.0319 4236  Product type: Workstation
22:41:00.0319 4236  ComputerName: GUIDO-PC
22:41:00.0319 4236  UserName: Guido
22:41:00.0320 4236  Windows directory: C:\Windows
22:41:00.0320 4236  System windows directory: C:\Windows
22:41:00.0320 4236  Processor architecture: Intel x86
22:41:00.0320 4236  Number of processors: 2
22:41:00.0320 4236  Page size: 0x1000
22:41:00.0320 4236  Boot type: Normal boot
22:41:00.0320 4236  ============================================================
22:41:01.0166 4236  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:41:01.0176 4236  ============================================================
22:41:01.0176 4236  \Device\Harddisk0\DR0:
22:41:01.0177 4236  MBR partitions:
22:41:01.0177 4236  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
22:41:01.0177 4236  ============================================================
22:41:01.0208 4236  C: <-> \Device\Harddisk0\DR0\Partition1
22:41:01.0209 4236  ============================================================
22:41:01.0209 4236  Initialize success
22:41:01.0209 4236  ============================================================
22:42:02.0937 5160  ============================================================
22:42:02.0937 5160  Scan started
22:42:02.0937 5160  Mode: Manual; SigCheck; TDLFS;
22:42:02.0937 5160  ============================================================
22:42:03.0348 5160  ================ Scan system memory ========================
22:42:03.0348 5160  System memory - ok
22:42:03.0349 5160  ================ Scan services =============================
22:42:03.0743 5160  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:42:03.0882 5160  ACPI - ok
22:42:04.0089 5160  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:42:04.0107 5160  AdobeARMservice - ok
22:42:04.0240 5160  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:42:04.0265 5160  AdobeFlashPlayerUpdateSvc - ok
22:42:04.0341 5160  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
22:42:04.0367 5160  adp94xx - ok
22:42:04.0416 5160  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
22:42:04.0437 5160  adpahci - ok
22:42:04.0495 5160  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:42:04.0530 5160  adpu160m - ok
22:42:04.0575 5160  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
22:42:04.0591 5160  adpu320 - ok
22:42:04.0669 5160  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
22:42:04.0836 5160  AeLookupSvc - ok
22:42:04.0937 5160  [ 593DA4D53AED56F4172D270649333957 ] AF05BDA        C:\Windows\system32\drivers\AF05BDA.sys
22:42:04.0990 5160  AF05BDA - ok
22:42:05.0105 5160  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
22:42:05.0169 5160  AFD - ok
22:42:05.0271 5160  [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
22:42:05.0518 5160  AgereSoftModem - ok
22:42:05.0678 5160  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:42:05.0698 5160  agp440 - ok
22:42:05.0758 5160  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
22:42:05.0771 5160  aic78xx - ok
22:42:05.0820 5160  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
22:42:06.0058 5160  ALG - ok
22:42:06.0146 5160  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:42:06.0164 5160  aliide - ok
22:42:06.0349 5160  [ C5450AEB65B100E10404A4B4B4DA821C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:42:06.0496 5160  AMD External Events Utility - ok
22:42:06.0600 5160  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:42:06.0619 5160  amdagp - ok
22:42:06.0661 5160  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:42:06.0677 5160  amdide - ok
22:42:06.0714 5160  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
22:42:06.0776 5160  AmdK7 - ok
22:42:06.0813 5160  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
22:42:06.0855 5160  AmdK8 - ok
22:42:07.0088 5160  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:42:07.0103 5160  AntiVirSchedulerService - ok
22:42:07.0247 5160  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:42:07.0261 5160  AntiVirService - ok
22:42:07.0325 5160  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
22:42:07.0384 5160  Appinfo - ok
22:42:07.0511 5160  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:42:07.0535 5160  Apple Mobile Device - ok
22:42:07.0620 5160  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
22:42:07.0637 5160  arc - ok
22:42:07.0672 5160  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:42:07.0699 5160  arcsas - ok
22:42:07.0732 5160  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:07.0875 5160  AsyncMac - ok
22:42:07.0923 5160  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
22:42:07.0949 5160  atapi - ok
22:42:08.0013 5160  [ ACDB46B1A467752A2F280C68C8461556 ] athr            C:\Windows\system32\DRIVERS\athr.sys
22:42:08.0265 5160  athr - ok
22:42:08.0571 5160  [ 83287134958B679AA40BFB00E23BDCA7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:42:09.0143 5160  atikmdag - ok
22:42:09.0245 5160  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:42:09.0296 5160  AudioEndpointBuilder - ok
22:42:09.0368 5160  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:42:09.0393 5160  Audiosrv - ok
22:42:09.0468 5160  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:42:09.0487 5160  avgntflt - ok
22:42:09.0679 5160  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:42:09.0694 5160  avipbb - ok
22:42:09.0737 5160  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:42:09.0749 5160  avkmgr - ok
22:42:09.0892 5160  [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:42:09.0955 5160  b57nd60x - ok
22:42:10.0024 5160  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:42:10.0067 5160  Beep - ok
22:42:10.0251 5160  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
22:42:10.0281 5160  BFE - ok
22:42:10.0432 5160  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
22:42:10.0494 5160  BITS - ok
22:42:10.0536 5160  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:42:10.0563 5160  blbdrive - ok
22:42:10.0654 5160  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:42:10.0673 5160  Bonjour Service - ok
22:42:10.0746 5160  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:42:10.0781 5160  bowser - ok
22:42:10.0855 5160  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:42:10.0896 5160  BrFiltLo - ok
22:42:10.0912 5160  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:42:10.0952 5160  BrFiltUp - ok
22:42:11.0040 5160  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
22:42:11.0091 5160  Browser - ok
22:42:11.0318 5160  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\DRIVERS\BrSerId.sys
22:42:11.0432 5160  Brserid - ok
22:42:11.0469 5160  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:42:11.0540 5160  BrSerWdm - ok
22:42:11.0605 5160  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:42:11.0652 5160  BrUsbMdm - ok
22:42:11.0669 5160  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
22:42:11.0743 5160  BrUsbSer - ok
22:42:11.0811 5160  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:42:11.0892 5160  BTHMODEM - ok
22:42:12.0012 5160  catchme - ok
22:42:12.0059 5160  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:42:12.0151 5160  cdfs - ok
22:42:12.0203 5160  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
22:42:12.0225 5160  cdrom - ok
22:42:12.0299 5160  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
22:42:12.0321 5160  CertPropSvc - ok
22:42:12.0387 5160  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
22:42:12.0435 5160  circlass - ok
22:42:12.0521 5160  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:42:12.0541 5160  CLFS - ok
22:42:12.0719 5160  [ 2B272D0A6E5071829B516FFDC7F841CA ] CLHNService    C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
22:42:12.0730 5160  CLHNService - ok
22:42:12.0860 5160  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:42:12.0881 5160  clr_optimization_v2.0.50727_32 - ok
22:42:13.0036 5160  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:42:13.0052 5160  clr_optimization_v4.0.30319_32 - ok
22:42:13.0077 5160  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:42:13.0118 5160  CmBatt - ok
22:42:13.0146 5160  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:42:13.0160 5160  cmdide - ok
22:42:13.0191 5160  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:42:13.0212 5160  Compbatt - ok
22:42:13.0221 5160  COMSysApp - ok
22:42:13.0247 5160  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
22:42:13.0260 5160  crcdisk - ok
22:42:13.0283 5160  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:42:13.0312 5160  Crusoe - ok
22:42:13.0371 5160  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:42:13.0478 5160  CryptSvc - ok
22:42:13.0666 5160  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:42:13.0821 5160  DcomLaunch - ok
22:42:13.0880 5160  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:42:13.0959 5160  DfsC - ok
22:42:14.0111 5160  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:42:14.0330 5160  DFSR - ok
22:42:14.0460 5160  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:42:14.0499 5160  Dhcp - ok
22:42:14.0570 5160  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:42:14.0586 5160  disk - ok
22:42:14.0643 5160  [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr        C:\Windows\system32\DRIVERS\DKbFltr.sys
22:42:14.0655 5160  DKbFltr - ok
22:42:14.0739 5160  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:42:14.0800 5160  Dnscache - ok
22:42:14.0875 5160  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
22:42:14.0936 5160  dot3svc - ok
22:42:14.0981 5160  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
22:42:15.0011 5160  DPS - ok
22:42:15.0060 5160  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
22:42:15.0118 5160  drmkaud - ok
22:42:15.0229 5160  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
22:42:15.0307 5160  DXGKrnl - ok
22:42:15.0330 5160  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
22:42:15.0358 5160  E1G60 - ok
22:42:15.0419 5160  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
22:42:15.0442 5160  EapHost - ok
22:42:15.0542 5160  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:42:15.0563 5160  Ecache - ok
22:42:15.0627 5160  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
22:42:15.0702 5160  ehRecvr - ok
22:42:15.0730 5160  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
22:42:15.0866 5160  ehSched - ok
22:42:15.0932 5160  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
22:42:15.0969 5160  ehstart - ok
22:42:16.0071 5160  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
22:42:16.0093 5160  elxstor - ok
22:42:16.0199 5160  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
22:42:16.0304 5160  EMDMgmt - ok
22:42:16.0441 5160  [ 2072CBE938DD355C4A52E9A4DCF5439F ] ePowerSvc      C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
22:42:16.0484 5160  ePowerSvc - ok
22:42:16.0548 5160  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:42:16.0618 5160  ErrDev - ok
22:42:16.0704 5160  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
22:42:16.0765 5160  EventSystem - ok
22:42:16.0874 5160  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
22:42:16.0975 5160  exfat - ok
22:42:17.0048 5160  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
22:42:17.0077 5160  fastfat - ok
22:42:17.0161 5160  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
22:42:17.0201 5160  fdc - ok
22:42:17.0258 5160  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
22:42:17.0285 5160  fdPHost - ok
22:42:17.0332 5160  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:42:17.0410 5160  FDResPub - ok
22:42:17.0481 5160  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:42:17.0495 5160  FileInfo - ok
22:42:17.0523 5160  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
22:42:17.0599 5160  Filetrace - ok
22:42:17.0635 5160  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:42:17.0681 5160  flpydisk - ok
22:42:17.0744 5160  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:42:17.0762 5160  FltMgr - ok
22:42:17.0880 5160  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
22:42:17.0979 5160  FontCache - ok
22:42:18.0072 5160  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:42:18.0091 5160  FontCache3.0.0.0 - ok
22:42:18.0270 5160  [ 8D3B3AD7F9B6EE8AC96B1AD293BB0FB0 ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
22:42:18.0318 5160  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
22:42:18.0318 5160  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
22:42:18.0384 5160  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:42:18.0504 5160  Fs_Rec - ok
22:42:18.0548 5160  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:42:18.0568 5160  gagp30kx - ok
22:42:18.0615 5160  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:42:18.0626 5160  GEARAspiWDM - ok
22:42:18.0779 5160  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:42:18.0795 5160  GoogleDesktopManager-051210-111108 - ok
22:42:18.0865 5160  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
22:42:18.0988 5160  gpsvc - ok
22:42:19.0088 5160  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca3255a4e7fb60 C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:19.0113 5160  gupdate1ca3255a4e7fb60 - ok
22:42:19.0177 5160  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:19.0189 5160  gupdatem - ok
22:42:19.0276 5160  [ A036414384B1F3F36D7E40286CF6DD07 ] hcw95bda        C:\Windows\system32\Drivers\hcw95bda.sys
22:42:19.0451 5160  hcw95bda - ok
22:42:19.0590 5160  [ A83862F32F86DA77B1AB3A11E18BB62F ] hcw95rc        C:\Windows\system32\DRIVERS\hcw95rc.sys
22:42:19.0630 5160  hcw95rc - ok
22:42:19.0723 5160  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:42:19.0773 5160  HdAudAddService - ok
22:42:19.0831 5160  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:42:19.0889 5160  HDAudBus - ok
22:42:19.0938 5160  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:42:20.0055 5160  HidBth - ok
22:42:20.0116 5160  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
22:42:20.0162 5160  HidIr - ok
22:42:20.0211 5160  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\System32\hidserv.dll
22:42:20.0329 5160  hidserv - ok
22:42:20.0373 5160  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:42:20.0416 5160  HidUsb - ok
22:42:20.0457 5160  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:42:20.0485 5160  hkmsvc - ok
22:42:20.0522 5160  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
22:42:20.0535 5160  HpCISSs - ok
22:42:20.0626 5160  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:42:20.0732 5160  HSFHWAZL - ok
22:42:20.0817 5160  [ 1E7C79CBAF71AA92E0EEE924907DCB55 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
22:42:20.0890 5160  HsfXAudioService - ok
22:42:20.0993 5160  [ EFED6BD9B9D5F407ADCA918BBE2D410D ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:42:21.0118 5160  HSF_DPV - ok
22:42:21.0158 5160  [ C2EB8396C46E13F76037D70EAE8820A9 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:42:21.0175 5160  HSXHWAZL - ok
22:42:21.0217 5160  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:42:21.0270 5160  HTTP - ok
22:42:21.0450 5160  [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:42:21.0509 5160  hwdatacard - ok
22:42:21.0564 5160  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
22:42:21.0578 5160  i2omp - ok
22:42:21.0655 5160  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:42:21.0708 5160  i8042prt - ok
22:42:21.0809 5160  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:42:21.0827 5160  iaStor - ok
22:42:21.0917 5160  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
22:42:21.0936 5160  iaStorV - ok
22:42:22.0043 5160  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:42:22.0153 5160  idsvc - ok
22:42:22.0180 5160  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
22:42:22.0193 5160  iirsp - ok
22:42:22.0327 5160  [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
22:42:22.0365 5160  IJPLMSVC - ok
22:42:22.0455 5160  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:42:22.0554 5160  IKEEXT - ok
22:42:22.0651 5160  [ 80919A856693B1D1D4177F11F5BDA545 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:42:22.0983 5160  IntcAzAudAddService - ok
22:42:23.0048 5160  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:42:23.0061 5160  intelide - ok
22:42:23.0147 5160  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:42:23.0203 5160  intelppm - ok
22:42:23.0246 5160  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
22:42:23.0313 5160  IPBusEnum - ok
22:42:23.0361 5160  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:23.0434 5160  IpFilterDriver - ok
22:42:23.0497 5160  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:42:23.0626 5160  iphlpsvc - ok
22:42:23.0632 5160  IpInIp - ok
22:42:23.0739 5160  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
22:42:23.0792 5160  IPMIDRV - ok
22:42:23.0819 5160  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
22:42:23.0850 5160  IPNAT - ok
22:42:23.0934 5160  [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:42:23.0990 5160  iPod Service - ok
22:42:24.0030 5160  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
22:42:24.0107 5160  irda - ok
22:42:24.0196 5160  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:42:24.0224 5160  IRENUM - ok
22:42:24.0336 5160  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon          C:\Windows\System32\irmon.dll
22:42:24.0397 5160  Irmon - ok
22:42:24.0443 5160  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:42:24.0458 5160  isapnp - ok
22:42:24.0497 5160  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:42:24.0515 5160  iScsiPrt - ok
22:42:24.0550 5160  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:42:24.0563 5160  iteatapi - ok
22:42:24.0596 5160  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
22:42:24.0608 5160  iteraid - ok
22:42:24.0659 5160  [ EAC21E8014C7E6EE341AFFFB7E2BBD54 ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
22:42:24.0699 5160  k57nd60x - ok
22:42:24.0723 5160  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:24.0755 5160  kbdclass - ok
22:42:24.0813 5160  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:24.0835 5160  kbdhid - ok
22:42:24.0861 5160  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:42:24.0911 5160  KeyIso - ok
22:42:24.0956 5160  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:42:24.0981 5160  KSecDD - ok
22:42:25.0058 5160  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
22:42:25.0130 5160  KtmRm - ok
22:42:25.0208 5160  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:42:25.0276 5160  LanmanServer - ok
22:42:25.0361 5160  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:42:25.0517 5160  LanmanWorkstation - ok
22:42:25.0662 5160  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:42:25.0691 5160  lltdio - ok
22:42:25.0728 5160  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
22:42:25.0772 5160  lltdsvc - ok
22:42:25.0804 5160  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
22:42:25.0858 5160  lmhosts - ok
22:42:25.0897 5160  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:42:25.0913 5160  LSI_FC - ok
22:42:25.0932 5160  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
22:42:25.0965 5160  LSI_SAS - ok
22:42:25.0986 5160  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:42:26.0000 5160  LSI_SCSI - ok
22:42:26.0031 5160  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
22:42:26.0113 5160  luafv - ok
22:42:26.0118 5160  lxbk_device - ok
22:42:26.0164 5160  mbamswissarmy - ok
22:42:26.0267 5160  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
22:42:26.0325 5160  Mcx2Svc - ok
22:42:26.0378 5160  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:42:26.0392 5160  mdmxsdk - ok
22:42:26.0483 5160  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
22:42:26.0497 5160  megasas - ok
22:42:26.0572 5160  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
22:42:26.0596 5160  MegaSR - ok
22:42:26.0712 5160  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:42:26.0733 5160  Microsoft Office Groove Audit Service - ok
22:42:26.0780 5160  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
22:42:26.0830 5160  MMCSS - ok
22:42:26.0851 5160  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
22:42:26.0880 5160  Modem - ok
22:42:26.0913 5160  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
22:42:26.0999 5160  monitor - ok
22:42:27.0024 5160  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:42:27.0051 5160  mouclass - ok
22:42:27.0076 5160  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:42:27.0115 5160  mouhid - ok
22:42:27.0146 5160  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:42:27.0164 5160  MountMgr - ok
22:42:27.0255 5160  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:42:27.0271 5160  mpio - ok
22:42:27.0313 5160  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:42:27.0367 5160  mpsdrv - ok
22:42:27.0428 5160  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:42:27.0552 5160  MpsSvc - ok
22:42:27.0614 5160  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:42:27.0627 5160  Mraid35x - ok
22:42:27.0733 5160  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:42:27.0777 5160  MRxDAV - ok
22:42:27.0826 5160  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:27.0879 5160  mrxsmb - ok
22:42:27.0887 5160  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:27.0946 5160  mrxsmb10 - ok
22:42:27.0961 5160  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:28.0017 5160  mrxsmb20 - ok
22:42:28.0078 5160  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
22:42:28.0092 5160  msahci - ok
22:42:28.0131 5160  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
22:42:28.0146 5160  msdsm - ok
22:42:28.0205 5160  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
22:42:28.0264 5160  MSDTC - ok
22:42:28.0293 5160  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:42:28.0385 5160  Msfs - ok
22:42:28.0453 5160  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:42:28.0482 5160  msisadrv - ok
22:42:28.0554 5160  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
22:42:28.0617 5160  MSiSCSI - ok
22:42:28.0624 5160  msiserver - ok
22:42:28.0643 5160  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
22:42:28.0702 5160  MSKSSRV - ok
22:42:28.0769 5160  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:28.0795 5160  MSPCLOCK - ok
22:42:28.0824 5160  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
22:42:28.0858 5160  MSPQM - ok
22:42:28.0925 5160  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
22:42:28.0943 5160  MsRPC - ok
22:42:29.0004 5160  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:42:29.0020 5160  mssmbios - ok
22:42:29.0071 5160  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
22:42:29.0118 5160  MSTEE - ok
22:42:29.0154 5160  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
22:42:29.0169 5160  Mup - ok
22:42:29.0211 5160  [ 2DE94E435C3EFDE58C7B1856D4F20724 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:42:29.0222 5160  mwlPSDFilter - ok
22:42:29.0242 5160  [ 61920A7146EED3D903DBBB8EC295AF76 ] mwlPSDNServ    C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:42:29.0252 5160  mwlPSDNServ - ok
22:42:29.0267 5160  [ E0F49721E68EBD2983E84C44FADA6665 ] mwlPSDVDisk    C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:42:29.0278 5160  mwlPSDVDisk - ok
22:42:29.0402 5160  [ FD257CD94057D02108B954156D7B2770 ] MWLService      C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
22:42:29.0420 5160  MWLService - ok
22:42:29.0494 5160  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:42:29.0546 5160  napagent - ok
22:42:29.0654 5160  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
22:42:29.0673 5160  NativeWifiP - ok
22:42:29.0771 5160  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:42:29.0800 5160  NDIS - ok
22:42:29.0864 5160  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:29.0885 5160  NdisTapi - ok
22:42:29.0934 5160  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:29.0961 5160  Ndisuio - ok
22:42:30.0062 5160  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:30.0085 5160  NdisWan - ok
22:42:30.0180 5160  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
22:42:30.0219 5160  NDProxy - ok
22:42:30.0258 5160  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
22:42:30.0355 5160  NetBIOS - ok
22:42:30.0402 5160  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
22:42:30.0468 5160  netbt - ok
22:42:30.0498 5160  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:42:30.0519 5160  Netlogon - ok
22:42:30.0548 5160  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:42:30.0626 5160  Netman - ok
22:42:30.0669 5160  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:42:30.0746 5160  netprofm - ok
22:42:30.0779 5160  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:42:30.0800 5160  NetTcpPortSharing - ok
22:42:30.0823 5160  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
22:42:30.0850 5160  nfrd960 - ok
22:42:31.0018 5160  [ 43C9A197D0ADD13118EB8E75BA9627BA ] NitroDriverReadSpool8 C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
22:42:31.0034 5160  NitroDriverReadSpool8 - ok
22:42:31.0079 5160  [ 09E91618713E7117323E5338A7906F47 ] NitroReaderDriverReadSpool3 C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
22:42:31.0094 5160  NitroReaderDriverReadSpool3 - ok
22:42:31.0138 5160  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:42:31.0209 5160  NlaSvc - ok
22:42:31.0259 5160  [ 4CA56D07BA38588EE96BE2BF157BA4D4 ] nlsX86cc        C:\Windows\system32\NLSSRV32.EXE
22:42:31.0273 5160  nlsX86cc - ok
22:42:31.0408 5160  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf            C:\Windows\system32\drivers\npf.sys
22:42:31.0419 5160  npf - ok
22:42:31.0491 5160  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:42:31.0515 5160  Npfs - ok
22:42:31.0557 5160  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA        C:\Windows\system32\DRIVERS\nscirda.sys
22:42:31.0584 5160  NSCIRDA - ok
22:42:31.0660 5160  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
22:42:31.0691 5160  nsi - ok
22:42:31.0697 5160  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:42:31.0725 5160  nsiproxy - ok
22:42:31.0838 5160  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:42:31.0940 5160  Ntfs - ok
22:42:32.0049 5160  [ 944E3911888B9FFFD843B91C8ABBD3F6 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:42:32.0062 5160  NTI IScheduleSvc - ok
22:42:32.0149 5160  [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:42:32.0169 5160  NTIBackupSvc - ok
22:42:32.0212 5160  [ 6DCAA65F49EF3B97A5CFFC0CB5DE1C2F ] NTIDrvr        C:\Windows\system32\Drivers\NTIDrvr.sys
22:42:32.0222 5160  NTIDrvr - ok
22:42:32.0259 5160  [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:42:32.0271 5160  NTISchedulerSvc - ok
22:42:32.0309 5160  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
22:42:32.0355 5160  ntrigdigi - ok
22:42:32.0388 5160  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:42:32.0480 5160  Null - ok
22:42:32.0518 5160  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:42:32.0533 5160  nvraid - ok
22:42:32.0573 5160  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:42:32.0586 5160  nvstor - ok
22:42:32.0614 5160  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:42:32.0630 5160  nv_agp - ok
22:42:32.0637 5160  NwlnkFlt - ok
22:42:32.0645 5160  NwlnkFwd - ok
22:42:32.0871 5160  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:42:32.0922 5160  odserv - ok
22:42:32.0980 5160  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:42:33.0044 5160  ohci1394 - ok
22:42:33.0162 5160  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:42:33.0183 5160  ose - ok
22:42:33.0283 5160  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:42:33.0400 5160  p2pimsvc - ok
22:42:33.0428 5160  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:42:33.0453 5160  p2psvc - ok
22:42:33.0490 5160  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
22:42:33.0537 5160  Parport - ok
22:42:33.0590 5160  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
22:42:33.0605 5160  partmgr - ok
22:42:33.0627 5160  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:42:33.0691 5160  Parvdm - ok
22:42:33.0721 5160  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:42:33.0804 5160  PcaSvc - ok
22:42:33.0877 5160  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
22:42:33.0900 5160  pci - ok
22:42:33.0934 5160  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
22:42:33.0972 5160  pciide - ok
22:42:34.0082 5160  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:42:34.0099 5160  pcmcia - ok
22:42:34.0175 5160  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:42:34.0275 5160  PEAUTH - ok
22:42:34.0400 5160  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
22:42:34.0604 5160  pla - ok
22:42:34.0698 5160  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:42:34.0725 5160  PlugPlay - ok
22:42:34.0765 5160  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
22:42:34.0875 5160  PNRPAutoReg - ok
22:42:34.0887 5160  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
22:42:34.0913 5160  PNRPsvc - ok
22:42:34.0981 5160  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
22:42:35.0042 5160  PolicyAgent - ok
22:42:35.0110 5160  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:42:35.0182 5160  PptpMiniport - ok
22:42:35.0260 5160  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
22:42:35.0316 5160  Processor - ok
22:42:35.0393 5160  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
22:42:35.0433 5160  ProfSvc - ok
22:42:35.0453 5160  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:42:35.0468 5160  ProtectedStorage - ok
22:42:35.0535 5160  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:42:35.0566 5160  PSched - ok
22:42:35.0683 5160  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:42:35.0781 5160  ql2300 - ok
22:42:35.0831 5160  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:42:35.0846 5160  ql40xx - ok
22:42:35.0883 5160  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
22:42:35.0939 5160  QWAVE - ok
22:42:35.0975 5160  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:42:36.0030 5160  QWAVEdrv - ok
22:42:36.0050 5160  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:42:36.0092 5160  RasAcd - ok
22:42:36.0167 5160  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
22:42:36.0210 5160  RasAuto - ok
22:42:36.0285 5160  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:36.0363 5160  Rasl2tp - ok
22:42:36.0434 5160  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:42:36.0481 5160  RasMan - ok
22:42:36.0536 5160  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:36.0579 5160  RasPppoe - ok
22:42:36.0617 5160  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
22:42:36.0632 5160  RasSstp - ok
22:42:36.0720 5160  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
22:42:36.0778 5160  rdbss - ok
22:42:36.0821 5160  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:36.0874 5160  RDPCDD - ok
22:42:36.0907 5160  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
22:42:36.0966 5160  rdpdr - ok
22:42:36.0980 5160  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:42:37.0028 5160  RDPENCDD - ok
22:42:37.0105 5160  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
22:42:37.0158 5160  RDPWD - ok
22:42:37.0252 5160  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:42:37.0283 5160  RemoteAccess - ok
22:42:37.0348 5160  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:42:37.0374 5160  RemoteRegistry - ok
22:42:37.0408 5160  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:42:37.0457 5160  RpcLocator - ok
22:42:37.0494 5160  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
22:42:37.0564 5160  RpcSs - ok
22:42:37.0626 5160  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:42:37.0695 5160  rspndr - ok
22:42:37.0788 5160  [ D85DA4371AF61359EDFCA4EA06619DD4 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
22:42:37.0801 5160  RTHDMIAzAudService - ok
22:42:37.0864 5160  [ 9B09F336DE36A7A6CA871DE8A7847B65 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
22:42:37.0903 5160  RTSTOR ( UnsignedFile.Multi.Generic ) - warning
22:42:37.0903 5160  RTSTOR - detected UnsignedFile.Multi.Generic (1)
22:42:37.0963 5160  [ 69013A123A00B3042C260B0056DF0152 ] s1029bus        C:\Windows\system32\DRIVERS\s1029bus.sys
22:42:37.0979 5160  s1029bus - ok
22:42:38.0004 5160  [ 1565FC31F872963FE8AF471123D8424C ] s1029mdfl      C:\Windows\system32\DRIVERS\s1029mdfl.sys
22:42:38.0014 5160  s1029mdfl - ok
22:42:38.0042 5160  [ D67A8042ECF6C983AC0E308B36603677 ] s1029mdm        C:\Windows\system32\DRIVERS\s1029mdm.sys
22:42:38.0060 5160  s1029mdm - ok
22:42:38.0101 5160  [ 9AC56F06C1E13A963C82EBD067FDF274 ] s1029mgmt      C:\Windows\system32\DRIVERS\s1029mgmt.sys
22:42:38.0113 5160  s1029mgmt - ok
22:42:38.0235 5160  [ 00C66C6BAAFB2747F15F94F15888C94A ] s1029nd5        C:\Windows\system32\DRIVERS\s1029nd5.sys
22:42:38.0248 5160  s1029nd5 - ok
22:42:38.0283 5160  [ 6FC093ABA554E45755DC2F3896B6C8D7 ] s1029obex      C:\Windows\system32\DRIVERS\s1029obex.sys
22:42:38.0303 5160  s1029obex - ok
22:42:38.0366 5160  [ 9979B0E68815394665B2109B03D15FA1 ] s1029unic      C:\Windows\system32\DRIVERS\s1029unic.sys
22:42:38.0389 5160  s1029unic - ok
22:42:38.0415 5160  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
22:42:38.0430 5160  SamSs - ok
22:42:38.0457 5160  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:42:38.0471 5160  sbp2port - ok
22:42:38.0549 5160  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:42:38.0595 5160  SCardSvr - ok
22:42:38.0649 5160  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:42:38.0758 5160  Schedule - ok
22:42:38.0796 5160  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
22:42:38.0818 5160  SCPolicySvc - ok
22:42:38.0849 5160  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
22:42:38.0913 5160  sdbus - ok
22:42:38.0951 5160  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:42:39.0061 5160  SDRSVC - ok
22:42:39.0089 5160  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:42:39.0163 5160  secdrv - ok
22:42:39.0199 5160  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:42:39.0229 5160  seclogon - ok
22:42:39.0253 5160  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
22:42:39.0282 5160  SENS - ok
22:42:39.0342 5160  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
22:42:39.0431 5160  Serenum - ok
22:42:39.0462 5160  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:42:39.0534 5160  Serial - ok
22:42:39.0574 5160  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:42:39.0617 5160  sermouse - ok
22:42:39.0695 5160  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:42:39.0754 5160  SessionEnv - ok
22:42:39.0804 5160  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
22:42:39.0826 5160  sffdisk - ok
22:42:39.0858 5160  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:42:39.0917 5160  sffp_mmc - ok
22:42:39.0951 5160  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
22:42:39.0998 5160  sffp_sd - ok
22:42:40.0028 5160  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
22:42:40.0098 5160  sfloppy - ok
22:42:40.0153 5160  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:42:40.0254 5160  SharedAccess - ok
22:42:40.0304 5160  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:42:40.0418 5160  ShellHWDetection - ok
22:42:40.0474 5160  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:42:40.0488 5160  sisagp - ok
22:42:40.0534 5160  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:42:40.0548 5160  SiSRaid2 - ok
22:42:40.0579 5160  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:42:40.0601 5160  SiSRaid4 - ok
22:42:40.0640 5160  [ 4723512C035A3A880DB4657705466240 ] SLEE_16_DRIVER  C:\Windows\system32\drivers\Sleen16.sys
22:42:40.0654 5160  SLEE_16_DRIVER - ok
22:42:40.0792 5160  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
22:42:41.0217 5160  slsvc - ok
22:42:41.0257 5160  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:42:41.0335 5160  SLUINotify - ok
22:42:41.0376 5160  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
22:42:41.0416 5160  Smb - ok
22:42:41.0458 5160  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:42:41.0486 5160  SNMPTRAP - ok
22:42:41.0524 5160  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
22:42:41.0541 5160  spldr - ok
22:42:41.0582 5160  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
22:42:41.0655 5160  Spooler - ok
22:42:41.0753 5160  [ 6FBEB99A5AB20BC6AD390BE2AA12CDF9 ] SpyroService    C:\Program Files\FS\Spyro Portal\FlashPortal.exe
22:42:41.0779 5160  SpyroService ( UnsignedFile.Multi.Generic ) - warning
22:42:41.0779 5160  SpyroService - detected UnsignedFile.Multi.Generic (1)
22:42:41.0858 5160  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
22:42:41.0965 5160  srv - ok
22:42:42.0024 5160  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:42:42.0111 5160  srv2 - ok
22:42:42.0172 5160  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:42:42.0236 5160  srvnet - ok
22:42:42.0269 5160  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
22:42:42.0333 5160  SSDPSRV - ok
22:42:42.0365 5160  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:42:42.0376 5160  ssmdrv - ok
22:42:42.0420 5160  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
22:42:42.0454 5160  SstpSvc - ok
22:42:42.0513 5160  [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
22:42:42.0550 5160  StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:42:42.0550 5160  StarOpen - detected UnsignedFile.Multi.Generic (1)
22:42:42.0626 5160  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:42:42.0683 5160  stisvc - ok
22:42:42.0722 5160  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:42:42.0735 5160  swenum - ok
22:42:42.0798 5160  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
22:42:42.0909 5160  swprv - ok
22:42:42.0944 5160  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
22:42:42.0958 5160  Symc8xx - ok
22:42:43.0040 5160  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:42:43.0055 5160  Sym_hi - ok
22:42:43.0090 5160  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:42:43.0103 5160  Sym_u3 - ok
22:42:43.0183 5160  [ AEE6E411A915F50101895BA8DC5C15D4 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
22:42:43.0199 5160  SynTP - ok
22:42:43.0304 5160  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
22:42:43.0408 5160  SysMain - ok
22:42:43.0453 5160  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:42:43.0562 5160  TabletInputService - ok
22:42:43.0675 5160  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
22:42:43.0725 5160  TapiSrv - ok
22:42:43.0773 5160  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
22:42:43.0814 5160  TBS - ok
22:42:43.0899 5160  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
22:42:44.0017 5160  Tcpip - ok
22:42:44.0065 5160  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:42:44.0120 5160  Tcpip6 - ok
22:42:44.0173 5160  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:42:44.0252 5160  tcpipreg - ok
22:42:44.0301 5160  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:42:44.0385 5160  TDPIPE - ok
22:42:44.0409 5160  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
22:42:44.0454 5160  TDTCP - ok
22:42:44.0497 5160  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
22:42:44.0545 5160  tdx - ok
22:42:44.0609 5160  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:42:44.0626 5160  TermDD - ok
22:42:44.0678 5160  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
22:42:44.0762 5160  TermService - ok
22:42:44.0815 5160  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:42:44.0899 5160  Themes - ok
22:42:44.0923 5160  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
22:42:44.0960 5160  THREADORDER - ok
22:42:45.0062 5160  [ DDB8A339E57D514768F45D33B11BDB50 ] Tosrfusb        C:\Windows\system32\Drivers\tosrfusb.sys
22:42:45.0067 5160  Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
22:42:45.0067 5160  Tosrfusb - detected UnsignedFile.Multi.Generic (1)
22:42:45.0116 5160  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:42:45.0147 5160  TrkWks - ok
22:42:45.0245 5160  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:42:45.0334 5160  TrustedInstaller - ok
22:42:45.0366 5160  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:42:45.0407 5160  tssecsrv - ok
22:42:45.0448 5160  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
22:42:45.0477 5160  tunmp - ok
22:42:45.0558 5160  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:42:45.0573 5160  tunnel - ok
22:42:45.0592 5160  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:42:45.0612 5160  uagp35 - ok
22:42:45.0650 5160  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:42:45.0662 5160  UBHelper - ok
22:42:45.0709 5160  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:42:45.0736 5160  udfs - ok
22:42:45.0805 5160  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
22:42:45.0858 5160  UI0Detect - ok
22:42:45.0903 5160  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:42:45.0918 5160  uliagpkx - ok
22:42:45.0964 5160  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
22:42:46.0008 5160  uliahci - ok
22:42:46.0039 5160  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:42:46.0055 5160  UlSata - ok
22:42:46.0091 5160  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
22:42:46.0108 5160  ulsata2 - ok
22:42:46.0128 5160  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
22:42:46.0182 5160  umbus - ok
22:42:46.0213 5160  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:42:46.0285 5160  upnphost - ok
22:42:46.0366 5160  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
22:42:46.0431 5160  USBAAPL - ok
22:42:46.0478 5160  [ 8EF48FF1C23B1CE6F96D09A45959EB20 ] usbbus          C:\Windows\system32\DRIVERS\lgusbbus.sys
22:42:46.0577 5160  usbbus - ok
22:42:46.0606 5160  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
22:42:46.0637 5160  usbccgp - ok
22:42:46.0663 5160  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:42:46.0723 5160  usbcir - ok
22:42:46.0817 5160  [ A0E24C5C2D0CFF04BBD3753A72FAE80B ] UsbDiag        C:\Windows\system32\DRIVERS\lgusbdiag.sys
22:42:46.0828 5160  UsbDiag - ok
22:42:46.0891 5160  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
22:42:46.0926 5160  usbehci - ok
22:42:47.0028 5160  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:42:47.0113 5160  usbhub - ok
22:42:47.0152 5160  [ CC09A1132B1F6A8362107CC134E90D0B ] USBModem        C:\Windows\system32\DRIVERS\lgusbmodem.sys
22:42:47.0186 5160  USBModem - ok
22:42:47.0249 5160  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
22:42:47.0294 5160  usbohci - ok
22:42:47.0364 5160  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:42:47.0410 5160  usbprint - ok
22:42:47.0460 5160  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
22:42:47.0501 5160  usbscan - ok
22:42:47.0550 5160  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:42:47.0572 5160  USBSTOR - ok
22:42:47.0602 5160  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
22:42:47.0626 5160  usbuhci - ok
22:42:47.0645 5160  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:42:47.0676 5160  usbvideo - ok
22:42:47.0748 5160  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
22:42:47.0777 5160  UxSms - ok
22:42:47.0847 5160  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
22:42:47.0922 5160  vds - ok
22:42:48.0014 5160  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
22:42:48.0043 5160  vga - ok
22:42:48.0117 5160  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
22:42:48.0178 5160  VgaSave - ok
22:42:48.0193 5160  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:42:48.0207 5160  viaagp - ok
22:42:48.0235 5160  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
22:42:48.0277 5160  ViaC7 - ok
22:42:48.0315 5160  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:42:48.0328 5160  viaide - ok
22:42:48.0367 5160  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:42:48.0383 5160  volmgr - ok
22:42:48.0422 5160  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
22:42:48.0444 5160  volmgrx - ok
22:42:48.0483 5160  [ 786DB5771F05EF300390399F626BF30A ] volsnap        C:\Windows\system32\drivers\volsnap.sys
22:42:48.0507 5160  volsnap - ok
22:42:48.0584 5160  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
22:42:48.0600 5160  vsmraid - ok
22:42:48.0666 5160  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
22:42:48.0788 5160  VSS - ok
22:42:48.0840 5160  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
22:42:48.0931 5160  W32Time - ok
22:42:48.0950 5160  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:42:49.0025 5160  WacomPen - ok
22:42:49.0067 5160  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:42:49.0094 5160  Wanarp - ok
22:42:49.0100 5160  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:42:49.0127 5160  Wanarpv6 - ok
22:42:49.0172 5160  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
22:42:49.0200 5160  wcncsvc - ok
22:42:49.0272 5160  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:42:49.0328 5160  WcsPlugInService - ok
22:42:49.0364 5160  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
22:42:49.0377 5160  Wd - ok
22:42:49.0432 5160  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:42:49.0476 5160  Wdf01000 - ok
22:42:49.0506 5160  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:42:49.0567 5160  WdiServiceHost - ok
22:42:49.0571 5160  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
22:42:49.0601 5160  WdiSystemHost - ok
22:42:49.0693 5160  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
22:42:49.0721 5160  WebClient - ok
22:42:49.0805 5160  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:42:49.0878 5160  Wecsvc - ok
22:42:49.0928 5160  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
22:42:49.0971 5160  wercplsupport - ok
22:42:50.0008 5160  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:42:50.0063 5160  WerSvc - ok
22:42:50.0089 5160  [ D0116C473EF3C381A42BB55036A1ADB1 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:42:50.0165 5160  winachsf - ok
22:42:50.0315 5160  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
22:42:50.0333 5160  WinDefend - ok
22:42:50.0339 5160  WinHttpAutoProxySvc - ok
22:42:50.0480 5160  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
22:42:50.0504 5160  Winmgmt - ok
22:42:50.0609 5160  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
22:42:50.0667 5160  WinRM - ok
22:42:50.0741 5160  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
22:42:50.0803 5160  WinUSB - ok
22:42:50.0891 5160  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
22:42:51.0003 5160  Wlansvc - ok
22:42:51.0042 5160  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
22:42:51.0064 5160  WmiAcpi - ok
22:42:51.0227 5160  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:42:51.0275 5160  wmiApSrv - ok
22:42:51.0383 5160  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
22:42:51.0563 5160  WMPNetworkSvc - ok
22:42:51.0620 5160  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:42:51.0719 5160  WPCSvc - ok
22:42:51.0760 5160  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:42:51.0815 5160  WPDBusEnum - ok
22:42:51.0893 5160  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:42:51.0908 5160  WpdUsb - ok
22:42:52.0048 5160  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:42:52.0105 5160  WPFFontCache_v0400 - ok
22:42:52.0161 5160  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
22:42:52.0199 5160  ws2ifsl - ok
22:42:52.0286 5160  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
22:42:52.0314 5160  wscsvc - ok
22:42:52.0319 5160  WSearch - ok
22:42:52.0480 5160  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:42:52.0801 5160  wuauserv - ok
22:42:52.0882 5160  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:42:52.0914 5160  WudfPf - ok
22:42:52.0965 5160  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:42:53.0023 5160  WUDFRd - ok
22:42:53.0110 5160  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
22:42:53.0141 5160  wudfsvc - ok
22:42:53.0201 5160  [ 22A08B9FAECD6A306868F59B7F03F188 ] XAudio          C:\Windows\system32\DRIVERS\XAudio32.sys
22:42:53.0213 5160  XAudio - ok
22:42:53.0242 5160  ================ Scan global ===============================
22:42:53.0312 5160  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:42:53.0372 5160  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:42:53.0386 5160  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
22:42:53.0439 5160  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:42:53.0445 5160  [Global] - ok
22:42:53.0446 5160  ================ Scan MBR ==================================
22:42:53.0532 5160  [ BEEDF9B7F43A72A91456F7131AFC11B2 ] \Device\Harddisk0\DR0
22:42:54.0124 5160  \Device\Harddisk0\DR0 - ok
22:42:54.0124 5160  ================ Scan VBR ==================================
22:42:54.0182 5160  [ 3998E5CDFFB144E56E82B7317DF3083C ] \Device\Harddisk0\DR0\Partition1
22:42:54.0183 5160  \Device\Harddisk0\DR0\Partition1 - ok
22:42:54.0184 5160  ============================================================
22:42:54.0184 5160  Scan finished
22:42:54.0184 5160  ============================================================
22:42:54.0198 5376  Detected object count: 5
22:42:54.0198 5376  Actual detected object count: 5
22:48:43.0822 5376  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0822 5376  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0822 5376  RTSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0822 5376  RTSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0823 5376  SpyroService ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0823 5376  SpyroService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0823 5376  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0823 5376  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:48:43.0824 5376  Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
22:48:43.0824 5376  Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
jetzt hat es funktioniert mit dem CODE
sorry für das letzte mal (...wenn man keine Ahnung hat)

cosinus 05.06.2013 12:32
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Jeep 05.06.2013 19:13
Log file JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Guido on 05.06.2013 at 19:33:12,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\datamngr



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnsbho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{ce4db5a3-58e6-41f1-8761-47238df4f468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\typelib\{75e8da27-44af-40ae-927c-f2eec99d65b1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3241949
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67262FD4-A8F1-482C-BAF9-EEC4C49FC85B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}



~~~ Files

Successfully deleted: [File] "C:\Users\Guido\desktop\play free games.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Guido\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Guido\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Guido\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Guido\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Guido\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Guido\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Guido\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Guido\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Guido\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\search results toolbar"
Successfully deleted: [Folder] "C:\Program Files\searchqu toolbar"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Guido\appdata\local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2013 at 19:35:16,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwCleaner:
Code:
# AdwCleaner v2.301 - Datei am 05/06/2013 um 19:41:08 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Guido - GUIDO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Guido\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\FileConverter_1.3
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Guido\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\FileConverter_1.3
Ordner Gelöscht : C:\Users\Sicherheit\AppData\LocalLow\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FileConverter_1.3
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.3 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\Software\FileConverter_1.3
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{381B8D22-F08D-4F2B-9787-5757FE9659A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E46F4D6F-A912-4ECE-915F-8E4423E85995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5263 octets] - [05/06/2013 19:41:08]

########## EOF - C:\AdwCleaner[S1].txt - [5323 octets] ##########
OTL.Txt:
Code:
OTL logfile created on: 05.06.2013 19:48:03 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Guido\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,20% Memory free
6,19 Gb Paging File | 5,10 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 72,38 Gb Free Space | 15,87% Space Free | Partition Type: NTFS
 
Computer Name: GUIDO-PC | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Guido\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Guido\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software)
PRC - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\Program Files\FS\Spyro Portal\FlashPortal.exe (FS)
PRC - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Freemake)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3440.38412__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3440.38483__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3440.38394__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3440.38413__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3440.38464__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3440.38446__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3440.38408__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3440.38437__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3440.38403__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3440.38439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3440.38414__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3440.38404__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3440.38459__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3440.38451__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3440.38414__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3440.38483__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3440.38451__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3440.38444__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3440.38438__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3440.38403__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3440.38450__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3440.38484__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3440.38482__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3440.38418__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3440.38443__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3440.38438__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3440.38433__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3440.38445__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3440.38418__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3400.34760__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3400.34770__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3440.38437__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3400.34782__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3400.34788__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3440.38438__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3400.34755__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3440.38445__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3400.34756__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3400.34807__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3400.34788__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3400.34779__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3400.34768__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3400.34770__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3400.34764__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3400.34767__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3400.34762__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3400.34774__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3400.34789__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3400.34767__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3400.34779__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3400.34777__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3400.34792__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3400.34791__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3400.34775__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3400.34791__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3440.38506__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3440.38472__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3440.38408__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3440.38478__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3440.38476__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3400.34783__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3440.38393__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3440.38392__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3400.34781__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3400.34780__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3400.34776__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3440.38488__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3400.34762__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3400.34782__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3400.34764__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3400.34773__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3400.34778__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3400.34776__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3400.34776__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3400.34766__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3400.34775__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3400.34774__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3400.34775__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3400.34767__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3440.38390__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3440.38399__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3440.38392__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3440.38390__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3400.34772__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3400.34783__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3440.38478__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_net_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_core_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxbase28uh_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_adv_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\wxmsw28uh_html_vc.dll ()
MOD - C:\Program Files\Steganos Safe OEM\ShellExtension.dll ()
MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool8) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software)
SRV - (NitroReaderDriverReadSpool3) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (SpyroService) -- C:\Program Files\FS\Spyro Portal\FlashPortal.exe (FS)
SRV - (FreemakeVideoCapture) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Freemake)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Guido\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech                  )
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF.PrevVerNPR: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Guido\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2012.10.28 14:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2012.10.28 14:52:08 | 000,000,000 | ---D | M]
 
[2012.04.13 00:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.bearshare.net
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.bearshare.net
CHR - Extension: No name found = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\
CHR - Extension: No name found = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\
 
O1 HOSTS File: ([2013.05.26 20:56:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2479292056-3449645492-3974709493-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86BD7927-8685-4264-AEA4-A69B37407E66}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 19:33:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.05 19:32:52 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.05 19:31:55 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Guido\Desktop\JRT.exe
[2013.06.05 08:00:45 | 000,000,000 | ---D | C] -- C:\Users\Guido\bus
[2013.06.03 22:39:52 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guido\Desktop\tdsskiller.exe
[2013.06.03 22:08:37 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Guido\Desktop\aswMBR.exe.topk6x7.partial
[2013.05.30 07:09:28 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Guido\Desktop\aswMBR.exe
[2013.05.29 16:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.05.29 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.29 16:50:57 | 000,000,000 | ---D | C] -- C:\Users\Guido\Desktop\mbar-1.06.0.1003
[2013.05.28 07:30:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.28 07:29:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.28 07:15:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.28 07:12:02 | 005,073,915 | R--- | C] (Swearware) -- C:\Users\Guido\Desktop\ComboFix.exe
[2013.05.26 21:07:32 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\temp
[2013.05.25 08:20:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.25 08:20:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.25 08:20:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.25 08:10:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.25 08:10:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.23 21:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.23 21:51:29 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.05.23 21:51:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.23 21:51:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.23 21:51:05 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.23 16:58:48 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.05.22 21:06:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2013.05.20 15:46:49 | 000,000,000 | ---D | C] -- C:\Users\Guido\untere Wohnung
[2013.05.17 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013.05.16 03:12:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 03:01:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 03:01:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 03:01:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 03:01:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.16 03:01:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 03:01:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.16 03:01:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.15 20:37:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.05.15 20:37:39 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.09 14:09:36 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\libimobiledevice
[2011.04.17 20:05:38 | 000,695,296 | R--- | C] (AnjoCaido) -- C:\Users\Guido\Minecraft.exe
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Guido\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Guido\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Guido\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Guido\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 19:44:48 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.05 19:44:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 19:44:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 19:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.05 19:40:02 | 000,632,031 | ---- | M] () -- C:\Users\Guido\Desktop\adwcleaner.exe
[2013.06.05 19:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.05 19:31:55 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Guido\Desktop\JRT.exe
[2013.06.05 19:30:18 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.05 07:39:40 | 000,000,512 | ---- | M] () -- C:\Users\Guido\Desktop\MBR.dat
[2013.06.03 22:39:53 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guido\Desktop\tdsskiller.exe
[2013.06.03 22:09:56 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Guido\Desktop\aswMBR.exe.topk6x7.partial
[2013.06.03 21:40:54 | 000,377,856 | ---- | M] () -- C:\Users\Guido\Desktop\gmer_2.1.19163.exe
[2013.06.03 21:34:37 | 000,007,160 | ---- | M] () -- C:\Users\Guido\AppData\Local\d3d9caps.dat
[2013.05.30 08:01:44 | 367,398,648 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.30 07:10:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Guido\Desktop\aswMBR.exe
[2013.05.29 23:01:28 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.29 23:01:28 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.29 23:01:28 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.29 23:01:28 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.29 20:08:05 | 000,145,920 | ---- | M] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.29 16:50:13 | 013,169,742 | ---- | M] () -- C:\Users\Guido\Desktop\mbar-1.06.0.1003.zip
[2013.05.28 14:02:50 | 000,377,856 | ---- | M] () -- C:\Users\Guido\Desktop\kt04sc1q.exe
[2013.05.28 07:12:02 | 005,073,915 | R--- | M] (Swearware) -- C:\Users\Guido\Desktop\ComboFix.exe
[2013.05.26 20:56:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.24 16:11:11 | 000,002,633 | ---- | M] () -- C:\Users\Guido\Desktop\Microsoft Office PowerPoint 2007.lnk
[2013.05.24 15:50:44 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.23 21:50:55 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.23 21:50:53 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.05.23 21:50:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.23 21:50:52 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.05.23 21:50:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.05.23 21:50:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.22 21:25:18 | 000,002,591 | ---- | M] () -- C:\Users\Guido\Desktop\Microsoft Office Word 2007.lnk
[2013.05.22 21:06:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2013.05.16 03:32:23 | 000,406,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 20:33:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 20:33:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 23:02:07 | 000,003,072 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\fotobook Designer Prefsv3
[2013.05.09 19:19:22 | 000,002,593 | ---- | M] () -- C:\Users\Guido\Desktop\Microsoft Office Excel 2007.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.05 19:40:02 | 000,632,031 | ---- | C] () -- C:\Users\Guido\Desktop\adwcleaner.exe
[2013.06.05 07:39:40 | 000,000,512 | ---- | C] () -- C:\Users\Guido\Desktop\MBR.dat
[2013.06.03 21:40:54 | 000,377,856 | ---- | C] () -- C:\Users\Guido\Desktop\gmer_2.1.19163.exe
[2013.05.29 16:49:56 | 013,169,742 | ---- | C] () -- C:\Users\Guido\Desktop\mbar-1.06.0.1003.zip
[2013.05.28 14:02:50 | 000,377,856 | ---- | C] () -- C:\Users\Guido\Desktop\kt04sc1q.exe
[2013.05.25 08:20:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.25 08:20:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.25 08:20:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.25 08:20:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.25 08:20:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.01 09:02:45 | 000,002,722 | ---- | C] () -- C:\Users\Guido\AppData\Local\recently-used.xbel
[2013.04.17 21:39:06 | 000,003,072 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\fotobook Designer Prefsv3
[2012.11.01 13:00:37 | 000,412,640 | ---- | C] () -- C:\Users\Guido\Unbenannt.xcf
[2012.03.11 18:29:16 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.12.01 10:00:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.09.18 11:53:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.05 03:05:06 | 000,001,463 | ---- | C] () -- C:\Users\Guido\AppData\Local\RecConfig.xml
[2009.10.02 23:40:52 | 000,007,160 | ---- | C] () -- C:\Users\Guido\AppData\Local\d3d9caps.dat
[2009.09.10 18:27:24 | 000,145,920 | ---- | C] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E

< End of report >
Extras.Txt:
Code:
OTL Extras logfile created on: 05.06.2013 19:48:03 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Guido\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,20% Memory free
6,19 Gb Paging File | 5,10 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 72,38 Gb Free Space | 15,87% Space Free | Partition Type: NTFS
 
Computer Name: GUIDO-PC | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22444459-4761-48BA-9F45-72CE345E7145}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{299645F0-2C24-433F-A9AB-1F055ED717A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{3EB4D2A5-D551-4B0C-AEB5-1B1AFA2EE6EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4597D81B-E5DA-4DB3-A631-9504447402CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{46A49843-EFD4-40C4-9812-C53BE4BE8C63}" = rport=137 | protocol=17 | dir=out | app=system |
"{48AA549E-6CB0-4437-8710-4CD34C97179D}" = rport=139 | protocol=6 | dir=out | app=system |
"{611E7233-5E8E-4843-962C-88553C598FE7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64D2B997-7C5A-4BBE-8EA8-B8A5B455C4F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{697F4D32-0BA2-42B2-8463-5547AD1FE41E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76555E63-CBD8-4C74-B5E1-B7E3320BFF7C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{78DF719F-29FF-4115-AAEF-C2F2527FE1BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F086BA4-E5EE-4191-BF94-0F6A6CC71746}" = rport=445 | protocol=6 | dir=out | app=system |
"{83F672E8-4266-42CB-83C2-3BE20A9E52BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{8EABF21C-7A43-4700-AF27-FBC7FEFD0FC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A18F001B-CD46-45CB-B8A2-5E8BD48CAFFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5076E40-C470-4A04-829B-D3F877330A3B}" = lport=445 | protocol=6 | dir=in | app=system |
"{AA0B5545-2E9D-4B59-85A4-21B68A0FA270}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6D4711C-47CC-468A-9941-9BDF3BCD1543}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C06E7E2D-2EBC-4995-870F-720061610CA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8DF27F-B59B-478C-A9C2-774AE31F5427}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0D505F0F-38D8-44DE-BDF6-638A98531CFA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{244296A5-6088-4A4E-8A24-715467AFA15D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{382DF885-C275-4018-A0DF-F5FC0B388BF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B36DB5A-3407-4D96-A4BF-24F6B30F3CA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C646190-E672-44DB-8BEE-5C881361777C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FCF5EA5-376D-4B33-8859-8D913A9AD1E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{44416420-7649-4DE0-9A31-62F42ACA0AC5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{52EEA51E-D15A-4B10-A45D-A4AF2AF29ED6}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{55A2FE4C-D4D1-48E4-A9B0-4DCF48B64850}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{61F64626-C418-4AB6-A7DB-0F2C3C103EBF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6C675CFB-6DD6-4134-8D74-E67B719EABF2}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9B072503-62C0-48BF-A00E-98C6751360DF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{9C4D2F0C-797F-46A1-A1F1-7D87EE39DE26}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{9C98D24F-A8BB-4410-BD88-168F94E203EB}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A5991681-B1B2-484B-94C6-CF8D4AA2DBA0}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AED7C14A-F90F-4AA5-895C-E9FFFDA5627C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{B5489057-C9CB-4FA6-B0ED-57FC30B36094}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C1583E57-A6C9-4C67-A4FA-DC560AD7990F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C923D616-4F6C-4E32-9407-DFF63303A6ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CB0091D1-6AC5-413D-BA3E-AC7BF7AE9354}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{DBD1E3BD-E754-4828-8A87-9B2684D9A564}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{DED89334-4FF3-4E05-9CEE-315919EA2D54}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{E3EF5A5E-02D4-45C1-AC89-9A1AFC3752FA}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{F753AA40-166D-42B9-8DF7-09C273AEE09D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF052B33-F7F0-49EA-8579-A0B8EFFFBBA2}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{FFA19EB9-F028-4C19-A3CE-F454AC42AE22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{82EAE218-DBF8-4A96-A6D6-C08533C30A40}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{8A6B9D98-267F-4DC5-8E0E-C7CCC74C4167}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{8FAE25AF-2A6D-42AE-860C-3C30D6444836}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{B8933E21-4ABF-4FAA-AA43-C9D4F3A50A75}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{BC4CFE83-9EB8-48C7-ABC9-AEF7407C6E89}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{C9BCD880-82B2-4579-9FFD-62211F6FB8D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{300DF0A7-04B1-499A-9AD7-B084E5329931}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{599DA7E1-09FA-4D9F-A767-CD7523FE3E06}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{5A10A075-564D-4EAC-976A-231F28A32D50}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{62CD9362-16F8-4042-87F0-ABF0C2481349}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A96CA291-28BD-4EB4-9DA6-5FA950E1EDB7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{DDA31DA7-2282-4C3F-B0C3-75B49D61730B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033F0CE1-B6FC-EC7A-7914-81F14C8DBA0F}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B95480-732A-1081-8A94-D924326AF36F}" = CCC Help English
"{0945589B-6CC4-FA00-3CBE-BD6028B26063}" = CCC Help Turkish
"{0EAE6EF9-010E-0734-D0A0-2BB8040F90EA}" = CCC Help French
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{133C8002-B64F-C9E7-7DAC-21BAE58DC041}" = CCC Help Russian
"{150715F0-2800-A3C5-836E-F4F98AE3A775}" = ccc-core-static
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EFABF6-7373-7755-4EA4-5240E7CCEEF7}" = Catalyst Control Center Graphics Previews Vista
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{270629EB-D776-04FC-0631-256177B7A021}" = CCC Help Swedish
"{29D2987A-9FBC-1BD3-E463-12D50D94DBFC}" = Catalyst Control Center Graphics Full New
"{2AB22900-5718-4617-523B-9DFDECB4749D}" = CCC Help Italian
"{32167B80-C0C6-4AB8-A5A6-3177FC8F069A}" = Nitro Pro 8
"{3956AEA0-9299-CA45-5BF1-5A721F8E3A21}" = CCC Help Chinese Traditional
"{3C152296-D7E4-59F4-B07E-43587CE985FE}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{502D4628-92AD-416A-0580-00D64320DBB7}" = ATI Catalyst Install Manager
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63104E84-532C-4011-A4F4-AD6EDF8CC214}" = SpyroDriver
"{66CB1DC8-FBA1-7436-08F3-061F7CB72C80}" = Skins
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C497312-7C1E-BB3C-D143-B8FD0C894CF1}" = CCC Help Polish
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD
"{88FC0C01-E4AA-3C3E-4612-3F11E69EF188}" = CCC Help German
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E3A37D-D424-C725-E06A-71C1151F682A}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{A141F87A-A73B-368D-AB65-A997B3D1D2C4}" = CCC Help Spanish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD2CA33-F716-4D1B-31F9-B52A847C4AF1}" = CCC Help Hungarian
"{AB104276-19BC-D12E-90EE-D358003A4EAF}" = CCC Help Greek
"{ABBD20D8-60E7-885B-734A-DE745BFDF43B}" = CCC Help Czech
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AEE701D3-6AF7-A8D5-145E-D0C01D528FAD}" = ccc-utility
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5080F69-EE95-49DC-F8A1-B7CBB2B5028D}" = CCC Help Korean
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CB5308-3B67-9861-97F5-0EB31CE21E63}" = CCC Help Chinese Standard
"{B7020783-0AB1-8D67-E850-673BD0C61E7F}" = CCC Help Thai
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81EB1DB-8F56-4852-BCEB-B598DF3F63E6}_is1" = Mustrum 2.1.2
"{B8C72ECE-87C6-4676-B949-519C1954F9F2}" = SpyroPortalDriver
"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0354121-07AF-DE06-1D0F-7490EFE2F67A}" = Catalyst Control Center Graphics Full Existing
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{DA163DB8-C795-9EF2-7CF2-8B570BA9E39E}" = CCC Help Portuguese
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E36BE564-B727-A80D-E9F0-7FFEB69120E5}" = CCC Help Dutch
"{E5A56A6C-7656-969C-457A-E7600A6F169B}" = Catalyst Control Center Graphics Light
"{E5D9A29A-8903-968F-6394-CB8CC151084C}" = Catalyst Control Center Localization All
"{EE03DA2C-2154-7298-4461-F76C615932A9}" = CCC Help Japanese
"{EE9DEA81-3B77-7135-0E5B-B8C3092FE88A}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A3F881-2154-4456-A767-2D638454BCED}" = Nitro Reader 3
"3D Pickman" = 3D Pickman
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E.M. Free Photo Collage 1.30_is1" = E.M. Free Photo Collage 1.30
"E.M. Multilayer Image Processing SDK 1.30_is1" = E.M. Multilayer Image Processing SDK 1.30
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.20.1031
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"ilividtoolbargaw" = Search-Results Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"Kate's Video Cutter_is1" = Kate's Video Cutter 2.8.4
"Lexmark X1100 Series" = Lexmark X1100 Series
"LG Internet Kit" = LG Internet Kit
"LManager" = Launch Manager
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Midifile Optimizer 7 DEMO_is1" = Midifile Optimizer 7 - Version 7.4.1.9296
"Mobile Partner" = Mobile Partner
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"PartyGammon" = PartyGammon
"Recuva" = Recuva
"Sweet Home 3D_is1" = Sweet Home 3D version 3.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VLC media player" = VLC media player 1.1.5
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"VueScan" = VueScan
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2479292056-3449645492-3974709493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fotobook Designer" = fotobook Designer
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.06.2013 13:46:08 | Computer Name = Guido-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 05.11.2012 11:50:37 | Computer Name = Guido-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session
lasted 194142 seconds with 2520 seconds of active time.  This session ended with
 a crash.
 
Error - 28.11.2012 14:01:02 | Computer Name = Guido-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session
lasted 2051 seconds with 780 seconds of active time.  This session ended with a
crash.
 
[ System Events ]
Error - 05.06.2013 13:46:09 | Computer Name = Guido-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

cosinus 06.06.2013 09:12

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
CHR - homepage: http://search.bearshare.net
CHR - homepage: http://search.bearshare.net
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Jeep 07.06.2013 18:37
Hallo Cosinus,

hier der Inhalt vom Textdokument:

Code:
All processes killed
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}\ not found.
Unable to delete ADS C:\ProgramData\Temp:798A3728 .
Unable to delete ADS C:\ProgramData\Temp:CE0A077E .
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Guido\Desktop\cmd.bat deleted successfully.
C:\Users\Guido\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guido
->Temp folder emptied: 90335004 bytes
->Temporary Internet Files folder emptied: 783153456 bytes
->Java cache emptied: 62403 bytes
->Google Chrome cache emptied: 253649862 bytes
->Flash cache emptied: 2182 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sicherheit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32820 bytes
RecycleBin emptied: 18172786 bytes
 
Total Files Cleaned = 1.092,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 06072013_183145

Files\Folders moved on Reboot...
C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QXYTYJO9\135383-onlinebanking-postbank-trojaner-blockiert-2[1].htm moved successfully.
C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AJ8MIH0G\adsCAUCYQR1.htm moved successfully.
C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Guido\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 07.06.2013 22:09
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Jeep 09.06.2013 08:25
ich habe zunächst malware antibites laufen lassen und es wurden 3 Objekte gefunden. Ich habe noch noch nichts weiter gemacht.

Hier der Log:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.08.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Guido :: GUIDO-PC [Administrator]

Schutz: Aktiviert

08.06.2013 19:51:04
MBAM-log-2013-06-09 (09-21-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 448669
Laufzeit: 3 Stunde(n), 48 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\Steganos Safe OEM\dllregister.exe (Adware.Agent.ZGen) -> Keine Aktion durchgeführt.
C:\Users\Guido\Downloads\kdrgpsapp.zip (Backdoor.MSIL.PGen) -> Keine Aktion durchgeführt.
C:\Users\Guido\Downloads\kdrgpsmap.zip (Backdoor.MSIL.PGen) -> Keine Aktion durchgeführt.

(Ende)
dem ESET Smartinstaller habe ich deswegen noch nicht nicht durchgeführt.

cosinus 09.06.2013 21:34
Die Funde bitte löschen. Mach dann mit ESET weiter

Jeep 11.06.2013 18:59
Die Funde habe ich gelöscht.

Hier der Logfile von ESET:
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f90e6874becbd4478e5cc73c1e3ca0a8
# engine=14049
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 05:17:35
# local_time=2013-06-11 07:17:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 100 6322 116737939 0 0
# compatibility_mode=5892 16776574 100 100 6363 208503783 0 0
# scanned=158435
# found=0
# cleaned=0
# scan_time=5785

cosinus 11.06.2013 22:36
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Jeep 12.06.2013 17:12
Hallo Cosinus,

vielen vielen Dank für Deine Hilfe. Das Problem scheint beseitigt zu sein. Suuuper!!!

Ich werde mir nun noch einen Cookiemanager besorgen und hoffen, dass so ein Mist nicht wieder auftreten wird.

Allerbesten Dank nochmal. Bitte hilf auch anderen "Nichtwissenden" so gut, wie Du mir geholfen hast.

Herzliche Grüße
Guido

cosinus 12.06.2013 21:52
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:59 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130