Trojaner-Board - Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI (https://www.trojaner-board.de/118022-trojaner-tr-atraps-gen-tr-atraps-gen2-tr-small-fi.html)

Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI

Hallo,

seit heute Vormittag meldet Avira dauernd Trojaner mit den o.g. Namen.

Zuerst habe ich Avira scannen lassen. Die Reportdatei poste ich hier:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 26. Juni 2012 11:37

Es wird nach 3870447 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CLAUDIA-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 10:45:41
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 10:45:41
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 10:45:41
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 10:45:41
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 12:11:15
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 09:32:12
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:56:42
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:00:34
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 10:47:52
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 10:47:52
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 10:47:52
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 10:47:52
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 10:47:52
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 10:47:52
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 10:47:52
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 10:47:52
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 10:47:53
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 15:33:32
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 21:44:39
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 21:43:32
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 02:56:02
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 18:13:37
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 18:26:24
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 01:26:06
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 07:22:16
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 08:23:14
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 15:30:36
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 03:25:19
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 04:42:50
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 08:05:23
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 08:05:06
VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 06:58:36
VBASE029.VDF : 7.11.33.196 2048 Bytes 22.06.2012 06:58:37
VBASE030.VDF : 7.11.33.197 2048 Bytes 22.06.2012 06:58:37
VBASE031.VDF : 7.11.34.8 119808 Bytes 26.06.2012 07:58:55
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 02.06.2012 02:59:39
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 25.06.2012 06:58:50
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 10:19:48
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 08:06:25
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.22 807288 Bytes 25.06.2012 06:58:50
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 25.06.2012 06:58:48
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 25.06.2012 06:58:48
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 12:11:11
AEGEN.DLL : 8.1.5.30 422261 Bytes 15.06.2012 08:05:24
AEEXP.DLL : 8.1.0.54 82293 Bytes 25.06.2012 06:58:51
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 01.06.2012 01:26:08
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 10:45:41
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 10:45:41
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 10:45:41
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 10:45:41
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 10:45:41
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 10:45:41
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 10:45:41
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 10:45:41
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 10:45:41
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 10:45:41

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 26. Juni 2012 11:37

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'plugin-container.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'javaw.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'smartclient.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiceLayer.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'visicom_antiphishing.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaMServer.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'WZQKPICK.EXE' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ubd.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaOviSuite.exe' - '197' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files (x86)\SoulseekNS\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '2307' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Help\webhelp.jar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files (x86)\SoulseekNS\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\Claudia\AppData\Local\Temp\jar_cache2860455301333008143.tmp
[0] Archivtyp: ZIP
--> eye.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0842
C:\Users\Claudia\AppData\Local\Temp\jar_cache3110634234547150380.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\Claudia\AppData\Local\Temp\jar_cache4268548811592191967.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\Claudia\AppData\Local\Temp\jar_cache5499231656582555552.tmp
[0] Archivtyp: ZIP
--> sic.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\Claudia\AppData\Local\Temp\rqD3M2Vl.zip.part
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Claudia\Desktop\Test2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Claudia\Documents\Downloads\wz81gev.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Claudia\Music\1\m.ZIP
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Claudia\Music\1\mm.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Claudia\Music\1\mmm.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@
[FUND] Ist das Trojanische Pferd TR/Small.FI
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2

Beginne mit der Desinfektion:
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '559468ca.qua' verschoben!
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d03476d.qua' verschoben!
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@
[FUND] Ist das Trojanische Pferd TR/Small.FI
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f5c1d85.qua' verschoben!
C:\Users\Claudia\AppData\Local\Temp\jar_cache5499231656582555552.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '79295294.qua' verschoben!
C:\Users\Claudia\AppData\Local\Temp\jar_cache2860455301333008143.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0842
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3cad7faa.qua' verschoben!

Ende des Suchlaufs: Dienstag, 26. Juni 2012 16:24
Benötigte Zeit: 1:53:59 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

31589 Verzeichnisse wurden überprüft
762475 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
5 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
762470 Dateien ohne Befall
5868 Archive wurden durchsucht
16 Warnungen
5 Hinweise
852528 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Danach habe ich das von Euch empfohlene Malwarebytes Anti-Malware heruntergeladen und den Laptop damit gescannt. Hier die Kopie der txt-Datei:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Claudia :: CLAUDIA-PC [Administrator]

26.06.2012 12:33:51
mbam-log-2012-06-26 (16-23-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 412493
Laufzeit: 1 Stunde(n), 37 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent) -> Daten: C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

Danach ging es mit dem Defogger weiter:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:25 on 26/06/2012 (Claudia)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Als nächstes hier die Dateien des OTL-Programmes:

Extras.txt:

OTL Extras logfile created on: 26.06.2012 16:28:06 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Claudia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,75% Memory free
7,73 Gb Paging File | 5,57 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 206,55 Gb Free Space | 72,47% Space Free | Partition Type: NTFS

Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A0B8EEF-41D4-FABD-BBC8-84397D53D1F2}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BAF4695F-7867-D8B2-528A-A1EF2EE0A9EF}" = ATI Catalyst Install Manager
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0B057B23-641D-3826-37E6-32659B2CD274}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D4464C2-F0AF-AE2A-3CDF-137687198FAF}" = CCC Help Japanese
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{1510560C-E9E1-4F79-9CDA-56E061B78C4B}" = Amfibas 01_2012 VB
"{1B0BB33F-F7DD-5E48-D07A-FF3645D20D8E}" = CCC Help Chinese Standard
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1CDD5987-A25E-FDA6-FF67-13667183B935}" = CCC Help Finnish
"{1D3CC42C-1F48-2CE4-65D9-ECA043A0A105}" = Catalyst Control Center InstallProxy
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21ED5CFB-6724-7485-F56E-16AE158B8D53}" = CCC Help Hungarian
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28849F27-E11E-F067-C4B5-7F4CDB75D473}" = ccc-core-static
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31501D72-B6BB-145E-29D6-C144D6819A26}" = CCC Help Chinese Traditional
"{32B28D14-04E6-2B5A-6D6B-394F0B2FC1B1}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BDBB1B1-0DBE-6192-D674-6F4B438D7BE1}" = CCC Help Italian
"{3D9601FE-48EE-488F-990B-2F5DB2BB0346}" = CCC Help Swedish
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E5CCE8D-65F2-86FA-C53D-2ECA4E8C6404}" = CCC Help Dutch
"{43B2F1C5-1AAE-C4D0-93F8-C03F97CF8710}" = CCC Help French
"{442BE853-E839-2A5D-1249-B36AF96AB486}" = CCC Help Norwegian
"{488EF105-7A2A-1D7A-FB23-6CA41D0DB54B}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D328ECC-B82B-381E-6570-B55192EA54E5}" = Catalyst Control Center Localization All
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3079E7-974F-56A0-162A-1B649F6C85D8}" = CCC Help Turkish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98A26988-E99C-2EA6-684A-3FFE6F3A90F9}" = PX Profile Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8AF728F-2EE8-4322-96B3-656CAD1F7805}" = Facebook Messenger 2.1.4554.0
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4EF8AA-7EF4-A62A-0F80-7A828296A647}" = CCC Help Thai
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B902AB32-FE75-77BB-F54A-3A8E26D2D2DD}" = CCC Help English
"{BA140B33-9533-C8D5-BA7E-4EF1E59AA6EA}" = CCC Help Portuguese
"{BA97C7F2-82B0-5B0F-68CE-1C0EE2CB0609}" = CCC Help Czech
"{C19CA0D5-3131-1222-3176-D60A04F56586}" = CCC Help German
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D68BBEA3-D1AC-F898-A22C-FB1D1244C852}" = CCC Help Polish
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.16
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9B566E7-1591-D86B-2212-F3454EBE0087}" = CCC Help Greek
"{EB378F1E-9484-F16E-6378-975CDD915A35}" = CCC Help Russian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F177758C-B671-B885-A7DF-6BA84B51679C}" = Catalyst Control Center Graphics Previews Vista
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"blekkotb" = Spam Free Search Bar
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"DVAG Online System" = DVAG Online-System
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular-Update
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.7.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Soulseek2" = SoulSeek 157 NS 13e
"VLC media player" = VLC media player 1.1.6
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Play65" = Play65
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.06.2012 13:07:40 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012

Error - 13.06.2012 13:07:41 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13.06.2012 13:07:41 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011

Error - 13.06.2012 13:07:41 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

Error - 13.06.2012 13:07:42 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13.06.2012 13:07:42 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4025

Error - 13.06.2012 13:07:42 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4025

Error - 13.06.2012 13:07:43 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13.06.2012 13:07:43 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5023

Error - 13.06.2012 13:07:43 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023

[ System Events ]
Error - 25.04.2012 06:09:52 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?04.?2012 um 10:22:43 unerwartet heruntergefahren.

Error - 26.04.2012 05:03:26 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?04.?2012 um 10:30:21 unerwartet heruntergefahren.

Error - 13.05.2012 07:50:27 | Computer Name = Claudia-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 13.05.2012 07:50:27 | Computer Name = Claudia-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 13.05.2012 11:22:32 | Computer Name = Claudia-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error - 13.05.2012 11:22:32 | Computer Name = Claudia-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error - 13.05.2012 11:22:33 | Computer Name = Claudia-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error - 13.05.2012 11:22:33 | Computer Name = Claudia-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error - 14.05.2012 11:33:29 | Computer Name = Claudia-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.

Error - 25.06.2012 02:53:17 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2012 um 15:05:01 unerwartet heruntergefahren.

< End of report >

OTL.Txt:

OTL logfile created on: 26.06.2012 16:28:06 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Claudia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,75% Memory free
7,73 Gb Paging File | 5,57 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 206,55 Gb Free Space | 72,47% Space Free | Partition Type: NTFS

Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.26 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
PRC - [2012.06.20 11:54:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.08 12:45:41 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 12:45:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 12:45:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.22 00:13:46 | 000,206,504 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011.09.01 15:39:54 | 000,966,712 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011.06.14 18:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.06.08 14:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2008.06.24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE

========== Modules (No Company Name) ==========

MOD - [2012.06.20 11:54:09 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.09 23:50:53 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.06.08 07:54:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.08 07:53:44 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.06.08 07:53:39 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.06.08 07:53:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.06.08 07:53:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.08 07:53:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.08 07:53:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.08 07:53:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.12.22 21:50:33 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.09.01 15:38:32 | 000,931,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011.09.01 15:37:50 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011.09.01 15:37:50 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011.09.01 15:37:50 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll
MOD - [2011.09.01 15:37:50 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll
MOD - [2011.09.01 15:37:50 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
MOD - [2011.09.01 15:37:48 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011.09.01 15:37:48 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011.09.01 15:37:48 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011.09.01 15:37:48 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011.09.01 15:37:48 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011.09.01 15:37:48 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011.09.01 15:37:48 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011.09.01 15:37:48 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011.09.01 15:37:48 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011.09.01 15:08:58 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll
MOD - [2011.09.01 15:08:56 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll
MOD - [2011.09.01 15:08:18 | 000,378,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll
MOD - [2011.09.01 15:08:18 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll
MOD - [2011.09.01 15:08:16 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll
MOD - [2011.09.01 15:08:14 | 000,392,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll
MOD - [2011.09.01 15:08:14 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011.09.01 15:08:14 | 000,058,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll
MOD - [2011.09.01 15:07:04 | 000,727,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2005.07.20 12:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.08.25 16:41:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\SysNative\svchost.exe -- (SharedAccess)
SRV - [2012.06.20 11:54:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 12:45:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 12:45:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.08 14:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.11.12 15:09:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 12:45:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 12:45:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.05.18 11:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 11:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 11:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 11:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.08.25 18:50:48 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.25 16:05:44 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.04.10 15:19:25 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.04.10 15:19:25 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys -- (ElbyDelay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Claudia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Claudia\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.14 00:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.14 00:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 11:54:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.25 12:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.17 23:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.11 20:09:08 | 000,000,000 | ---D | M]

[2011.01.29 16:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2011.01.29 16:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.16 20:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions
[2012.01.29 11:34:39 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012.04.25 16:01:58 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.05.16 20:31:32 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions\ffxtlbra@softonic.com
[2012.04.25 12:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.06 08:26:47 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GVGV42AE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.20 11:54:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.15 15:01:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.20 11:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 11:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.16 23:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012.06.20 11:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.28 20:51:37 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.20 11:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 11:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 11:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Claudia\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D926C3A-C841-4219-A372-B6379821BB4D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D33B43C5-BADE-4DB1-B87D-597AECC8BA5F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d627caf1-48c5-11e0-9645-1c750832504b}\Shell - "" = AutoRun
O33 - MountPoints2\{d627caf1-48c5-11e0-9645-1c750832504b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.26 16:25:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.06.26 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2012.06.26 12:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.26 12:16:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.26 12:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.26 12:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.26 12:15:01 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Claudia\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.26 11:36:45 | 000,127,488 | -H-- | C] (McAfee, Inc.) -- C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE
[2012.06.26 06:20:10 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.06.26 06:19:37 | 000,493,512 | ---- | C] (Facebook Inc.) -- C:\Users\Claudia\Desktop\FacebookMessengerSetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012.06.26 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.06.26 16:25:30 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable
[2012.06.26 16:23:38 | 000,050,477 | ---- | M] () -- C:\Users\Claudia\Desktop\Defogger.exe
[2012.06.26 16:22:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.26 13:22:07 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.26 12:24:07 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job
[2012.06.26 12:16:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.26 12:15:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Claudia\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.26 11:36:38 | 000,127,488 | -H-- | M] (McAfee, Inc.) -- C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE
[2012.06.26 11:35:27 | 000,215,502 | ---- | M] () -- C:\Users\Claudia\Desktop\Schorr Kfz.pdf
[2012.06.26 06:24:07 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job
[2012.06.26 06:20:10 | 000,001,340 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.06.25 14:22:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.25 09:02:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 09:02:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 08:57:46 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.25 08:57:46 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.25 08:57:46 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.25 08:57:46 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.25 08:57:46 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.25 08:53:14 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 12:18:24 | 000,218,938 | ---- | M] () -- C:\Users\Claudia\Desktop\Podzun Dieter SÜW-V 4780.pdf
[2012.06.21 10:17:27 | 000,217,835 | ---- | M] () -- C:\Users\Claudia\Desktop\Schwarz Dominik.pdf
[2012.06.08 07:48:02 | 000,413,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012.06.26 16:32:57 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@
[2012.06.26 16:32:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@
[2012.06.26 16:28:26 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@
[2012.06.26 16:25:30 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable
[2012.06.26 16:23:38 | 000,050,477 | ---- | C] () -- C:\Users\Claudia\Desktop\Defogger.exe
[2012.06.26 12:16:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.26 11:35:27 | 000,215,502 | ---- | C] () -- C:\Users\Claudia\Desktop\Schorr Kfz.pdf
[2012.06.26 06:20:10 | 000,001,340 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.06.21 12:18:24 | 000,218,938 | ---- | C] () -- C:\Users\Claudia\Desktop\Podzun Dieter SÜW-V 4780.pdf
[2012.06.21 10:17:27 | 000,217,835 | ---- | C] () -- C:\Users\Claudia\Desktop\Schwarz Dominik.pdf
[2012.06.20 14:17:17 | 000,162,602 | ---- | C] () -- C:\Users\Claudia\Desktop\Schiller Bernhard Gebäude Feuer Angebot.pdf
[2012.06.20 11:30:42 | 000,065,121 | ---- | C] () -- C:\Users\Claudia\Desktop\Diehl Dieter EVB-Nummer Motorrad Saisonkennzeichen.pdf
[2012.06.20 11:09:49 | 000,065,097 | ---- | C] () -- C:\Users\Claudia\Desktop\Diehl Dieter EVB-Nummer Motorrad.pdf
[2012.06.20 11:09:11 | 000,065,206 | ---- | C] () -- C:\Users\Claudia\Desktop\Diehl Dieter EVB-Nummer Pkw.pdf
[2012.06.19 13:14:06 | 000,065,215 | ---- | C] () -- C:\Users\Claudia\Desktop\EVB-Nummer Schwarz Dominik.pdf
[2012.06.15 10:44:51 | 000,905,075 | ---- | C] () -- C:\Users\Claudia\Desktop\IMG_6624.JPG
[2012.06.09 18:06:44 | 001,532,627 | ---- | C] () -- C:\Users\Claudia\Desktop\angebot_120530_111302_17663.pdf
[2012.05.03 21:02:36 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\asdrawim.ini
[2012.01.11 02:22:59 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@
[2012.01.11 02:22:59 | 000,002,048 | -HS- | C] () -- C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@
[2011.11.05 14:48:05 | 000,139,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.11.02 01:45:43 | 000,015,360 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.02 01:13:09 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.01 20:44:02 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.01.31 19:49:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.01.31 13:02:00 | 000,001,024 | ---- | C] () -- C:\Users\Claudia\.rnd
[2011.01.29 16:36:53 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.29 16:36:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.29 16:36:50 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.29 16:36:50 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.29 16:36:50 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.29 16:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.12 15:12:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.12 14:57:35 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.09.08 10:03:09 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

========== LOP Check ==========

[2012.05.03 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ASCON Installer
[2012.05.03 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ASCON Programme
[2012.01.31 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\elsterformular
[2011.01.31 08:34:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\eSobi
[2011.02.03 11:48:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\GetRightToGo
[2012.06.05 14:32:27 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ICQ
[2011.11.02 01:34:45 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Nokia
[2011.11.02 01:34:46 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Nokia Ovi Suite
[2011.11.02 01:34:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\PC Suite
[2011.01.31 13:13:13 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TeamViewer
[2011.01.29 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2012.06.26 06:24:07 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job
[2012.06.26 12:24:07 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job
[2009.07.14 07:08:49 | 000,028,834 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Mein Laptop hat ein 64-bit-System, daher habe ich Gmer nicht darüberlaufen lassen.

So, jetzt hoffe ich, dass ich alles richtig gemacht habe und wäre wahnsinnig dankbar, wenn mir jemand weiterhelfen könnt!

Liebe Grüße

noreia1978

:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Schritt 2: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hi Marius,

vielen Dank schon mal, dass du dich meinem Problem annimmst!

Hier die Logfile vom TDSSKiller:

Code:

16:17:38.0222 4748        TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

16:17:38.0522 4748        ============================================================

16:17:38.0522 4748        Current date / time: 2012/06/27 16:17:38.0522

16:17:38.0522 4748        SystemInfo:

16:17:38.0522 4748        

16:17:38.0522 4748        OS Version: 6.1.7601 ServicePack: 1.0

16:17:38.0522 4748        Product type: Workstation

16:17:38.0522 4748        ComputerName: CLAUDIA-PC

16:17:38.0522 4748        UserName: Claudia

16:17:38.0522 4748        Windows directory: C:\Windows

16:17:38.0522 4748        System windows directory: C:\Windows

16:17:38.0522 4748        Running under WOW64

16:17:38.0522 4748        Processor architecture: Intel x64

16:17:38.0522 4748        Number of processors: 4

16:17:38.0522 4748        Page size: 0x1000

16:17:38.0522 4748        Boot type: Normal boot

16:17:38.0522 4748        ============================================================

16:17:39.0021 4748        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:17:39.0026 4748        ============================================================

16:17:39.0026 4748        \Device\Harddisk0\DR0:

16:17:39.0026 4748        MBR partitions:

16:17:39.0026 4748        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000

16:17:39.0026 4748        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800

16:17:39.0026 4748        ============================================================

16:17:39.0057 4748        C: <-> \Device\Harddisk0\DR0\Partition1

16:17:39.0057 4748        ============================================================

16:17:39.0057 4748        Initialize success

16:17:39.0057 4748        ============================================================

16:18:00.0747 5892        ============================================================

16:18:00.0747 5892        Scan started

16:18:00.0747 5892        Mode: Manual; TDLFS; 

16:18:00.0747 5892        ============================================================

16:18:01.0269 5892        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

16:18:01.0308 5892        1394ohci - ok

16:18:01.0383 5892        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

16:18:01.0422 5892        ACPI - ok

16:18:01.0469 5892        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

16:18:01.0474 5892        AcpiPmi - ok

16:18:01.0632 5892        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:18:01.0634 5892        AdobeARMservice - ok

16:18:01.0722 5892        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:18:01.0768 5892        adp94xx - ok

16:18:01.0805 5892        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:18:01.0819 5892        adpahci - ok

16:18:01.0837 5892        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:18:01.0847 5892        adpu320 - ok

16:18:01.0890 5892        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

16:18:01.0891 5892        AeLookupSvc - ok

16:18:01.0973 5892        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

16:18:01.0980 5892        AFD - ok

16:18:02.0002 5892        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

16:18:02.0010 5892        agp440 - ok

16:18:02.0023 5892        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

16:18:02.0032 5892        ALG - ok

16:18:02.0069 5892        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

16:18:02.0074 5892        aliide - ok

16:18:02.0128 5892        AMD External Events Utility (ff779f9de1cdf477033858b7681ceda8) C:\Windows\system32\atiesrxx.exe

16:18:02.0135 5892        AMD External Events Utility - ok

16:18:02.0154 5892        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

16:18:02.0161 5892        amdide - ok

16:18:02.0169 5892        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:18:02.0179 5892        AmdK8 - ok

16:18:02.0662 5892        amdkmdag        (ef2b99dcee397b45f50594696d7b5339) C:\Windows\system32\DRIVERS\atikmdag.sys

16:18:02.0878 5892        amdkmdag - ok

16:18:03.0095 5892        amdkmdap        (239dce60bee6e1576c803948ab4d54c5) C:\Windows\system32\DRIVERS\atikmpag.sys

16:18:03.0111 5892        amdkmdap - ok

16:18:03.0129 5892        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:18:03.0131 5892        AmdPPM - ok

16:18:03.0195 5892        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

16:18:03.0204 5892        amdsata - ok

16:18:03.0253 5892        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:18:03.0267 5892        amdsbs - ok

16:18:03.0286 5892        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

16:18:03.0292 5892        amdxata - ok

16:18:03.0432 5892        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

16:18:03.0433 5892        AntiVirSchedulerService - ok

16:18:03.0480 5892        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

16:18:03.0482 5892        AntiVirService - ok

16:18:03.0534 5892        AnyDVD          (70ca1a9be42bdc702188333dd69ba4f7) C:\Windows\system32\Drivers\AnyDVD.sys

16:18:03.0547 5892        AnyDVD - ok

16:18:03.0605 5892        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

16:18:03.0612 5892        AppID - ok

16:18:03.0648 5892        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

16:18:03.0655 5892        AppIDSvc - ok

16:18:03.0716 5892        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

16:18:03.0724 5892        Appinfo - ok

16:18:03.0870 5892        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:18:03.0871 5892        Apple Mobile Device - ok

16:18:03.0882 5892        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:18:03.0890 5892        arc - ok

16:18:03.0912 5892        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:18:04.0010 5892        arcsas - ok

16:18:04.0035 5892        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:18:04.0041 5892        AsyncMac - ok

16:18:04.0087 5892        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

16:18:04.0093 5892        atapi - ok

16:18:04.0228 5892        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:18:04.0244 5892        AudioEndpointBuilder - ok

16:18:04.0253 5892        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:18:04.0259 5892        AudioSrv - ok

16:18:04.0308 5892        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

16:18:04.0309 5892        avgntflt - ok

16:18:04.0358 5892        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

16:18:04.0361 5892        avipbb - ok

16:18:04.0382 5892        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

16:18:04.0383 5892        avkmgr - ok

16:18:04.0448 5892        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

16:18:04.0458 5892        AxInstSV - ok

16:18:04.0544 5892        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:18:04.0582 5892        b06bdrv - ok

16:18:04.0618 5892        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:18:04.0631 5892        b57nd60a - ok

16:18:04.0971 5892        BCM43XX         (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys

16:18:05.0067 5892        BCM43XX - ok

16:18:05.0201 5892        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

16:18:05.0211 5892        BDESVC - ok

16:18:05.0257 5892        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:18:05.0261 5892        Beep - ok

16:18:05.0377 5892        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

16:18:05.0397 5892        BFE - ok

16:18:05.0513 5892        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

16:18:05.0535 5892        BITS - ok

16:18:05.0584 5892        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:18:05.0591 5892        blbdrive - ok

16:18:05.0698 5892        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

16:18:05.0710 5892        Bonjour Service - ok

16:18:05.0760 5892        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

16:18:05.0795 5892        bowser - ok

16:18:05.0813 5892        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:18:05.0818 5892        BrFiltLo - ok

16:18:05.0836 5892        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:18:05.0840 5892        BrFiltUp - ok

16:18:05.0889 5892        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

16:18:05.0901 5892        Browser - ok

16:18:05.0944 5892        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:18:05.0966 5892        Brserid - ok

16:18:05.0989 5892        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:18:05.0995 5892        BrSerWdm - ok

16:18:06.0016 5892        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:18:06.0020 5892        BrUsbMdm - ok

16:18:06.0042 5892        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:18:06.0047 5892        BrUsbSer - ok

16:18:06.0057 5892        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:18:06.0065 5892        BTHMODEM - ok

16:18:06.0115 5892        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

16:18:06.0124 5892        bthserv - ok

16:18:06.0135 5892        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:18:06.0144 5892        cdfs - ok

16:18:06.0201 5892        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

16:18:06.0220 5892        cdrom - ok

16:18:06.0270 5892        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:18:06.0280 5892        CertPropSvc - ok

16:18:06.0302 5892        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:18:06.0311 5892        circlass - ok

16:18:06.0365 5892        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:18:06.0371 5892        CLFS - ok

16:18:06.0443 5892        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:18:06.0445 5892        clr_optimization_v2.0.50727_32 - ok

16:18:06.0495 5892        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:18:06.0498 5892        clr_optimization_v2.0.50727_64 - ok

16:18:06.0587 5892        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:18:06.0610 5892        clr_optimization_v4.0.30319_32 - ok

16:18:06.0668 5892        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:18:06.0680 5892        clr_optimization_v4.0.30319_64 - ok

16:18:06.0698 5892        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:18:06.0703 5892        CmBatt - ok

16:18:06.0744 5892        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

16:18:06.0750 5892        cmdide - ok

16:18:06.0822 5892        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

16:18:06.0835 5892        CNG - ok

16:18:06.0863 5892        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:18:06.0869 5892        Compbatt - ok

16:18:06.0901 5892        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

16:18:06.0914 5892        CompositeBus - ok

16:18:06.0919 5892        COMSysApp - ok

16:18:06.0943 5892        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:18:06.0950 5892        crcdisk - ok

16:18:07.0028 5892        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

16:18:07.0038 5892        CryptSvc - ok

16:18:07.0106 5892        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:18:07.0116 5892        DcomLaunch - ok

16:18:07.0173 5892        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

16:18:07.0185 5892        defragsvc - ok

16:18:07.0251 5892        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

16:18:07.0260 5892        DfsC - ok

16:18:07.0328 5892        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

16:18:07.0339 5892        Dhcp - ok

16:18:07.0367 5892        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:18:07.0368 5892        discache - ok

16:18:07.0394 5892        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:18:07.0403 5892        Disk - ok

16:18:07.0470 5892        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

16:18:07.0479 5892        Dnscache - ok

16:18:07.0534 5892        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

16:18:07.0546 5892        dot3svc - ok

16:18:07.0589 5892        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

16:18:07.0599 5892        DPS - ok

16:18:07.0634 5892        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:18:07.0638 5892        drmkaud - ok

16:18:07.0751 5892        DsiWMIService   (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

16:18:07.0755 5892        DsiWMIService - ok

16:18:07.0863 5892        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

16:18:07.0889 5892        DXGKrnl - ok

16:18:07.0941 5892        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

16:18:07.0944 5892        EapHost - ok

16:18:08.0194 5892        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:18:08.0324 5892        ebdrv - ok

16:18:08.0452 5892        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

16:18:08.0454 5892        EFS - ok

16:18:08.0547 5892        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

16:18:08.0566 5892        ehRecvr - ok

16:18:08.0605 5892        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

16:18:08.0608 5892        ehSched - ok

16:18:08.0755 5892        ElbyCDIO        (3836e2db9034543f63943cdbb52a691a) C:\Windows\system32\Drivers\ElbyCDIO.sys

16:18:08.0762 5892        ElbyCDIO - ok

16:18:08.0814 5892        ElbyDelay       (8015d36e5ab9b231507b2bcf0ceb0c73) C:\Windows\system32\Drivers\ElbyDelay.sys

16:18:08.0819 5892        ElbyDelay - ok

16:18:08.0894 5892        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:18:08.0913 5892        elxstor - ok

16:18:09.0088 5892        ePowerSvc       (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

16:18:09.0106 5892        ePowerSvc - ok

16:18:09.0303 5892        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

16:18:09.0309 5892        ErrDev - ok

16:18:09.0371 5892        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

16:18:09.0387 5892        EventSystem - ok

16:18:09.0416 5892        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:18:09.0426 5892        exfat - ok

16:18:09.0459 5892        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:18:09.0473 5892        fastfat - ok

16:18:09.0579 5892        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

16:18:09.0601 5892        Fax - ok

16:18:09.0608 5892        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:18:09.0614 5892        fdc - ok

16:18:09.0631 5892        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

16:18:09.0633 5892        fdPHost - ok

16:18:09.0644 5892        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

16:18:09.0646 5892        FDResPub - ok

16:18:09.0670 5892        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:18:09.0678 5892        FileInfo - ok

16:18:09.0690 5892        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:18:09.0696 5892        Filetrace - ok

16:18:09.0843 5892        FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

16:18:09.0865 5892        FLEXnet Licensing Service - ok

16:18:09.0871 5892        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:18:09.0877 5892        flpydisk - ok

16:18:09.0930 5892        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

16:18:09.0943 5892        FltMgr - ok

16:18:10.0053 5892        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

16:18:10.0071 5892        FontCache - ok

16:18:10.0145 5892        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:18:10.0147 5892        FontCache3.0.0.0 - ok

16:18:10.0174 5892        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:18:10.0182 5892        FsDepends - ok

16:18:10.0226 5892        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

16:18:10.0233 5892        Fs_Rec - ok

16:18:10.0280 5892        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:18:10.0285 5892        fvevol - ok

16:18:10.0310 5892        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:18:10.0319 5892        gagp30kx - ok

16:18:10.0365 5892        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:18:10.0371 5892        GEARAspiWDM - ok

16:18:10.0469 5892        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

16:18:10.0483 5892        gpsvc - ok

16:18:10.0509 5892        GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

16:18:10.0510 5892        GREGService - ok

16:18:10.0590 5892        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:18:10.0592 5892        gupdate - ok

16:18:10.0618 5892        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:18:10.0621 5892        gupdatem - ok

16:18:10.0627 5892        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:18:10.0635 5892        hcw85cir - ok

16:18:10.0704 5892        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

16:18:10.0724 5892        HdAudAddService - ok

16:18:10.0763 5892        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

16:18:10.0766 5892        HDAudBus - ok

16:18:10.0811 5892        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

16:18:10.0819 5892        HECIx64 - ok

16:18:10.0849 5892        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:18:10.0854 5892        HidBatt - ok

16:18:10.0878 5892        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:18:10.0885 5892        HidBth - ok

16:18:10.0893 5892        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:18:10.0899 5892        HidIr - ok

16:18:10.0920 5892        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

16:18:10.0927 5892        hidserv - ok

16:18:10.0974 5892        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

16:18:10.0981 5892        HidUsb - ok

16:18:11.0026 5892        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

16:18:11.0035 5892        hkmsvc - ok

16:18:11.0090 5892        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

16:18:11.0107 5892        HomeGroupListener - ok

16:18:11.0157 5892        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

16:18:11.0162 5892        HomeGroupProvider - ok

16:18:11.0194 5892        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

16:18:11.0202 5892        HpSAMD - ok

16:18:11.0304 5892        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

16:18:11.0315 5892        HTTP - ok

16:18:11.0358 5892        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

16:18:11.0359 5892        hwpolicy - ok

16:18:11.0419 5892        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

16:18:11.0430 5892        i8042prt - ok

16:18:11.0485 5892        iaStor          (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys

16:18:11.0490 5892        iaStor - ok

16:18:11.0591 5892        IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

16:18:11.0592 5892        IAStorDataMgrSvc - ok

16:18:11.0638 5892        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

16:18:11.0665 5892        iaStorV - ok

16:18:11.0780 5892        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:18:11.0801 5892        idsvc - ok

16:18:11.0831 5892        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:18:11.0837 5892        iirsp - ok

16:18:11.0923 5892        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

16:18:11.0943 5892        IKEEXT - ok

16:18:12.0009 5892        Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

16:18:12.0025 5892        Impcd - ok

16:18:12.0283 5892        IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys

16:18:12.0360 5892        IntcAzAudAddService - ok

16:18:12.0587 5892        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

16:18:12.0593 5892        intelide - ok

16:18:12.0614 5892        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:18:12.0616 5892        intelppm - ok

16:18:12.0647 5892        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

16:18:12.0657 5892        IPBusEnum - ok

16:18:12.0710 5892        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:18:12.0718 5892        IpFilterDriver - ok

16:18:12.0761 5892        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

16:18:12.0770 5892        IPMIDRV - ok

16:18:12.0792 5892        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:18:12.0801 5892        IPNAT - ok

16:18:12.0977 5892        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

16:18:12.0993 5892        iPod Service - ok

16:18:13.0032 5892        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:18:13.0037 5892        IRENUM - ok

16:18:13.0055 5892        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

16:18:13.0056 5892        isapnp - ok

16:18:13.0112 5892        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

16:18:13.0136 5892        iScsiPrt - ok

16:18:13.0216 5892        k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys

16:18:13.0233 5892        k57nd60a - ok

16:18:13.0261 5892        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

16:18:13.0269 5892        kbdclass - ok

16:18:13.0303 5892        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

16:18:13.0309 5892        kbdhid - ok

16:18:13.0352 5892        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:18:13.0354 5892        KeyIso - ok

16:18:13.0378 5892        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

16:18:13.0380 5892        KSecDD - ok

16:18:13.0406 5892        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

16:18:13.0425 5892        KSecPkg - ok

16:18:13.0431 5892        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:18:13.0437 5892        ksthunk - ok

16:18:13.0493 5892        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

16:18:13.0513 5892        KtmRm - ok

16:18:13.0585 5892        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

16:18:13.0600 5892        LanmanServer - ok

16:18:13.0648 5892        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

16:18:13.0653 5892        LanmanWorkstation - ok

16:18:13.0707 5892        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:18:13.0715 5892        lltdio - ok

16:18:13.0769 5892        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

16:18:13.0788 5892        lltdsvc - ok

16:18:13.0812 5892        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

16:18:13.0814 5892        lmhosts - ok

16:18:13.0947 5892        LMS             (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

16:18:13.0962 5892        LMS - ok

16:18:14.0005 5892        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:18:14.0014 5892        LSI_FC - ok

16:18:14.0033 5892        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:18:14.0042 5892        LSI_SAS - ok

16:18:14.0051 5892        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:18:14.0060 5892        LSI_SAS2 - ok

16:18:14.0083 5892        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:18:14.0092 5892        LSI_SCSI - ok

16:18:14.0121 5892        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:18:14.0130 5892        luafv - ok

16:18:14.0171 5892        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

16:18:14.0180 5892        Mcx2Svc - ok

16:18:14.0195 5892        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:18:14.0201 5892        megasas - ok

16:18:14.0243 5892        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:18:14.0284 5892        MegaSR - ok

16:18:14.0372 5892        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

16:18:14.0374 5892        Microsoft Office Groove Audit Service - ok

16:18:14.0402 5892        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:18:14.0405 5892        MMCSS - ok

16:18:14.0422 5892        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:18:14.0428 5892        Modem - ok

16:18:14.0457 5892        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:18:14.0458 5892        monitor - ok

16:18:14.0508 5892        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

16:18:14.0516 5892        mouclass - ok

16:18:14.0546 5892        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:18:14.0552 5892        mouhid - ok

16:18:14.0592 5892        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

16:18:14.0594 5892        mountmgr - ok

16:18:14.0704 5892        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:18:14.0706 5892        MozillaMaintenance - ok

16:18:14.0748 5892        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

16:18:14.0766 5892        mpio - ok

16:18:14.0788 5892        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:18:14.0795 5892        mpsdrv - ok

16:18:14.0824 5892        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

16:18:14.0835 5892        MRxDAV - ok

16:18:14.0888 5892        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:18:14.0898 5892        mrxsmb - ok

16:18:14.0936 5892        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:18:14.0959 5892        mrxsmb10 - ok

16:18:14.0984 5892        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:18:15.0001 5892        mrxsmb20 - ok

16:18:15.0028 5892        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

16:18:15.0035 5892        msahci - ok

16:18:15.0055 5892        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

16:18:15.0074 5892        msdsm - ok

16:18:15.0107 5892        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

16:18:15.0128 5892        MSDTC - ok

16:18:15.0155 5892        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:18:15.0161 5892        Msfs - ok

16:18:15.0183 5892        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:18:15.0188 5892        mshidkmdf - ok

16:18:15.0200 5892        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

16:18:15.0207 5892        msisadrv - ok

16:18:15.0244 5892        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

16:18:15.0261 5892        MSiSCSI - ok

16:18:15.0265 5892        msiserver - ok

16:18:15.0299 5892        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:18:15.0303 5892        MSKSSRV - ok

16:18:15.0325 5892        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:18:15.0329 5892        MSPCLOCK - ok

16:18:15.0341 5892        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:18:15.0345 5892        MSPQM - ok

16:18:15.0411 5892        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

16:18:15.0429 5892        MsRPC - ok

16:18:15.0473 5892        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

16:18:15.0474 5892        mssmbios - ok

16:18:15.0491 5892        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:18:15.0495 5892        MSTEE - ok

16:18:15.0511 5892        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:18:15.0513 5892        MTConfig - ok

16:18:15.0535 5892        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:18:15.0537 5892        Mup - ok

16:18:15.0579 5892        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

16:18:15.0585 5892        mwlPSDFilter - ok

16:18:15.0592 5892        mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

16:18:15.0598 5892        mwlPSDNServ - ok

16:18:15.0615 5892        mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

16:18:15.0623 5892        mwlPSDVDisk - ok

16:18:15.0731 5892        MWLService      (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

16:18:15.0743 5892        MWLService - ok

16:18:15.0808 5892        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

16:18:15.0819 5892        napagent - ok

16:18:15.0869 5892        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:18:15.0889 5892        NativeWifiP - ok

16:18:15.0982 5892        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

16:18:15.0996 5892        NDIS - ok

16:18:16.0003 5892        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:18:16.0010 5892        NdisCap - ok

16:18:16.0045 5892        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:18:16.0050 5892        NdisTapi - ok

16:18:16.0089 5892        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

16:18:16.0096 5892        Ndisuio - ok

16:18:16.0139 5892        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

16:18:16.0157 5892        NdisWan - ok

16:18:16.0205 5892        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

16:18:16.0213 5892        NDProxy - ok

16:18:16.0260 5892        Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys

16:18:16.0267 5892        Netaapl - ok

16:18:16.0286 5892        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:18:16.0293 5892        NetBIOS - ok

16:18:16.0351 5892        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

16:18:16.0355 5892        NetBT - ok

16:18:16.0385 5892        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:18:16.0387 5892        Netlogon - ok

16:18:16.0427 5892        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

16:18:16.0434 5892        Netman - ok

16:18:16.0472 5892        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

16:18:16.0479 5892        netprofm - ok

16:18:16.0574 5892        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:18:16.0577 5892        NetTcpPortSharing - ok

16:18:16.0611 5892        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:18:16.0619 5892        nfrd960 - ok

16:18:16.0668 5892        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

16:18:16.0681 5892        NlaSvc - ok

16:18:16.0847 5892        NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

16:18:16.0865 5892        NMIndexingService - ok

16:18:16.0915 5892        nmwcd           (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys

16:18:16.0922 5892        nmwcd - ok

16:18:16.0957 5892        nmwcdc          (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys

16:18:16.0964 5892        nmwcdc - ok

16:18:16.0989 5892        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:18:16.0996 5892        Npfs - ok

16:18:17.0014 5892        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

16:18:17.0017 5892        nsi - ok

16:18:17.0041 5892        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:18:17.0041 5892        nsiproxy - ok

16:18:17.0219 5892        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

16:18:17.0306 5892        Ntfs - ok

16:18:17.0548 5892        NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys

16:18:17.0553 5892        NTIDrvr - ok

16:18:17.0568 5892        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:18:17.0572 5892        Null - ok

16:18:17.0616 5892        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

16:18:17.0632 5892        nvraid - ok

16:18:17.0671 5892        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

16:18:17.0681 5892        nvstor - ok

16:18:17.0723 5892        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

16:18:17.0734 5892        nv_agp - ok

16:18:17.0918 5892        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:18:17.0933 5892        odserv - ok

16:18:17.0972 5892        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

16:18:17.0980 5892        ohci1394 - ok

16:18:18.0062 5892        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:18:18.0073 5892        ose - ok

16:18:18.0136 5892        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:18:18.0148 5892        p2pimsvc - ok

16:18:18.0205 5892        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

16:18:18.0226 5892        p2psvc - ok

16:18:18.0255 5892        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:18:18.0263 5892        Parport - ok

16:18:18.0310 5892        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

16:18:18.0312 5892        partmgr - ok

16:18:18.0328 5892        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

16:18:18.0333 5892        PcaSvc - ok

16:18:18.0392 5892        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

16:18:18.0398 5892        pccsmcfd - ok

16:18:18.0427 5892        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

16:18:18.0430 5892        pci - ok

16:18:18.0448 5892        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

16:18:18.0454 5892        pciide - ok

16:18:18.0491 5892        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:18:18.0508 5892        pcmcia - ok

16:18:18.0527 5892        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:18:18.0535 5892        pcw - ok

16:18:18.0601 5892        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:18:18.0632 5892        PEAUTH - ok

16:18:18.0744 5892        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

16:18:18.0746 5892        PerfHost - ok

16:18:18.0912 5892        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

16:18:18.0990 5892        pla - ok

16:18:19.0071 5892        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

16:18:19.0088 5892        PlugPlay - ok

16:18:19.0102 5892        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

16:18:19.0110 5892        PNRPAutoReg - ok

16:18:19.0147 5892        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:18:19.0152 5892        PNRPsvc - ok

16:18:19.0202 5892        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

16:18:19.0213 5892        PolicyAgent - ok

16:18:19.0252 5892        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

16:18:19.0263 5892        Power - ok

16:18:19.0333 5892        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

16:18:19.0343 5892        PptpMiniport - ok

16:18:19.0360 5892        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:18:19.0369 5892        Processor - ok

16:18:19.0401 5892        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

16:18:19.0418 5892        ProfSvc - ok

16:18:19.0452 5892        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:18:19.0454 5892        ProtectedStorage - ok

16:18:19.0509 5892        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

16:18:19.0511 5892        Psched - ok

16:18:19.0640 5892        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:18:19.0712 5892        ql2300 - ok

16:18:19.0819 5892        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:18:19.0830 5892        ql40xx - ok

16:18:19.0867 5892        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

16:18:19.0882 5892        QWAVE - ok

16:18:19.0897 5892        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:18:19.0905 5892        QWAVEdrv - ok

16:18:19.0923 5892        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:18:19.0928 5892        RasAcd - ok

16:18:19.0963 5892        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:18:19.0970 5892        RasAgileVpn - ok

16:18:19.0983 5892        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

16:18:19.0993 5892        RasAuto - ok

16:18:20.0043 5892        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:18:20.0061 5892        Rasl2tp - ok

16:18:20.0099 5892        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

16:18:20.0119 5892        RasMan - ok

16:18:20.0151 5892        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:18:20.0161 5892        RasPppoe - ok

16:18:20.0188 5892        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:18:20.0198 5892        RasSstp - ok

16:18:20.0241 5892        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

16:18:20.0253 5892        rdbss - ok

16:18:20.0269 5892        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:18:20.0275 5892        rdpbus - ok

16:18:20.0280 5892        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:18:20.0281 5892        RDPCDD - ok

16:18:20.0318 5892        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:18:20.0319 5892        RDPENCDD - ok

16:18:20.0346 5892        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:18:20.0347 5892        RDPREFMP - ok

16:18:20.0398 5892        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

16:18:20.0411 5892        RDPWD - ok

16:18:20.0458 5892        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

16:18:20.0474 5892        rdyboost - ok

16:18:20.0506 5892        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

16:18:20.0515 5892        RemoteAccess - ok

16:18:20.0542 5892        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

16:18:20.0560 5892        RemoteRegistry - ok

16:18:20.0569 5892        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

16:18:20.0572 5892        RpcEptMapper - ok

16:18:20.0607 5892        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

16:18:20.0612 5892        RpcLocator - ok

16:18:20.0684 5892        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:18:20.0691 5892        RpcSs - ok

16:18:20.0716 5892        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:18:20.0724 5892        rspndr - ok

16:18:20.0779 5892        RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys

16:18:20.0802 5892        RSUSBSTOR - ok

16:18:20.0868 5892        RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys

16:18:20.0894 5892        RTHDMIAzAudService - ok

16:18:20.0930 5892        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:18:20.0932 5892        SamSs - ok

16:18:20.0984 5892        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

16:18:20.0993 5892        sbp2port - ok

16:18:21.0019 5892        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

16:18:21.0034 5892        SCardSvr - ok

16:18:21.0065 5892        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

16:18:21.0072 5892        scfilter - ok

16:18:21.0190 5892        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

16:18:21.0217 5892        Schedule - ok

16:18:21.0247 5892        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:18:21.0254 5892        SCPolicySvc - ok

16:18:21.0302 5892        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

16:18:21.0322 5892        SDRSVC - ok

16:18:21.0395 5892        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:18:21.0401 5892        secdrv - ok

16:18:21.0434 5892        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

16:18:21.0443 5892        seclogon - ok

16:18:21.0466 5892        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

16:18:21.0469 5892        SENS - ok

16:18:21.0481 5892        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

16:18:21.0489 5892        SensrSvc - ok

16:18:21.0502 5892        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:18:21.0508 5892        Serenum - ok

16:18:21.0531 5892        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:18:21.0539 5892        Serial - ok

16:18:21.0564 5892        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:18:21.0570 5892        sermouse - ok

16:18:21.0737 5892        ServiceLayer    (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

16:18:21.0745 5892        ServiceLayer - ok

16:18:21.0809 5892        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

16:18:21.0827 5892        SessionEnv - ok

16:18:21.0856 5892        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

16:18:21.0862 5892        sffdisk - ok

16:18:21.0878 5892        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

16:18:21.0885 5892        sffp_mmc - ok

16:18:21.0899 5892        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

16:18:21.0903 5892        sffp_sd - ok

16:18:21.0909 5892        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:18:21.0920 5892        sfloppy - ok

16:18:21.0999 5892        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

16:18:22.0018 5892        ShellHWDetection - ok

16:18:22.0028 5892        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:18:22.0030 5892        SiSRaid2 - ok

16:18:22.0041 5892        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:18:22.0049 5892        SiSRaid4 - ok

16:18:22.0122 5892        SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe

16:18:22.0133 5892        SkypeUpdate - ok

16:18:22.0160 5892        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:18:22.0169 5892        Smb - ok

16:18:22.0200 5892        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

16:18:22.0206 5892        SNMPTRAP - ok

16:18:22.0212 5892        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:18:22.0218 5892        spldr - ok

16:18:22.0281 5892        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

16:18:22.0300 5892        Spooler - ok

16:18:22.0575 5892        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

16:18:22.0658 5892        sppsvc - ok

16:18:22.0759 5892        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

16:18:22.0770 5892        sppuinotify - ok

16:18:22.0927 5892        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

16:18:22.0953 5892        srv - ok

16:18:23.0018 5892        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

16:18:23.0048 5892        srv2 - ok

16:18:23.0074 5892        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

16:18:23.0083 5892        srvnet - ok

16:18:23.0109 5892        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

16:18:23.0117 5892        SSDPSRV - ok

16:18:23.0135 5892        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

16:18:23.0146 5892        SstpSvc - ok

16:18:23.0172 5892        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:18:23.0178 5892        stexstor - ok

16:18:23.0252 5892        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

16:18:23.0272 5892        stisvc - ok

16:18:23.0308 5892        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

16:18:23.0314 5892        swenum - ok

16:18:23.0375 5892        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

16:18:23.0400 5892        swprv - ok

16:18:23.0466 5892        SynTP           (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys

16:18:23.0488 5892        SynTP - ok

16:18:23.0647 5892        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

16:18:23.0697 5892        SysMain - ok

16:18:23.0843 5892        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

16:18:23.0863 5892        TabletInputService - ok

16:18:23.0918 5892        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

16:18:23.0938 5892        TapiSrv - ok

16:18:23.0958 5892        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

16:18:23.0968 5892        TBS - ok

16:18:24.0235 5892        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

16:18:24.0340 5892        Tcpip - ok

16:18:24.0565 5892        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

16:18:24.0597 5892        TCPIP6 - ok

16:18:24.0685 5892        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

16:18:24.0692 5892        tcpipreg - ok

16:18:24.0712 5892        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:18:24.0717 5892        TDPIPE - ok

16:18:24.0745 5892        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

16:18:24.0746 5892        TDTCP - ok

16:18:24.0791 5892        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

16:18:24.0799 5892        tdx - ok

16:18:24.0846 5892        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

16:18:24.0855 5892        TermDD - ok

16:18:24.0929 5892        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

16:18:24.0963 5892        TermService - ok

16:18:24.0990 5892        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

16:18:24.0993 5892        Themes - ok

16:18:25.0022 5892        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:18:25.0024 5892        THREADORDER - ok

16:18:25.0046 5892        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

16:18:25.0050 5892        TrkWks - ok

16:18:25.0102 5892        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

16:18:25.0104 5892        TrustedInstaller - ok

16:18:25.0147 5892        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:18:25.0154 5892        tssecsrv - ok

16:18:25.0207 5892        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

16:18:25.0216 5892        TsUsbFlt - ok

16:18:25.0276 5892        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

16:18:25.0285 5892        tunnel - ok

16:18:25.0317 5892        TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys

16:18:25.0323 5892        TurboB - ok

16:18:25.0411 5892        TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

16:18:25.0434 5892        TurboBoost - ok

16:18:25.0471 5892        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:18:25.0479 5892        uagp35 - ok

16:18:25.0502 5892        UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys

16:18:25.0507 5892        UBHelper - ok

16:18:25.0574 5892        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

16:18:25.0593 5892        udfs - ok

16:18:25.0624 5892        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

16:18:25.0635 5892        UI0Detect - ok

16:18:25.0690 5892        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

16:18:25.0698 5892        uliagpkx - ok

16:18:25.0769 5892        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

16:18:25.0777 5892        umbus - ok

16:18:25.0791 5892        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:18:25.0796 5892        UmPass - ok

16:18:26.0046 5892        UNS             (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

16:18:26.0096 5892        UNS - ok

16:18:26.0158 5892        Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

16:18:26.0192 5892        Updater Service - ok

16:18:26.0353 5892        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

16:18:26.0372 5892        upnphost - ok

16:18:26.0510 5892        upperdev        (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

16:18:26.0514 5892        upperdev - ok

16:18:26.0547 5892        USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

16:18:26.0554 5892        USBAAPL64 - ok

16:18:26.0598 5892        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

16:18:26.0606 5892        usbccgp - ok

16:18:26.0651 5892        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

16:18:26.0662 5892        usbcir - ok

16:18:26.0686 5892        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

16:18:26.0693 5892        usbehci - ok

16:18:26.0744 5892        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

16:18:26.0753 5892        usbhub - ok

16:18:26.0771 5892        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

16:18:26.0777 5892        usbohci - ok

16:18:26.0806 5892        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:18:26.0811 5892        usbprint - ok

16:18:26.0870 5892        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

16:18:26.0877 5892        usbser - ok

16:18:26.0896 5892        UsbserFilt      (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

16:18:26.0901 5892        UsbserFilt - ok

16:18:26.0930 5892        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:18:26.0939 5892        USBSTOR - ok

16:18:26.0967 5892        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

16:18:26.0974 5892        usbuhci - ok

16:18:27.0020 5892        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

16:18:27.0035 5892        usbvideo - ok

16:18:27.0072 5892        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

16:18:27.0075 5892        UxSms - ok

16:18:27.0107 5892        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:18:27.0109 5892        VaultSvc - ok

16:18:27.0144 5892        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

16:18:27.0151 5892        vdrvroot - ok

16:18:27.0234 5892        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

16:18:27.0254 5892        vds - ok

16:18:27.0262 5892        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:18:27.0268 5892        vga - ok

16:18:27.0282 5892        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:18:27.0288 5892        VgaSave - ok

16:18:27.0331 5892        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

16:18:27.0348 5892        vhdmp - ok

16:18:27.0369 5892        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

16:18:27.0374 5892        viaide - ok

16:18:27.0393 5892        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

16:18:27.0401 5892        volmgr - ok

16:18:27.0466 5892        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

16:18:27.0472 5892        volmgrx - ok

16:18:27.0514 5892        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

16:18:27.0538 5892        volsnap - ok

16:18:27.0577 5892        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:18:27.0592 5892        vsmraid - ok

16:18:27.0758 5892        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

16:18:27.0789 5892        VSS - ok

16:18:27.0933 5892        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

16:18:27.0935 5892        vwifibus - ok

16:18:27.0954 5892        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

16:18:27.0956 5892        vwififlt - ok

16:18:27.0991 5892        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

16:18:27.0992 5892        vwifimp - ok

16:18:28.0073 5892        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

16:18:28.0088 5892        W32Time - ok

16:18:28.0107 5892        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:18:28.0113 5892        WacomPen - ok

16:18:28.0176 5892        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:18:28.0184 5892        WANARP - ok

16:18:28.0194 5892        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:18:28.0202 5892        Wanarpv6 - ok

16:18:28.0375 5892        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

16:18:28.0463 5892        wbengine - ok

16:18:28.0605 5892        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

16:18:28.0620 5892        WbioSrvc - ok

16:18:28.0685 5892        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

16:18:28.0712 5892        wcncsvc - ok

16:18:28.0736 5892        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

16:18:28.0746 5892        WcsPlugInService - ok

16:18:28.0828 5892        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:18:28.0835 5892        Wd - ok

16:18:28.0908 5892        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:18:28.0933 5892        Wdf01000 - ok

16:18:28.0949 5892        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:18:28.0953 5892        WdiServiceHost - ok

16:18:28.0959 5892        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:18:28.0962 5892        WdiSystemHost - ok

16:18:28.0995 5892        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

16:18:29.0009 5892        WebClient - ok

16:18:29.0045 5892        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

16:18:29.0069 5892        Wecsvc - ok

16:18:29.0086 5892        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

16:18:29.0095 5892        wercplsupport - ok

16:18:29.0132 5892        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

16:18:29.0141 5892        WerSvc - ok

16:18:29.0171 5892        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:18:29.0183 5892        WfpLwf - ok

16:18:29.0189 5892        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:18:29.0195 5892        WIMMount - ok

16:18:29.0204 5892        WinHttpAutoProxySvc - ok

16:18:29.0283 5892        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

16:18:29.0298 5892        Winmgmt - ok

16:18:29.0483 5892        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

16:18:29.0607 5892        WinRM - ok

16:18:29.0777 5892        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

16:18:29.0786 5892        WinUsb - ok

16:18:29.0890 5892        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

16:18:29.0907 5892        Wlansvc - ok

16:18:30.0142 5892        wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:18:30.0193 5892        wlidsvc - ok

16:18:30.0272 5892        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

16:18:30.0274 5892        WmiAcpi - ok

16:18:30.0312 5892        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

16:18:30.0327 5892        wmiApSrv - ok

16:18:30.0379 5892        WMPNetworkSvc - ok

16:18:30.0387 5892        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

16:18:30.0396 5892        WPCSvc - ok

16:18:30.0446 5892        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

16:18:30.0467 5892        WPDBusEnum - ok

16:18:30.0500 5892        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:18:30.0505 5892        ws2ifsl - ok

16:18:30.0510 5892        WSearch - ok

16:18:30.0730 5892        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

16:18:30.0782 5892        wuauserv - ok

16:18:30.0943 5892        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

16:18:30.0952 5892        WudfPf - ok

16:18:31.0009 5892        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:18:31.0022 5892        WUDFRd - ok

16:18:31.0085 5892        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

16:18:31.0089 5892        wudfsvc - ok

16:18:31.0124 5892        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

16:18:31.0148 5892        WwanSvc - ok

16:18:31.0199 5892        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:18:31.0646 5892        \Device\Harddisk0\DR0 - ok

16:18:31.0651 5892        Boot (0x1200)   (3e270ce420bef8245464841144857f2b) \Device\Harddisk0\DR0\Partition0

16:18:31.0653 5892        \Device\Harddisk0\DR0\Partition0 - ok

16:18:31.0692 5892        Boot (0x1200)   (7910297d53e8fa28c37e7557a6208142) \Device\Harddisk0\DR0\Partition1

16:18:31.0695 5892        \Device\Harddisk0\DR0\Partition1 - ok

16:18:31.0695 5892        ============================================================

16:18:31.0695 5892        Scan finished

16:18:31.0695 5892        ============================================================

16:18:31.0713 2476        Detected object count: 0

16:18:31.0713 2476        Actual detected object count: 0

16:21:40.0589 7032        Deinitialize success

Und die aswMBR.txt:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-27 16:21:47

-----------------------------

16:21:47.305    OS Version: Windows x64 6.1.7601 Service Pack 1

16:21:47.305    Number of processors: 4 586 0x2505

16:21:47.306    ComputerName: CLAUDIA-PC  UserName: Claudia

16:21:48.408    Initialize success

16:23:28.649    AVAST engine defs: 12062700

16:24:04.854    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:24:04.858    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3

16:24:04.873    Disk 0 MBR read successfully

16:24:04.876    Disk 0 MBR scan

16:24:04.901    Disk 0 Windows 7 default MBR code

16:24:04.906    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048

16:24:04.923    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024

16:24:04.943    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       291831 MB offset 27469824

16:24:04.968    Disk 0 scanning C:\Windows\system32\drivers

16:24:18.515    Service scanning

16:24:43.762    Modules scanning

16:24:43.775    Disk 0 trace - called modules:

16:24:43.794    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

16:24:43.803    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005222060]

16:24:43.814    3 CLASSPNP.SYS[fffff88001bca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fa3050]

16:24:45.485    AVAST engine scan C:\Windows

16:24:48.329    AVAST engine scan C:\Windows\system32

16:29:44.796    AVAST engine scan C:\Windows\system32\drivers

16:30:12.292    AVAST engine scan C:\Users\Claudia

16:31:51.205    File: C:\Users\Claudia\AppData\Local\Temp\96224380.exe  **INFECTED** Win32:LockScreen-GY [Trj]

16:45:12.321    File: C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE  **INFECTED** Win32:LockScreen-GY [Trj]

16:47:27.646    AVAST engine scan C:\ProgramData

16:48:56.878    Scan finished successfully

17:27:10.676    Disk 0 MBR has been saved successfully to "C:\Users\Claudia\Desktop\MBR.dat"

17:27:10.680    The log file has been saved successfully to "C:\Users\Claudia\Desktop\aswMBR.txt"

Liebe Grüße

noreia1978

Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest.
In deinem Fall SoulSeek.

Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest.

Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.

Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.

Habe das Programm deinstalliert. Ich selber habe es nie benutzt, eine Freundin hat es installiert und sich vor längerer Zeit etwas heruntergeladen. Seither war es ungenutzt.

Schritt 1: Software deinstallieren

Klicke Start-->Systemsteuerung.
Öffne Programme und Funktionen.
Suche und deinstalliere folgende Einträge:

Zitat:

Spam Free Search Bar
Schließe das Fenster.

Schritt 2: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ich kann Avira nicht deaktivieren. Soll ich es deinstallieren und danach neu aufspielen?

wenn du Avira deaktiviert hast (zugeklappter Schirm) ignoriere die Meldung von Combofix

Nachdem ich Combofix gestartet hatte, bin ich vom Laptop weggegangen, weil mein Sohn mit Rad gestürzt war. Als ich das nächste mal auf den Bildschirm geschaut hatte, hatte er sich heruntergefahren, hat versucht zu reparieren, was nicht funktioniert hat und hat eine Wiederherstellung verlangt, da der Rechner nicht mehr hochgefahren werden konnte. Das habe ich dann gemacht, jetzt sind die Programme, die ich gestern und heute installiert habe weg, aber die Logfiles sind noch auf dem Desktop gespeichert. Soll ich Combofix nochmal herunterladen und starten?

Nein, das rootkit funkt uns hier vermutlich dazwischen!

Scan mit FRST x64

Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Hier der Inhalt von FRST.txt:

Code:

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012

Ran by SYSTEM at 28-06-2012 11:53:21

Running from G:\

Windows 7 Home Premium   (X64) OS Language: German Standard 

The current controlset is ControlSet001
 

========================== Registry (Whitelisted) =============
 

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)

HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)

HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)

HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-08] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [206504 2011-12-21] (Visicom Media Inc. (Powered by Panda Security))

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)

HKU\Claudia\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1840424 2008-06-24] (Nero AG)

HKU\Claudia\...\Run: [Facebook Update] "C:\Users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-09-05] (Facebook Inc.)

HKU\Claudia\...\Run: []  [x]

HKU\Claudia\...\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray [966712 2011-09-01] (Nokia)

HKU\Claudia\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKU\Claudia\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\Gast\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

AppInit_DLLs:  

Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)
 

==================== Services (Whitelisted) ======
 

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)

2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)

2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104 2010-08-10] (Dritek System Inc.)

2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)

2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)

3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)

3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [537896 2008-06-24] (Nero AG)

2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)
 

========================== Drivers (Whitelisted) =============
 

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [111552 2008-04-10] (SlySoft, Inc.)

3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [111552 2008-04-10] (SlySoft, Inc.)

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)

1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)

1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-10-11] (Avira GmbH)

3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2007-02-15] (Elaborate Bytes AG)

3 ElbyDelay; C:\Windows\SysWow64\Drivers\ElbyDelay.sys [14032 2007-02-15] (Elaborate Bytes AG)

3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)

2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()

3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)

3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-05-18] (Nokia)
 

========================== NetSvcs (Whitelisted) ===========
 
 

============ One Month Created Files and Folders ==============
 

2012-06-28 11:53 - 2012-06-28 11:53 - 00000000 ____D C:\FRST

2012-06-28 01:19 - 2012-06-28 01:19 - 01425797 ____A C:\Users\Claudia\Desktop\FRST64.exe

2012-06-27 08:49 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-27 08:49 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-27 08:49 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-27 08:49 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-27 08:49 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-27 08:49 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-27 08:49 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-27 08:48 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-27 08:48 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-27 08:44 - 2012-06-27 08:44 - 292776903 ____A C:\Windows\MEMORY.DMP

2012-06-27 08:44 - 2012-06-27 08:44 - 00275424 ____A C:\Windows\Minidump\062712-26910-01.dmp

2012-06-27 08:08 - 2012-06-27 08:08 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-06-27 08:02 - 2012-06-27 18:43 - 00000000 ___SD C:\32788R22FWJFW

2012-06-27 08:02 - 2012-06-27 08:02 - 00000000 ____D C:\Qoobox

2012-06-27 07:27 - 2012-06-27 07:27 - 00002140 ____A C:\Users\Claudia\Desktop\aswMBR.txt

2012-06-26 06:25 - 2012-06-26 06:25 - 00000000 ____A C:\Users\Claudia\defogger_reenable

2012-06-26 02:16 - 2012-06-27 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes

2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\All Users\Malwarebytes
 

============ 3 Months Modified Files and Folders =============
 

2012-06-28 01:50 - 2011-03-08 01:13 - 00024368 ____A C:\Windows\setupact.log

2012-06-28 01:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-06-28 01:49 - 2012-01-29 01:34 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor

2012-06-28 01:49 - 2011-02-20 12:23 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-06-28 01:49 - 2010-11-12 04:42 - 01393017 ____A C:\Windows\WindowsUpdate.log

2012-06-28 01:41 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-06-28 01:41 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-06-28 01:38 - 2010-11-12 13:34 - 00657948 ____A C:\Windows\System32\perfh007.dat

2012-06-28 01:38 - 2010-11-12 13:34 - 00131288 ____A C:\Windows\System32\perfc007.dat

2012-06-28 01:38 - 2009-07-13 21:13 - 01507502 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-28 01:32 - 2011-09-05 07:27 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job

2012-06-28 01:22 - 2011-02-20 12:23 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-06-28 01:19 - 2012-06-28 01:19 - 01425797 ____A C:\Users\Claudia\Desktop\FRST64.exe

2012-06-28 01:19 - 2011-01-29 06:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-06-27 23:29 - 2011-01-29 06:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2012-06-27 18:43 - 2012-06-27 08:02 - 00000000 ___SD C:\32788R22FWJFW

2012-06-27 18:43 - 2012-06-26 02:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-27 18:43 - 2012-04-25 02:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-06-27 18:43 - 2012-03-06 01:24 - 00000000 ____D C:\Users\Claudia\.compeople

2012-06-27 18:43 - 2012-01-29 01:34 - 00000000 ____D C:\Program Files (x86)\blekkotb

2012-06-27 18:43 - 2011-03-09 05:44 - 00000000 ____D C:\Users\Claudia\Desktop\Soulseek

2012-06-27 18:43 - 2011-03-09 05:42 - 00000000 ____D C:\Program Files (x86)\SoulseekNS

2012-06-27 18:43 - 2011-01-31 08:01 - 00000000 ____D C:\users\Gast

2012-06-27 18:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-06-27 18:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2012-06-27 18:42 - 2011-09-05 07:27 - 00000000 ____D C:\Users\Claudia\AppData\Local\Facebook

2012-06-27 09:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-06-27 08:44 - 2012-06-27 08:44 - 292776903 ____A C:\Windows\MEMORY.DMP

2012-06-27 08:44 - 2012-06-27 08:44 - 00275424 ____A C:\Windows\Minidump\062712-26910-01.dmp

2012-06-27 08:44 - 2011-02-01 08:01 - 00000000 ____D C:\Windows\Minidump

2012-06-27 08:44 - 2011-01-29 05:41 - 00000000 ____D C:\users\Claudia

2012-06-27 08:08 - 2012-06-27 08:08 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-06-27 08:02 - 2012-06-27 08:02 - 00000000 ____D C:\Qoobox

2012-06-27 07:54 - 2011-06-17 00:37 - 00000000 ____D C:\Users\Claudia\Desktop\Policierung

2012-06-27 07:27 - 2012-06-27 07:27 - 00002140 ____A C:\Users\Claudia\Desktop\aswMBR.txt

2012-06-26 06:36 - 2011-11-23 03:25 - 00000000 ____D C:\Users\Claudia\Desktop\Formulare Geschäft

2012-06-26 06:36 - 2011-06-22 21:16 - 00000000 ____D C:\Users\Claudia\Desktop\Angebote

2012-06-26 06:25 - 2012-06-26 06:25 - 00000000 ____A C:\Users\Claudia\defogger_reenable

2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes

2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-06-26 01:37 - 2012-01-10 16:22 - 00000000 __SHD C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}

2012-06-15 03:54 - 2011-02-15 06:24 - 00000000 ____D C:\Users\Claudia\Desktop\Schäden Bilder

2012-06-15 00:17 - 2011-09-05 07:27 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job

2012-06-07 21:48 - 2009-07-13 20:45 - 00413656 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-07 21:46 - 2011-04-17 21:28 - 00031988 ____A C:\Windows\PFRO.log

2012-06-06 06:17 - 2011-01-31 03:44 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-06 06:16 - 2011-01-29 06:27 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-06-06 06:08 - 2010-08-30 01:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-06-06 06:07 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal

2012-06-05 04:32 - 2011-01-30 22:37 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ICQ

2012-06-02 14:19 - 2012-06-27 08:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-27 08:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-27 08:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-27 08:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-27 08:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-27 08:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-27 08:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 05:19 - 2012-06-27 08:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 05:15 - 2012-06-27 08:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-05-22 13:41 - 2011-01-31 06:30 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\vlc

2012-05-14 11:02 - 2011-03-09 05:43 - 00000000 ____D C:\Users\All Users\Soulseek

2012-05-13 12:15 - 2012-04-25 06:56 - 00009509 ____A C:\Users\Claudia\Desktop\Mappe1.xlsx

2012-05-09 11:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-05-08 09:23 - 2011-12-05 10:55 - 00000000 ____D C:\Users\Claudia\AppData\Local\Cyberlink

2012-05-08 02:45 - 2011-10-14 23:16 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys

2012-05-08 02:45 - 2011-10-14 23:16 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

2012-05-03 11:09 - 2012-05-03 10:56 - 00000000 ____D C:\Program Files (x86)\SBS-Bausoftware

2012-05-03 11:08 - 2012-05-03 11:02 - 00000015 ____A C:\Windows\SysWOW64\asdrawim.ini

2012-05-03 11:02 - 2012-05-03 10:59 - 00000512 ____A C:\Windows\SysWOW64\as_tom32.mul

2012-05-03 11:00 - 2012-05-03 11:00 - 00000000 ____D C:\Windows\SysWOW64\OCON3D

2012-05-03 11:00 - 2012-05-03 11:00 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ASCON Programme

2012-05-03 10:59 - 2012-05-03 10:59 - 00180224 ____A (Intel Corporation) C:\Windows\SysWOW64\ijl11.dll

2012-05-03 10:59 - 2012-05-03 10:59 - 00067072 ____A (AS·CON Software GmbH 2000   ) C:\Windows\SysWOW64\as_tif32.dll

2012-05-03 10:59 - 2012-05-03 10:59 - 00047616 ____A (AS·CON Software GmbH 2000   ) C:\Windows\SysWOW64\asdib32.dll

2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Windows\Startmenü

2012-05-03 10:54 - 2012-05-03 10:54 - 00120320 ____N () C:\Windows\SysWOW64\czip.ocx

2012-05-03 10:54 - 2012-05-03 10:54 - 00029696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sfx32.dll

2012-05-03 10:37 - 2012-05-03 10:37 - 00000000 ____D C:\Users\Claudia\eTeks

2012-05-03 10:28 - 2012-05-03 10:28 - 00000109 ____A C:\user.js

2012-05-03 03:00 - 2012-05-03 03:00 - 00162304 ____A C:\Users\Claudia\Desktop\CKV Antragsdeckblatt.xls

2012-04-25 07:19 - 2012-04-25 07:19 - 00000165 ___AH C:\Users\Claudia\Desktop\~$Mappe1.xlsx

2012-04-25 06:59 - 2012-01-17 13:54 - 00000000 ____D C:\Program Files (x86)\Safari

2012-04-25 06:58 - 2012-04-25 06:58 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-04-25 06:58 - 2012-04-25 06:57 - 00000000 ____D C:\Program Files\iTunes

2012-04-25 06:58 - 2012-03-20 01:11 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-04-25 06:57 - 2012-04-25 06:57 - 00000000 ____D C:\Program Files\iPod

2012-04-25 02:11 - 2012-04-25 02:11 - 00000000 ____D C:\Users\All Users\Mozilla

2012-04-24 00:58 - 2012-03-27 12:44 - 00000000 ____D C:\Users\Claudia\Desktop\Anzeigen

2012-04-23 23:57 - 2011-01-31 06:01 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Skype

2012-04-23 23:56 - 2011-08-17 23:21 - 00000000 ___RD C:\Program Files (x86)\Skype

2012-04-23 23:56 - 2011-01-31 06:01 - 00000000 ____D C:\Users\All Users\Skype

2012-04-20 02:30 - 2011-01-31 09:49 - 00000069 ____A C:\Windows\NeroDigital.ini

2012-04-20 02:28 - 2012-04-20 02:28 - 00000000 ____D C:\Users\Claudia\AppData\Local\{BA05002F-1415-4041-9276-05FBA94C8882}

2012-04-17 22:45 - 2011-03-09 10:49 - 00000000 ____D C:\Users\Claudia\Documents\Freundeskreis der Städtepartnerschaften

2012-04-15 05:01 - 2012-04-15 05:01 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-04-15 05:01 - 2012-04-15 05:01 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-04-15 05:01 - 2012-04-15 05:01 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-04-15 05:01 - 2011-03-18 10:16 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-04-12 01:14 - 2012-04-12 01:14 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2012-04-12 01:14 - 2012-04-12 01:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
 
 

ZeroAccess:

C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}

C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\L
 

ZeroAccess:

C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}

C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@

C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\L

C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U
 

========================= Known DLLs (Whitelisted) ============
 
 

========================= Bamital & volsnap Check ============
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

========================= Memory info ====================== 
 

Percentage of memory in use: 18%

Total physical RAM: 3958.71 MB

Available physical RAM: 3228.55 MB

Total Pagefile: 3956.86 MB

Available Pagefile: 3209.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB
 

======================= Partitions =========================
 

1 Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:206.33 GB) NTFS

2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.03 GB) NTFS

4 Drive g: (NOREIA) (Removable) (Total:7.47 GB) (Free:2.14 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT

  ---------------  -------------  -------  -------  ---  ---

  Datentr„ger 0    Online          298 GB      0 B         

  Datentr„ger 1    Online         7660 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Typ               Gr”áe    Offset

  -------------  ----------------  -------  -------

  Partition 1    Wiederherstellun    13 GB  1024 KB

  Partition 2    Prim„r             100 MB    13 GB

  Partition 3    Prim„r             284 GB    13 GB
 

======================================================================================================
 

Disk: 0

Partition 1

Typ      : 27

Versteckt: Ja

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     E   PQSERVICE    NTFS   Partition     13 GB  Fehlerfre  Versteck
 

======================================================================================================
 

Disk: 0

Partition 2

Typ      : 07

Versteckt: Nein

Aktiv    : Ja
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 1     Y   SYSTEM RESE  NTFS   Partition    100 MB  Fehlerfre          
 

======================================================================================================
 

Disk: 0

Partition 3

Typ      : 07

Versteckt: Nein

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 2     C   Acer         NTFS   Partition    284 GB  Fehlerfre          
 

======================================================================================================
 

Partitions of Disk 1:

===============
 

  Partition ###  Typ               Gr”áe    Offset

  -------------  ----------------  -------  -------

  Partition 1    Prim„r            7656 MB  4096 KB
 

======================================================================================================
 

Disk: 1

Partition 1

Typ      : 0B

Versteckt: Nein

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 4     G   NOREIA       FAT32  Wechselmed  7656 MB  Fehlerfre          
 

======================================================================================================
 

==========================================================
 

Last Boot: 2012-06-25 00:20
 

======================= End Of Log ==========================

Liebe Grüße Claudia

Schritt 1: Fix mit FRST x64

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}

C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST64.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt 2: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hier die fixlog-Datei:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012

Ran by SYSTEM at 2012-06-28 16:56:33 Run:1

Running from G:\
 

==============================================
 

C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14} moved successfully.

C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14} moved successfully.
 

==== End of Fixlog ====

und die Logdatei von Combofix:

Code:

ComboFix 12-06-28.01 - Claudia 28.06.2012  17:03:42.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2163 [GMT 2:00]

ausgeführt von:: c:\users\Claudia\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@

c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@

c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@

c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@

c:\windows\SysWow64\ijl11.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))

.

.

2012-06-28 19:53 . 2012-06-28 19:54        --------        d-----w-        C:\FRST

2012-06-28 15:10 . 2012-06-28 15:10        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2012-06-28 15:10 . 2012-06-28 15:10        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-06-27 16:49 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-27 16:49 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-27 16:49 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-27 16:49 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-27 16:49 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-27 16:49 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-27 16:49 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-27 16:48 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-27 16:48 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-27 16:08 . 2012-06-27 16:08        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2012-06-26 10:16 . 2012-06-26 10:16        --------        d-----w-        c:\users\Claudia\AppData\Roaming\Malwarebytes

2012-06-26 10:16 . 2012-06-28 02:43        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-26 10:16 . 2012-06-26 10:16        --------        d-----w-        c:\programdata\Malwarebytes

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-08 10:45 . 2011-10-15 07:16        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-08 10:45 . 2011-10-15 07:16        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-05-03 18:59 . 2012-05-03 18:59        67072        ----a-w-        c:\windows\SysWow64\as_tif32.dll

2012-05-03 18:59 . 2012-05-03 18:59        47616        ----a-w-        c:\windows\SysWow64\asdib32.dll

2012-05-03 18:54 . 2012-05-03 18:54        29696        ----a-w-        c:\windows\SysWow64\sfx32.dll

2012-05-03 18:54 . 2012-05-03 18:54        120320        ------w-        c:\windows\SysWow64\czip.ocx

2012-04-15 13:01 . 2011-03-18 18:16        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-03-31 06:05 . 2012-05-09 08:40        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-09 08:40        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-09 08:40        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-09 08:40        3146240        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]

2011-12-22 21:17        262312        ----a-w-        c:\program files (x86)\blekkotb\auxi\blekkoAu.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

2011-12-22 21:16        86696        ----a-w-        c:\program files (x86)\blekkotb\blekkoDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2011-12-22 86696]

.

[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"Facebook Update"="c:\users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 137536]

"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-12-21 206504]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2011-2-3 106561]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-25 203264]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6856192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-25 264192]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job

- c:\users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 15:27]

.

2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job

- c:\users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 15:27]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 20:23]

.

2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 20:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\gvgv42ae.default\

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - f23c113900000000000018f46a74f5a6

FF - user.js: extensions.Softonic.instlDay - 15463

FF - user.js: extensions.Softonic.vrsn - 1.5.21.0

FF - user.js: extensions.Softonic.vrsni - 1.5.21.0

FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.020:28

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00015

FF - user.js: extensions.Softonic.dfltLng - de

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe

c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-28  17:17:51 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-06-28 15:17

.

Vor Suchlauf: 12 Verzeichnis(se), 220.195.184.640 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 222.442.254.336 Bytes frei

.

- - End Of File - - A772CF6C70C30B98B52864F03CA5E309

Schritt 1: Software deinstaliieren

Klicke Start-->Systemsteuerung.
Öffne Programme und Funktionen.
Suche und deinstalliere folgende Einträge:

Zitat:

Spam Free Search Bar
Schließe das Fenster.

Schritt 2: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist