Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   my.start. Virus (https://www.trojaner-board.de/119488-my-start-virus.html)

DavideEngel 14.07.2012 16:13
my.start. Virus
 
hab mir auch diesen Tool-Virus eingefangen, weiß leider nur nicht wie.
Anbei alle erforderlichen Daten. Danke für eure schnelle Hilfe

Davide


# AdwCleaner v1.702 - Logfile created 07/14/2012 at 16:50:33
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ralf - RALF-PC
# Running from : C:\Users\Ralf\Downloads\adwcleaner0.exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Ralf\AppData\Local\Conduit
Folder Found : C:\Users\Ralf\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ralf\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Ralf\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Ralf\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Gast\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Gast\AppData\LocalLow\Conduit
Folder Found : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\Conduit
Folder Found : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\ConduitCommon
Folder Found : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\ConduitEngine
Folder Found : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\DVDVideoSoftTB
File Found : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\Askcom.xml
File Found : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\Conduit.xml
File Found : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\MyStart Search.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default
File : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\prefs.js

Found : user_pref("CT2269050..clientLogIsEnabled", false);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "14-7-2012");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sat Jul 14 2012 16:20:06 GMT+0200");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Sun Aug 01 2010 18:12:15 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "1-8-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Sun Aug 01 2010 18:02:14 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Jul 14 2012 16:20:06 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Sun Aug 01 2010 18:02:15 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 19:30:36 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 05:31:21 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 18:55:53 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.14.1.0", "Sat Jul 14 2012 16:20:06 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "3.13.0.6");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Sun Aug 01 2010 18:02:15 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/ig");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Jul 14 2012 16:19:56 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Sat Jul 14 2012 16:19:56 GMT+0200");
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jul 14 2012 16:19:54 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Aug 01 2010 18:02:13 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN05885435381427706");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Sun Aug 01 2010 18:02:14 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", true);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.revertSettingsEnabled", true);
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sat Jul 14 2012 16:20:06 GMT+0200");
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1295532/1291203/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2903601", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2903601",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{e84cc2c1-b722-48fc-a39c-edb8b525c777}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "productivity_2.2");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2903601");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e84cc2c1-b722-48fc-a39c-edb8b525c777}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "productivity_2.2");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 28 2011 13:07:36 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 23:12:19 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 22:48:02 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "008e96a0-2b91-42a1-955c-c839ba1c34a2");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Aug 01 2010 18:02:15 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "d836a249-534c-48f9-83a1-9db0f0b2b405");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2903601");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "Productivity 2.2 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903601&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.incredibar.actvtyRptTime", "1341088249226");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "DE");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "DE");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "DC9EC2BE6744D22205C44D13A8154923");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "54660ccf00000000000006265e851156");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15514");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15514");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.146:45:24");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 79727111);
Found : user_pref("extensions.incredibar.prtkDS", 0);
Found : user_pref("extensions.incredibar.prtkHmpg", 0);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQBjrRu0p&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQBjrRu0p&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQBjrRu0p");
Found : user_pref("extensions.incredibar.upn2n", "92543108048882041");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.146:45:24");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.146:45:24");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "54660ccf00000000000006265e851156");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15514");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQBjrRu0p&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQBjrRu0p");
Found : user_pref("extensions.incredibar_i.upn2n", "92543108048882041");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.146:45:24");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default
File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rjjud9l3.default\prefs.js

[OK] File is clean.

-\\ Opera v11.64.1403.0

File : C:\Users\Ralf\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : Home URL=hxxp://mystart.incredibar.com/mb165?a=6PQBjrRu0p&i=26

*************************

AdwCleaner[R1].txt - [30287 octets] - [14/07/2012 16:50:33]

########## EOF - C:\AdwCleaner[R1].txt - [30416 octets] ##########

cosinus 16.07.2012 21:15
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

DavideEngel 18.07.2012 19:19
# AdwCleaner v1.702 - Logfile created 07/18/2012 at 20:15:14
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ralf - RALF-PC
# Running from : C:\Users\Ralf\Downloads\adwcleaner0.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Ralf\AppData\Local\Conduit
Folder Deleted : C:\Users\Ralf\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ralf\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Ralf\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Ralf\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Gast\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Gast\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\Conduit
Folder Deleted : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\ConduitCommon
Folder Deleted : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\ConduitEngine
Folder Deleted : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB
File Deleted : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\MyStart Search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\prefs.js

C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\user.js ... Deleted !

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "18-7-2012");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Wed Jul 18 2012 19:59:25 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sun Aug 01 2010 18:12:15 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "1-8-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Sun Aug 01 2010 18:02:14 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Jul 18 2012 19:59:27 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Sun Aug 01 2010 18:02:15 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 19:30:36 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 05:31:21 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 18:55:53 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Wed Jul 18 2012 19:59:25 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sun Aug 01 2010 18:02:15 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/ig");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Jul 18 2012 19:59:24 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Jul 18 2012 19:59:24 GMT+0200");
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Wed Jul 18 2012 19:59:23 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Aug 01 2010 18:02:13 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN05885435381427706");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Sun Aug 01 2010 18:02:14 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", true);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Jul 18 2012 19:59:27 GMT+0200");
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1295532/1291203/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2903601", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2903601",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2903601/CT2903601[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{e84cc2c1-b722-48fc-a39c-edb8b525c777}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "productivity_2.2");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2903601");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e84cc2c1-b722-48fc-a39c-edb8b525c777}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "productivity_2.2");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 28 2011 13:07:36 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 23:12:19 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 22:48:02 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "008e96a0-2b91-42a1-955c-c839ba1c34a2");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Aug 01 2010 18:02:15 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "d836a249-534c-48f9-83a1-9db0f0b2b405");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2903601");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Productivity 2.2 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903601&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341088249226");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "DE");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "DE");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "DC9EC2BE6744D22205C44D13A8154923");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "54660ccf00000000000006265e851156");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15514");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15514");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.146:45:24");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 79727111);
Deleted : user_pref("extensions.incredibar.prtkDS", 0);
Deleted : user_pref("extensions.incredibar.prtkHmpg", 0);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQBjrRu0p&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQBjrRu0p&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQBjrRu0p");
Deleted : user_pref("extensions.incredibar.upn2n", "92543108048882041");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.146:45:24");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.146:45:24");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "54660ccf00000000000006265e851156");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15514");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQBjrRu0p&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQBjrRu0p");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543108048882041");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.146:45:24");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default
File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rjjud9l3.default\prefs.js

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\Ralf\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://mystart.incredibar.com/mb165?a=6PQBjrRu0p&i=26

*************************

AdwCleaner[R1].txt - [30314 octets] - [14/07/2012 16:50:33]
AdwCleaner[R2].txt - [30283 octets] - [18/07/2012 20:14:22]
AdwCleaner[S1].txt - [28059 octets] - [18/07/2012 20:15:14]

########## EOF - C:\AdwCleaner[S1].txt - [28188 octets] ##########

Hier meine Antwort

Danke Ralf

cosinus 19.07.2012 11:06
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

DavideEngel 19.07.2012 21:16
hier steht das Log:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.07.19.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ralf :: RALF-PC [Administrator]

Schutz: Aktiviert

19.07.2012 20:35:26
mbam-log-2012-07-19 (20-35-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431547
Laufzeit: 1 Stunde(n), 38 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ralf\Downloads\SoftonicDownloader_fuer_sf-karte.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

hier ist das log:


Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.07.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ralf :: RALF-PC [Administrator]

07.07.2012 18:47:32
mbam-log-2012-07-07 (18-47-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 275954
Laufzeit: 9 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ralf\Downloads\SoftonicDownloader_fuer_sf-karte.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

hier ist das log:

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.07.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ralf :: RALF-PC [Administrator]

07.07.2012 19:41:41
mbam-log-2012-07-07 (19-41-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 275421
Laufzeit: 5 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

hier ist das Log:

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.07.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ralf :: RALF-PC [Administrator]

08.07.2012 14:50:57
mbam-log-2012-07-08 (14-50-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 275784
Laufzeit: 8 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 19.07.2012 22:03
Was ist mit ESET?

DavideEngel 20.07.2012 21:10
Zitat:
Zitat von cosinus (Beitrag 869578)
Was ist mit ESET?

kommt noch

Code:
hier steht das Log
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e8f7f10c7c8b0941958e90857cdbc0ed
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 08:23:59
# local_time=2012-07-19 10:23:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24195201 24195201 0 0
# compatibility_mode=5893 16776573 100 94 185915 94359225 0 0
# compatibility_mode=8192 67108863 100 0 104 104 0 0
# scanned=3800
# found=0
# cleaned=0
# scan_time=64
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e8f7f10c7c8b0941958e90857cdbc0ed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 11:53:36
# local_time=2012-07-21 01:53:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24281198 24281198 0 0
# compatibility_mode=5893 16776573 100 94 38329 94445222 0 0
# compatibility_mode=8192 67108863 100 0 86101 86101 0 0
# scanned=195965
# found=1
# cleaned=0
# scan_time=13045
K:\RALF-PC\Backup Set 2012-07-08 161524\Backup Files 2012-07-08 161524\Backup files 5.zip a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I

cosinus 21.07.2012 15:47
Code:
C:\Users\Ralf\Downloads\SoftonicDownloader_fuer_sf-karte.exe
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! http://cosgan.de/images/midi/boese/a040.gif

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

DavideEngel 21.07.2012 18:46
Die SF-Card hab ich schon gelöscht.

Windows geht auch wieder normal.
Alle Ordner sind auch vorhanden.

Das einzige Problem ist:
Der Adobe-Flashplayer stürzt öfters ab. Aber denke das ist ein anderes Problem

cosinus 23.07.2012 14:00
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

DavideEngel 23.07.2012 23:45
Code:
hier steht das Log
OTL Logfile:
Code:
OTL logfile created on: 24.07.2012 00:22:56 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Ralf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 57,62% Memory free
3,86 Gb Paging File | 2,69 Gb Available in Paging File | 69,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,95 Gb Total Space | 71,02 Gb Free Space | 51,86% Space Free | Partition Type: NTFS
Drive K: | 74,53 Gb Total Space | 24,55 Gb Free Space | 32,94% Space Free | Partition Type: NTFS
 
Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 00:18:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Downloads\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Ralf\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.08 18:48:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:48:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:48:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.09.10 16:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.08.18 09:38:28 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.15 17:03:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.14 16:16:20 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.08 18:48:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:48:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.26 22:57:00 | 003,822,544 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.09.10 16:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.08.06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.01.21 15:00:54 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE364
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.15 17:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 08:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.15 17:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 08:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.19 23:00:49 | 000,000,000 | ---D | M]
 
[2010.01.27 01:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions
[2010.01.27 01:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.18 20:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions
[2012.07.08 15:59:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE Community Toolbar) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.07.14 16:14:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.19 20:27:02 | 000,000,944 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\icqplugin.xml
[2012.06.23 08:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.14 16:12:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.23 08:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.15 17:03:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.18 14:18:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 14:18:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.18 14:18:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 14:18:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 14:18:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 14:18:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.02 19:02:38 | 000,431,553 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1        100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14853 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TQ566808] "D:\Setup.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [Akamai NetSession Interface] C:\Users\Ralf\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [BrowserMask] C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B7364BA-826D-4A17-94C7-888720CB5202}: DhcpNameServer = 83.169.186.161 83.169.186.225
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\bradminv3.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\windvd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: perfDate - (C:\Windows\system32\dialpubw.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 22:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.17 07:04:06 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.17 05:18:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.14 18:05:05 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.07.14 17:27:27 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.07.14 17:24:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.14 14:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.14 14:24:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\TuneUp Software
[2012.07.14 14:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.07.14 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.14 14:23:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.14 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Documents\Simply Super Software
[2012.07.14 14:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.07.14 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.14 14:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Simply Super Software
[2012.07.14 14:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.07 18:46:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes
[2012.07.07 18:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 18:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 18:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.07 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB_DE
[2012.07.06 19:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2009.08.22 05:02:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 00:20:13 | 000,001,402 | ---- | M] () -- C:\Users\Ralf\Desktop\OTL.exe - Verknüpfung.lnk
[2012.07.24 00:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 22:13:53 | 000,001,583 | ---- | M] () -- C:\Users\Ralf\Desktop\esetsmartinstaller_enu.exe - Verknüpfung.lnk
[2012.07.19 20:33:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.18 20:14:03 | 000,014,926 | ---- | M] () -- C:\Users\Ralf\Desktop\adwcleaner0.exe - Verknüpfung.lnk
[2012.07.17 17:16:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 17:16:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 07:26:05 | 000,007,602 | ---- | M] () -- C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
[2012.07.12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.06 21:05:35 | 000,000,001 | ---- | M] () -- C:\Users\Ralf\.SIG_PINSTATUS_VOREINSTELLUNG
[2012.07.06 21:05:35 | 000,000,001 | ---- | M] () -- C:\Users\Ralf\.SIG_DIALOG_VOREINSTELLUNG
[2012.06.26 09:02:40 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012.06.26 09:02:38 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
 
========== Files Created - No Company Name ==========
 
[2012.07.24 00:19:45 | 000,001,402 | ---- | C] () -- C:\Users\Ralf\Desktop\OTL.exe - Verknüpfung.lnk
[2012.07.19 22:26:31 | 000,001,583 | ---- | C] () -- C:\Users\Ralf\Desktop\esetsmartinstaller_enu.exe - Verknüpfung.lnk
[2012.07.19 20:33:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.18 20:14:03 | 000,014,926 | ---- | C] () -- C:\Users\Ralf\Desktop\adwcleaner0.exe - Verknüpfung.lnk
[2012.07.17 07:26:05 | 000,007,602 | ---- | C] () -- C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
[2012.07.14 17:27:13 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.06 21:05:35 | 000,000,001 | ---- | C] () -- C:\Users\Ralf\.SIG_PINSTATUS_VOREINSTELLUNG
[2012.07.06 21:05:35 | 000,000,001 | ---- | C] () -- C:\Users\Ralf\.SIG_DIALOG_VOREINSTELLUNG
[2012.06.06 19:22:04 | 000,010,639 | ---- | C] () -- C:\Users\Ralf\Bayer_elster_2048.pfx
[2012.01.31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 01:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 01:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 01:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 01:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.11.04 23:33:28 | 001,757,234 | ---- | C] () -- C:\Users\Ralf\IMG_1032.JPG
[2011.11.04 23:28:57 | 003,351,591 | ---- | C] () -- C:\Users\Ralf\GEDC1264.JPG
[2011.11.04 23:16:02 | 003,115,173 | ---- | C] () -- C:\Users\Ralf\GEDC1127.JPG
[2011.11.04 23:13:23 | 003,570,024 | ---- | C] () -- C:\Users\Ralf\GEDC0987.JPG
[2011.10.18 00:22:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.07.14 11:44:38 | 000,000,113 | ---- | C] () -- C:\Windows\ChssBase.ini
[2011.05.04 22:23:12 | 000,000,092 | ---- | C] () -- C:\Users\Ralf\AppData\Local\fusioncache.dat
[2011.03.23 17:54:42 | 000,000,000 | ---- | C] () -- C:\Users\Ralf\__ng3d.lock
[2010.11.16 22:47:11 | 000,051,603 | ---- | C] () -- C:\Users\Ralf\wlrce905.30.jar
[2010.05.08 12:48:52 | 000,000,680 | RHS- | C] () -- C:\Users\Ralf\ntuser.pol
[2010.02.23 21:24:04 | 000,016,896 | ---- | C] () -- C:\Users\Ralf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.26 16:49:14 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== LOP Check ==========
 
[2011.07.15 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ChessBase
[2012.06.08 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ
[2011.04.09 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2010.05.20 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2012.07.14 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TuneUp Software
[2010.05.23 01:19:54 | 000,000,000 | -HSD | M] -- C:\Users\Ralf\AppData\Roaming\.#
[2011.05.02 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AntiBrowserSpy 2009
[2010.02.04 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AppLauncher
[2012.07.10 01:13:07 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\BSW
[2012.02.12 22:02:39 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\CasualForge
[2011.11.11 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ChessBase
[2012.01.06 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\COW
[2012.07.17 07:04:19 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoft
[2011.03.25 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.25 09:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\elsterformular
[2010.01.27 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GameConsole
[2012.01.14 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ICQ
[2011.01.23 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia
[2010.12.17 16:53:36 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia Ovi Suite
[2010.02.23 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\OpenOffice.org
[2012.02.17 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Opera
[2010.05.18 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\PC Suite
[2012.03.30 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Samsung
[2010.04.17 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ScanSoft
[2010.06.17 16:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SecondLife
[2012.06.23 06:41:56 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SF Software
[2012.07.14 14:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Simply Super Software
[2010.02.18 01:09:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TeamViewer
[2012.04.19 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Temp
[2010.01.27 01:34:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Thunderbird
[2010.01.29 09:59:48 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TS3Client
[2012.07.14 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TuneUp Software
[2012.02.11 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Unity
[2010.11.24 08:59:47 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Valuga Software
[2012.06.22 19:19:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.23 01:19:54 | 000,000,000 | -HSD | M] -- C:\Users\Ralf\AppData\Roaming\.#
[2010.11.07 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AccurateRip
[2012.06.09 19:39:21 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Adobe
[2011.05.02 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AntiBrowserSpy 2009
[2010.02.04 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AppLauncher
[2012.01.09 07:44:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Apple Computer
[2011.10.13 21:30:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Avira
[2010.02.23 21:25:35 | 000,000,000 | R--D | M] -- C:\Users\Ralf\AppData\Roaming\Brother
[2012.07.10 01:13:07 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\BSW
[2012.02.12 22:02:39 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\CasualForge
[2011.11.11 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ChessBase
[2010.01.26 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Corel
[2012.01.06 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\COW
[2012.07.17 07:04:19 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoft
[2011.03.25 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.25 09:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\elsterformular
[2010.01.27 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GameConsole
[2010.01.26 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Google
[2012.01.14 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ICQ
[2010.01.26 16:08:25 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Identities
[2010.04.17 09:19:01 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\InstallShield
[2010.01.26 16:09:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Macromedia
[2012.07.07 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Media Center Programs
[2012.07.19 22:25:56 | 000,000,000 | --SD | M] -- C:\Users\Ralf\AppData\Roaming\Microsoft
[2011.05.05 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Mozilla
[2011.01.23 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia
[2010.12.17 16:53:36 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia Ovi Suite
[2010.02.23 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\OpenOffice.org
[2012.02.17 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Opera
[2010.05.18 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\PC Suite
[2012.03.30 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Samsung
[2010.04.17 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ScanSoft
[2010.06.17 16:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SecondLife
[2012.06.23 06:41:56 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SF Software
[2012.07.14 14:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Simply Super Software
[2012.05.24 01:02:08 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Skype
[2011.10.18 00:22:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\skypePM
[2010.11.15 21:55:27 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\teamspeak2
[2010.02.18 01:09:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TeamViewer
[2012.04.19 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Temp
[2010.01.27 01:34:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Thunderbird
[2010.01.29 09:59:48 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TS3Client
[2012.07.14 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TuneUp Software
[2012.02.11 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Unity
[2010.11.24 08:59:47 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Valuga Software
[2012.07.14 16:14:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2009.08.10 20:36:16 | 007,344,128 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\AppLauncher.exe
[2010.02.04 18:35:02 | 000,667,648 | ---- | M] (TODO: <Company name>) -- C:\Users\Ralf\AppData\Roaming\AppLauncher\Data Recovery.exe
[2010.02.04 18:35:02 | 002,695,168 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\DataSync.exe
[2010.02.04 18:35:02 | 001,294,336 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\LOCK.exe
[2010.02.04 18:35:02 | 000,770,048 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\MakeBootable.exe
[2010.02.04 18:35:02 | 000,561,152 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\PCLock.exe
[2010.02.04 18:35:02 | 000,208,896 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\Reset.exe
[2010.02.04 18:35:02 | 000,462,848 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\SecretZip.exe
[2012.03.30 00:12:26 | 000,106,408 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.30 00:12:26 | 000,101,288 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.30 00:12:26 | 000,021,416 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.07.17 07:18:01 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012.04.04 07:05:14 | 000,954,256 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.04.04 07:05:18 | 000,278,928 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.03.29 07:13:22 | 000,309,760 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe
[2012.04.04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.01.31 01:16:12 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2012.03.29 07:11:58 | 000,297,984 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2012.03.29 07:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.04.04 07:05:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.03.29 07:11:38 | 000,106,920 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.03.29 07:11:38 | 000,101,288 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.04.04 07:05:26 | 000,183,696 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.04.04 07:05:30 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.01.31 01:15:48 | 000,221,184 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV.exe
[2012.01.31 01:15:50 | 000,061,440 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV2.exe
[2012.03.29 07:10:58 | 024,161,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.07.10 03:58:52 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.07.10 03:58:56 | 000,278,968 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe
[2012.07.10 03:58:54 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.07.10 03:58:58 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.07.10 03:59:00 | 000,183,736 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.10 03:59:04 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.06.26 09:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe
[2012.06.26 09:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe
[2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.07.10 03:59:04 | 000,450,488 | ---- | M] (ml) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---


Code:
hier steht das Log
OTL Logfile:
Code:
OTL logfile created on: 24.07.2012 00:22:56 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Ralf\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 57,62% Memory free
3,86 Gb Paging File | 2,69 Gb Available in Paging File | 69,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,95 Gb Total Space | 71,02 Gb Free Space | 51,86% Space Free | Partition Type: NTFS
Drive K: | 74,53 Gb Total Space | 24,55 Gb Free Space | 32,94% Space Free | Partition Type: NTFS
 
Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.24 00:18:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Downloads\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Ralf\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.08 18:48:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:48:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:48:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.09.10 16:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.08.18 09:38:28 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.15 17:03:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.14 16:16:20 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.08 18:48:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:48:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.26 22:57:00 | 003,822,544 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.09.10 16:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.08.06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.01.21 15:00:54 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE364
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.15 17:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 08:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.15 17:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 08:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.19 23:00:49 | 000,000,000 | ---D | M]
 
[2010.01.27 01:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions
[2010.01.27 01:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.18 20:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions
[2012.07.08 15:59:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE Community Toolbar) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.07.14 16:14:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.19 20:27:02 | 000,000,944 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\icqplugin.xml
[2012.06.23 08:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.14 16:12:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.23 08:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.15 17:03:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.18 14:18:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 14:18:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.18 14:18:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 14:18:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 14:18:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 14:18:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.02 19:02:38 | 000,431,553 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1        100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14853 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TQ566808] "D:\Setup.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [Akamai NetSession Interface] C:\Users\Ralf\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [BrowserMask] C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B7364BA-826D-4A17-94C7-888720CB5202}: DhcpNameServer = 83.169.186.161 83.169.186.225
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\bradminv3.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\windvd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: perfDate - (C:\Windows\system32\dialpubw.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 22:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.17 07:04:06 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.17 05:18:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.14 18:05:05 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.07.14 17:27:27 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.07.14 17:24:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.14 14:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.14 14:24:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\TuneUp Software
[2012.07.14 14:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.07.14 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.14 14:23:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.14 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Documents\Simply Super Software
[2012.07.14 14:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.07.14 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.14 14:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Simply Super Software
[2012.07.14 14:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.07 18:46:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes
[2012.07.07 18:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 18:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 18:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.07 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB_DE
[2012.07.06 19:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2009.08.22 05:02:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 00:20:13 | 000,001,402 | ---- | M] () -- C:\Users\Ralf\Desktop\OTL.exe - Verknüpfung.lnk
[2012.07.24 00:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 22:13:53 | 000,001,583 | ---- | M] () -- C:\Users\Ralf\Desktop\esetsmartinstaller_enu.exe - Verknüpfung.lnk
[2012.07.19 20:33:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.18 20:14:03 | 000,014,926 | ---- | M] () -- C:\Users\Ralf\Desktop\adwcleaner0.exe - Verknüpfung.lnk
[2012.07.17 17:16:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 17:16:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 07:26:05 | 000,007,602 | ---- | M] () -- C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
[2012.07.12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.07.06 21:05:35 | 000,000,001 | ---- | M] () -- C:\Users\Ralf\.SIG_PINSTATUS_VOREINSTELLUNG
[2012.07.06 21:05:35 | 000,000,001 | ---- | M] () -- C:\Users\Ralf\.SIG_DIALOG_VOREINSTELLUNG
[2012.06.26 09:02:40 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012.06.26 09:02:38 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
 
========== Files Created - No Company Name ==========
 
[2012.07.24 00:19:45 | 000,001,402 | ---- | C] () -- C:\Users\Ralf\Desktop\OTL.exe - Verknüpfung.lnk
[2012.07.19 22:26:31 | 000,001,583 | ---- | C] () -- C:\Users\Ralf\Desktop\esetsmartinstaller_enu.exe - Verknüpfung.lnk
[2012.07.19 20:33:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.18 20:14:03 | 000,014,926 | ---- | C] () -- C:\Users\Ralf\Desktop\adwcleaner0.exe - Verknüpfung.lnk
[2012.07.17 07:26:05 | 000,007,602 | ---- | C] () -- C:\Users\Ralf\AppData\Local\Resmon.ResmonCfg
[2012.07.14 17:27:13 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.06 21:05:35 | 000,000,001 | ---- | C] () -- C:\Users\Ralf\.SIG_PINSTATUS_VOREINSTELLUNG
[2012.07.06 21:05:35 | 000,000,001 | ---- | C] () -- C:\Users\Ralf\.SIG_DIALOG_VOREINSTELLUNG
[2012.06.06 19:22:04 | 000,010,639 | ---- | C] () -- C:\Users\Ralf\Bayer_elster_2048.pfx
[2012.01.31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 01:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 01:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 01:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 01:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.11.04 23:33:28 | 001,757,234 | ---- | C] () -- C:\Users\Ralf\IMG_1032.JPG
[2011.11.04 23:28:57 | 003,351,591 | ---- | C] () -- C:\Users\Ralf\GEDC1264.JPG
[2011.11.04 23:16:02 | 003,115,173 | ---- | C] () -- C:\Users\Ralf\GEDC1127.JPG
[2011.11.04 23:13:23 | 003,570,024 | ---- | C] () -- C:\Users\Ralf\GEDC0987.JPG
[2011.10.18 00:22:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.07.14 11:44:38 | 000,000,113 | ---- | C] () -- C:\Windows\ChssBase.ini
[2011.05.04 22:23:12 | 000,000,092 | ---- | C] () -- C:\Users\Ralf\AppData\Local\fusioncache.dat
[2011.03.23 17:54:42 | 000,000,000 | ---- | C] () -- C:\Users\Ralf\__ng3d.lock
[2010.11.16 22:47:11 | 000,051,603 | ---- | C] () -- C:\Users\Ralf\wlrce905.30.jar
[2010.05.08 12:48:52 | 000,000,680 | RHS- | C] () -- C:\Users\Ralf\ntuser.pol
[2010.02.23 21:24:04 | 000,016,896 | ---- | C] () -- C:\Users\Ralf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.26 16:49:14 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== LOP Check ==========
 
[2011.07.15 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ChessBase
[2012.06.08 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ
[2011.04.09 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2010.05.20 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2012.07.14 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TuneUp Software
[2010.05.23 01:19:54 | 000,000,000 | -HSD | M] -- C:\Users\Ralf\AppData\Roaming\.#
[2011.05.02 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AntiBrowserSpy 2009
[2010.02.04 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AppLauncher
[2012.07.10 01:13:07 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\BSW
[2012.02.12 22:02:39 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\CasualForge
[2011.11.11 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ChessBase
[2012.01.06 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\COW
[2012.07.17 07:04:19 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoft
[2011.03.25 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.25 09:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\elsterformular
[2010.01.27 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GameConsole
[2012.01.14 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ICQ
[2011.01.23 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia
[2010.12.17 16:53:36 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia Ovi Suite
[2010.02.23 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\OpenOffice.org
[2012.02.17 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Opera
[2010.05.18 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\PC Suite
[2012.03.30 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Samsung
[2010.04.17 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ScanSoft
[2010.06.17 16:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SecondLife
[2012.06.23 06:41:56 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SF Software
[2012.07.14 14:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Simply Super Software
[2010.02.18 01:09:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TeamViewer
[2012.04.19 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Temp
[2010.01.27 01:34:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Thunderbird
[2010.01.29 09:59:48 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TS3Client
[2012.07.14 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TuneUp Software
[2012.02.11 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Unity
[2010.11.24 08:59:47 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Valuga Software
[2012.06.22 19:19:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.23 01:19:54 | 000,000,000 | -HSD | M] -- C:\Users\Ralf\AppData\Roaming\.#
[2010.11.07 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AccurateRip
[2012.06.09 19:39:21 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Adobe
[2011.05.02 18:55:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AntiBrowserSpy 2009
[2010.02.04 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\AppLauncher
[2012.01.09 07:44:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Apple Computer
[2011.10.13 21:30:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Avira
[2010.02.23 21:25:35 | 000,000,000 | R--D | M] -- C:\Users\Ralf\AppData\Roaming\Brother
[2012.07.10 01:13:07 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\BSW
[2012.02.12 22:02:39 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\CasualForge
[2011.11.11 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ChessBase
[2010.01.26 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Corel
[2012.01.06 15:41:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\COW
[2012.07.17 07:04:19 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoft
[2011.03.25 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.25 09:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\elsterformular
[2010.01.27 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GameConsole
[2010.01.26 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Google
[2012.01.14 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ICQ
[2010.01.26 16:08:25 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Identities
[2010.04.17 09:19:01 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\InstallShield
[2010.01.26 16:09:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Macromedia
[2012.07.07 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Media Center Programs
[2012.07.19 22:25:56 | 000,000,000 | --SD | M] -- C:\Users\Ralf\AppData\Roaming\Microsoft
[2011.05.05 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Mozilla
[2011.01.23 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia
[2010.12.17 16:53:36 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Nokia Ovi Suite
[2010.02.23 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\OpenOffice.org
[2012.02.17 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Opera
[2010.05.18 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\PC Suite
[2012.03.30 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Samsung
[2010.04.17 09:27:02 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\ScanSoft
[2010.06.17 16:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SecondLife
[2012.06.23 06:41:56 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SF Software
[2012.07.14 14:21:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Simply Super Software
[2012.05.24 01:02:08 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Skype
[2011.10.18 00:22:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\skypePM
[2010.11.15 21:55:27 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\teamspeak2
[2010.02.18 01:09:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TeamViewer
[2012.04.19 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Temp
[2010.01.27 01:34:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Thunderbird
[2010.01.29 09:59:48 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TS3Client
[2012.07.14 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TuneUp Software
[2012.02.11 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Unity
[2010.11.24 08:59:47 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Valuga Software
[2012.07.14 16:14:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2009.08.10 20:36:16 | 007,344,128 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\AppLauncher.exe
[2010.02.04 18:35:02 | 000,667,648 | ---- | M] (TODO: <Company name>) -- C:\Users\Ralf\AppData\Roaming\AppLauncher\Data Recovery.exe
[2010.02.04 18:35:02 | 002,695,168 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\DataSync.exe
[2010.02.04 18:35:02 | 001,294,336 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\LOCK.exe
[2010.02.04 18:35:02 | 000,770,048 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\MakeBootable.exe
[2010.02.04 18:35:02 | 000,561,152 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\PCLock.exe
[2010.02.04 18:35:02 | 000,208,896 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\Reset.exe
[2010.02.04 18:35:02 | 000,462,848 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\AppLauncher\SecretZip.exe
[2012.03.30 00:12:26 | 000,106,408 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.30 00:12:26 | 000,101,288 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.30 00:12:26 | 000,021,416 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.07.17 07:18:01 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012.04.04 07:05:14 | 000,954,256 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.04.04 07:05:18 | 000,278,928 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.03.29 07:13:22 | 000,309,760 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe
[2012.04.04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.01.31 01:16:12 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2012.03.29 07:11:58 | 000,297,984 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2012.03.29 07:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.04.04 07:05:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.03.29 07:11:38 | 000,106,920 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.03.29 07:11:38 | 000,101,288 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.04.04 07:05:26 | 000,183,696 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.04.04 07:05:30 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.01.31 01:15:48 | 000,221,184 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV.exe
[2012.01.31 01:15:50 | 000,061,440 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV2.exe
[2012.03.29 07:10:58 | 024,161,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.07.10 03:58:52 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.07.10 03:58:56 | 000,278,968 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe
[2012.07.10 03:58:54 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.07.10 03:58:58 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.07.10 03:59:00 | 000,183,736 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.10 03:59:04 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.06.26 09:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe
[2012.06.26 09:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe
[2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.07.10 03:59:04 | 000,450,488 | ---- | M] (ml) -- C:\Users\Ralf\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---

cosinus 24.07.2012 15:56
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2012.07.08 15:59:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE Community Toolbar) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.07.14 16:14:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.19 20:27:02 | 000,000,944 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\icqplugin.xml
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [TQ566808] "D:\Setup.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O32 - HKLM CDRom: AutoRun - 1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
C:\Users\Ralf\AppData\Roaming\.#
C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DavideEngel 24.07.2012 17:05
Code:
hier steht das Log

All processes killed
========== OTL ==========
Folder C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\ not found.
Folder C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\ikk4hkqq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
File C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\searchplugins\icqplugin.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TQ566808 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction not found.
Registry value HKEY_USERS\S-1-5-21-864403886-4019623797-4098112004-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Unable to delete ADS C:\ProgramData\TEMP:5D7E5A8F .
Unable to delete ADS C:\ProgramData\TEMP:1D32EC29 .
Unable to delete ADS C:\ProgramData\TEMP:0B9176C0 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
========== FILES ==========
File\Folder C:\Users\Ralf\AppData\Roaming\.# not found.
File\Folder C:\user.js not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 953235938 bytes
->Flash cache emptied: 34423587 bytes

User: Public

User: Ralf
->Temp folder emptied: 42700275 bytes
->Temporary Internet Files folder emptied: 3099449 bytes
->Java cache emptied: 49499943 bytes
->FireFox cache emptied: 467426034 bytes
->Opera cache emptied: 42781351 bytes
->Flash cache emptied: 670 bytes

User: Samuel
->Temp folder emptied: 2799 bytes
->Temporary Internet Files folder emptied: 426788 bytes
->Flash cache emptied: 527 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4445382 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83269 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.524,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: AppData

User: Default

User: Default User

User: Gast
->Flash cache emptied: 0 bytes

User: Public

User: Ralf
->Flash cache emptied: 0 bytes

User: Samuel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.54.1 log created on 07242012_175612

Files\Folders moved on Reboot...
C:\Users\Ralf\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Ralf\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus 24.07.2012 20:47
Was soll das?! Du sollst nicht meine CODE-Box 1:1 kopieren, sondern die Logs in CODE-Tags posten!

DavideEngel 24.07.2012 21:06
sry da ist irgenwas schief gelaufen. mach ich morgen in Ruhe

:stirn:

cosinus 24.07.2012 22:06
Mach die nächsten Logs bitte richtig mit den CODE-Tags!
Da gibt es extra den #-Button für in der Textformatierungsleiste!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

DavideEngel 29.07.2012 18:16
Code:
18:54:33.0264 3728        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:54:35.0339 3728        ============================================================
18:54:35.0339 3728        Current date / time: 2012/07/29 18:54:35.0339
18:54:35.0339 3728        SystemInfo:
18:54:35.0339 3728       
18:54:35.0339 3728        OS Version: 6.1.7601 ServicePack: 1.0
18:54:35.0339 3728        Product type: Workstation
18:54:35.0339 3728        ComputerName: RALF-PC
18:54:35.0339 3728        UserName: Ralf
18:54:35.0339 3728        Windows directory: C:\Windows
18:54:35.0339 3728        System windows directory: C:\Windows
18:54:35.0339 3728        Running under WOW64
18:54:35.0339 3728        Processor architecture: Intel x64
18:54:35.0339 3728        Number of processors: 1
18:54:35.0339 3728        Page size: 0x1000
18:54:35.0339 3728        Boot type: Normal boot
18:54:35.0339 3728        ============================================================
18:54:37.0866 3728        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:54:37.0866 3728        Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:37.0882 3728        ============================================================
18:54:37.0882 3728        \Device\Harddisk0\DR0:
18:54:37.0882 3728        MBR partitions:
18:54:37.0882 3728        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
18:54:37.0882 3728        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x111E6800
18:54:37.0882 3728        \Device\Harddisk1\DR1:
18:54:37.0882 3728        MBR partitions:
18:54:37.0882 3728        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
18:54:37.0882 3728        ============================================================
18:54:37.0913 3728        C: <-> \Device\Harddisk0\DR0\Partition1
18:54:37.0944 3728        K: <-> \Device\Harddisk1\DR1\Partition0
18:54:37.0944 3728        ============================================================
18:54:37.0944 3728        Initialize success
18:54:37.0944 3728        ============================================================
18:55:35.0415 3272        ============================================================
18:55:35.0415 3272        Scan started
18:55:35.0415 3272        Mode: Manual;
18:55:35.0415 3272        ============================================================
18:55:36.0210 3272        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:55:36.0226 3272        1394ohci - ok
18:55:36.0273 3272        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:55:36.0273 3272        ACPI - ok
18:55:36.0335 3272        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:55:36.0335 3272        AcpiPmi - ok
18:55:36.0538 3272        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:55:36.0538 3272        AdobeARMservice - ok
18:55:36.0616 3272        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:55:36.0647 3272        adp94xx - ok
18:55:36.0710 3272        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:55:36.0741 3272        adpahci - ok
18:55:36.0788 3272        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:55:36.0803 3272        adpu320 - ok
18:55:36.0866 3272        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:55:36.0866 3272        AeLookupSvc - ok
18:55:36.0990 3272        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:55:37.0006 3272        AFD - ok
18:55:37.0053 3272        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:55:37.0068 3272        agp440 - ok
18:55:37.0552 3272        Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
18:55:37.0552 3272        Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
18:55:37.0568 3272        Akamai ( HiddenFile.Multi.Generic ) - warning
18:55:37.0568 3272        Akamai - detected HiddenFile.Multi.Generic (1)
18:55:37.0708 3272        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:55:37.0708 3272        ALG - ok
18:55:37.0802 3272        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:55:37.0817 3272        aliide - ok
18:55:37.0848 3272        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:55:37.0848 3272        amdide - ok
18:55:38.0020 3272        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:55:38.0036 3272        AmdK8 - ok
18:55:38.0067 3272        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:55:38.0067 3272        AmdPPM - ok
18:55:38.0129 3272        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:55:38.0145 3272        amdsata - ok
18:55:38.0254 3272        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:55:38.0285 3272        amdsbs - ok
18:55:38.0332 3272        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:55:38.0332 3272        amdxata - ok
18:55:38.0394 3272        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
18:55:38.0394 3272        androidusb - ok
18:55:38.0566 3272        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:55:38.0566 3272        AntiVirSchedulerService - ok
18:55:38.0613 3272        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:55:38.0613 3272        AntiVirService - ok
18:55:38.0722 3272        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:55:38.0722 3272        AppID - ok
18:55:38.0753 3272        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:55:38.0831 3272        AppIDSvc - ok
18:55:38.0909 3272        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:55:38.0909 3272        Appinfo - ok
18:55:39.0018 3272        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:55:39.0018 3272        arc - ok
18:55:39.0034 3272        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:55:39.0050 3272        arcsas - ok
18:55:39.0096 3272        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:55:39.0096 3272        AsyncMac - ok
18:55:39.0159 3272        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:55:39.0159 3272        atapi - ok
18:55:39.0315 3272        athr            (b2c3a8618867404475228f7dd260698b) C:\Windows\system32\DRIVERS\athrx.sys
18:55:39.0362 3272        athr - ok
18:55:39.0642 3272        atksgt          (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
18:55:39.0658 3272        atksgt - ok
18:55:39.0783 3272        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:55:39.0798 3272        AudioEndpointBuilder - ok
18:55:39.0814 3272        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:55:39.0814 3272        AudioSrv - ok
18:55:39.0892 3272        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:55:39.0908 3272        avgntflt - ok
18:55:40.0048 3272        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:55:40.0048 3272        avipbb - ok
18:55:40.0079 3272        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:55:40.0079 3272        avkmgr - ok
18:55:40.0173 3272        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:55:40.0173 3272        AxInstSV - ok
18:55:40.0266 3272        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:55:40.0282 3272        b06bdrv - ok
18:55:40.0344 3272        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:55:40.0360 3272        b57nd60a - ok
18:55:40.0438 3272        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:55:40.0438 3272        BDESVC - ok
18:55:40.0469 3272        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:55:40.0469 3272        Beep - ok
18:55:40.0594 3272        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:55:40.0610 3272        BFE - ok
18:55:40.0688 3272        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:55:40.0703 3272        BITS - ok
18:55:40.0766 3272        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:55:40.0766 3272        blbdrive - ok
18:55:40.0812 3272        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:55:40.0812 3272        bowser - ok
18:55:41.0000 3272        BRA_Scheduler  (ad5d76b93b7a277cbdb964bf678f9633) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
18:55:41.0015 3272        BRA_Scheduler - ok
18:55:41.0046 3272        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:55:41.0046 3272        BrFiltLo - ok
18:55:41.0062 3272        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:55:41.0062 3272        BrFiltUp - ok
18:55:41.0109 3272        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:55:41.0109 3272        Browser - ok
18:55:41.0187 3272        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
18:55:41.0202 3272        Brserid - ok
18:55:41.0234 3272        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:55:41.0234 3272        BrSerWdm - ok
18:55:41.0249 3272        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:55:41.0249 3272        BrUsbMdm - ok
18:55:41.0280 3272        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
18:55:41.0280 3272        BrUsbSer - ok
18:55:41.0296 3272        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:55:41.0296 3272        BTHMODEM - ok
18:55:41.0343 3272        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:55:41.0421 3272        bthserv - ok
18:55:41.0436 3272        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:55:41.0452 3272        cdfs - ok
18:55:41.0514 3272        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:55:41.0530 3272        cdrom - ok
18:55:41.0592 3272        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:55:41.0592 3272        CertPropSvc - ok
18:55:41.0624 3272        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:55:41.0624 3272        circlass - ok
18:55:41.0670 3272        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:55:41.0670 3272        CLFS - ok
18:55:41.0748 3272        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:41.0748 3272        clr_optimization_v2.0.50727_32 - ok
18:55:41.0811 3272        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:55:41.0811 3272        clr_optimization_v2.0.50727_64 - ok
18:55:41.0982 3272        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:55:41.0982 3272        clr_optimization_v4.0.30319_32 - ok
18:55:42.0060 3272        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:55:42.0060 3272        clr_optimization_v4.0.30319_64 - ok
18:55:42.0123 3272        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:55:42.0123 3272        CmBatt - ok
18:55:42.0170 3272        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:55:42.0170 3272        cmdide - ok
18:55:42.0232 3272        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:55:42.0248 3272        CNG - ok
18:55:42.0357 3272        CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
18:55:42.0372 3272        CnxtHdAudService - ok
18:55:42.0450 3272        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:55:42.0450 3272        Compbatt - ok
18:55:42.0528 3272        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:55:42.0528 3272        CompositeBus - ok
18:55:42.0560 3272        COMSysApp - ok
18:55:42.0575 3272        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:55:42.0575 3272        crcdisk - ok
18:55:42.0653 3272        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:55:42.0669 3272        CryptSvc - ok
18:55:42.0778 3272        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:55:42.0778 3272        DcomLaunch - ok
18:55:42.0825 3272        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:55:42.0840 3272        defragsvc - ok
18:55:42.0903 3272        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:55:42.0903 3272        DfsC - ok
18:55:43.0012 3272        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:55:43.0012 3272        Dhcp - ok
18:55:43.0043 3272        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:55:43.0043 3272        discache - ok
18:55:43.0090 3272        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:55:43.0106 3272        Disk - ok
18:55:43.0230 3272        DKbFltr        (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
18:55:43.0230 3272        DKbFltr - ok
18:55:43.0293 3272        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:55:43.0308 3272        Dnscache - ok
18:55:43.0371 3272        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:55:43.0402 3272        dot3svc - ok
18:55:43.0480 3272        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:55:43.0496 3272        DPS - ok
18:55:43.0542 3272        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:55:43.0542 3272        drmkaud - ok
18:55:43.0605 3272        dump_wmimmc - ok
18:55:43.0714 3272        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:55:43.0745 3272        DXGKrnl - ok
18:55:43.0808 3272        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:55:43.0808 3272        EapHost - ok
18:55:44.0057 3272        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:55:44.0135 3272        ebdrv - ok
18:55:44.0276 3272        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:55:44.0276 3272        EFS - ok
18:55:44.0400 3272        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:55:44.0416 3272        ehRecvr - ok
18:55:44.0463 3272        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:55:44.0463 3272        ehSched - ok
18:55:44.0572 3272        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:55:44.0588 3272        elxstor - ok
18:55:44.0759 3272        ePowerSvc      (7c35c6865957289d9efe6cc73f4ab2e1) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:55:44.0759 3272        ePowerSvc - ok
18:55:44.0978 3272        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:55:44.0978 3272        ErrDev - ok
18:55:45.0056 3272        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:55:45.0071 3272        EventSystem - ok
18:55:45.0118 3272        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:55:45.0134 3272        exfat - ok
18:55:45.0165 3272        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:55:45.0180 3272        fastfat - ok
18:55:45.0290 3272        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:55:45.0290 3272        Fax - ok
18:55:45.0321 3272        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:55:45.0321 3272        fdc - ok
18:55:45.0383 3272        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:55:45.0383 3272        fdPHost - ok
18:55:45.0399 3272        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:55:45.0414 3272        FDResPub - ok
18:55:45.0461 3272        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:55:45.0461 3272        FileInfo - ok
18:55:45.0492 3272        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:55:45.0492 3272        Filetrace - ok
18:55:45.0524 3272        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:55:45.0524 3272        flpydisk - ok
18:55:45.0586 3272        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:55:45.0617 3272        FltMgr - ok
18:55:45.0742 3272        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:55:45.0758 3272        FontCache - ok
18:55:45.0851 3272        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:55:45.0851 3272        FontCache3.0.0.0 - ok
18:55:45.0945 3272        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:55:45.0945 3272        FsDepends - ok
18:55:45.0976 3272        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:55:45.0976 3272        Fs_Rec - ok
18:55:46.0054 3272        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:55:46.0054 3272        fvevol - ok
18:55:46.0085 3272        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:55:46.0085 3272        gagp30kx - ok
18:55:46.0179 3272        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:55:46.0210 3272        gpsvc - ok
18:55:46.0350 3272        Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
18:55:46.0366 3272        Greg_Service - ok
18:55:46.0475 3272        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:55:46.0475 3272        gupdate - ok
18:55:46.0553 3272        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:55:46.0553 3272        gupdatem - ok
18:55:46.0631 3272        gusvc          (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:55:46.0631 3272        gusvc - ok
18:55:46.0803 3272        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:55:46.0803 3272        hcw85cir - ok
18:55:46.0881 3272        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:55:46.0896 3272        HdAudAddService - ok
18:55:46.0990 3272        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:55:46.0990 3272        HDAudBus - ok
18:55:47.0037 3272        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:55:47.0037 3272        HidBatt - ok
18:55:47.0052 3272        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:55:47.0068 3272        HidBth - ok
18:55:47.0084 3272        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:55:47.0084 3272        HidIr - ok
18:55:47.0130 3272        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:55:47.0130 3272        hidserv - ok
18:55:47.0177 3272        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:55:47.0177 3272        HidUsb - ok
18:55:47.0224 3272        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:55:47.0224 3272        hkmsvc - ok
18:55:47.0286 3272        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:55:47.0302 3272        HomeGroupListener - ok
18:55:47.0349 3272        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:55:47.0349 3272        HomeGroupProvider - ok
18:55:47.0380 3272        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:55:47.0380 3272        HpSAMD - ok
18:55:47.0474 3272        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:55:47.0489 3272        HTTP - ok
18:55:47.0536 3272        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:55:47.0536 3272        hwpolicy - ok
18:55:47.0583 3272        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:55:47.0583 3272        i8042prt - ok
18:55:47.0708 3272        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:55:47.0708 3272        IAANTMON - ok
18:55:47.0754 3272        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
18:55:47.0770 3272        iaStor - ok
18:55:47.0817 3272        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:55:47.0832 3272        iaStorV - ok
18:55:48.0020 3272        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:55:48.0020 3272        idsvc - ok
18:55:48.0566 3272        igfx            (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:55:48.0706 3272        igfx - ok
18:55:48.0846 3272        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:55:48.0846 3272        iirsp - ok
18:55:49.0002 3272        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:55:49.0018 3272        IKEEXT - ok
18:55:49.0112 3272        int15.sys      (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
18:55:49.0112 3272        int15.sys - ok
18:55:49.0158 3272        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:55:49.0158 3272        intelide - ok
18:55:49.0236 3272        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:55:49.0236 3272        intelppm - ok
18:55:49.0299 3272        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:55:49.0299 3272        IPBusEnum - ok
18:55:49.0377 3272        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:49.0392 3272        IpFilterDriver - ok
18:55:49.0470 3272        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:55:49.0486 3272        iphlpsvc - ok
18:55:49.0533 3272        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:55:49.0533 3272        IPMIDRV - ok
18:55:49.0580 3272        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:55:49.0580 3272        IPNAT - ok
18:55:49.0611 3272        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:55:49.0611 3272        IRENUM - ok
18:55:49.0642 3272        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:55:49.0642 3272        isapnp - ok
18:55:49.0704 3272        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:55:49.0704 3272        iScsiPrt - ok
18:55:49.0798 3272        IviRegMgr      (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:55:49.0814 3272        IviRegMgr - ok
18:55:49.0845 3272        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:55:49.0845 3272        kbdclass - ok
18:55:49.0970 3272        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:55:49.0970 3272        kbdhid - ok
18:55:50.0016 3272        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:50.0016 3272        KeyIso - ok
18:55:50.0063 3272        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:55:50.0063 3272        KSecDD - ok
18:55:50.0126 3272        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:55:50.0141 3272        KSecPkg - ok
18:55:50.0172 3272        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:55:50.0172 3272        ksthunk - ok
18:55:50.0219 3272        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:55:50.0235 3272        KtmRm - ok
18:55:50.0297 3272        L1C            (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:55:50.0297 3272        L1C - ok
18:55:50.0375 3272        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:55:50.0391 3272        LanmanServer - ok
18:55:50.0438 3272        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:55:50.0453 3272        LanmanWorkstation - ok
18:55:50.0516 3272        Lbd            (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
18:55:50.0516 3272        Lbd - ok
18:55:50.0578 3272        lirsgt          (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
18:55:50.0578 3272        lirsgt - ok
18:55:50.0625 3272        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:55:50.0625 3272        lltdio - ok
18:55:50.0672 3272        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:55:50.0687 3272        lltdsvc - ok
18:55:50.0703 3272        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:55:50.0703 3272        lmhosts - ok
18:55:50.0734 3272        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:55:50.0750 3272        LSI_FC - ok
18:55:50.0796 3272        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:55:50.0796 3272        LSI_SAS - ok
18:55:50.0828 3272        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:55:50.0828 3272        LSI_SAS2 - ok
18:55:50.0843 3272        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:55:50.0859 3272        LSI_SCSI - ok
18:55:50.0890 3272        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:55:50.0890 3272        luafv - ok
18:55:50.0984 3272        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
18:55:50.0984 3272        MBAMProtector - ok
18:55:51.0093 3272        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:55:51.0093 3272        MBAMService - ok
18:55:51.0140 3272        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:55:51.0155 3272        Mcx2Svc - ok
18:55:51.0171 3272        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:55:51.0171 3272        megasas - ok
18:55:51.0218 3272        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:55:51.0218 3272        MegaSR - ok
18:55:51.0280 3272        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:55:51.0280 3272        MMCSS - ok
18:55:51.0296 3272        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:55:51.0296 3272        Modem - ok
18:55:51.0327 3272        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:55:51.0327 3272        monitor - ok
18:55:51.0389 3272        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:55:51.0389 3272        mouclass - ok
18:55:51.0436 3272        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:55:51.0436 3272        mouhid - ok
18:55:51.0498 3272        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:55:51.0498 3272        mountmgr - ok
18:55:51.0608 3272        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:55:51.0623 3272        MozillaMaintenance - ok
18:55:51.0670 3272        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:55:51.0686 3272        mpio - ok
18:55:51.0732 3272        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:55:51.0732 3272        mpsdrv - ok
18:55:51.0842 3272        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:55:51.0873 3272        MpsSvc - ok
18:55:51.0951 3272        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:55:51.0951 3272        MRxDAV - ok
18:55:51.0998 3272        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:52.0013 3272        mrxsmb - ok
18:55:52.0060 3272        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:52.0076 3272        mrxsmb10 - ok
18:55:52.0091 3272        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:52.0107 3272        mrxsmb20 - ok
18:55:52.0169 3272        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:55:52.0169 3272        msahci - ok
18:55:52.0232 3272        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:55:52.0247 3272        msdsm - ok
18:55:52.0278 3272        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:55:52.0294 3272        MSDTC - ok
18:55:52.0341 3272        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:55:52.0356 3272        Msfs - ok
18:55:52.0388 3272        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:55:52.0388 3272        mshidkmdf - ok
18:55:52.0403 3272        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:55:52.0403 3272        msisadrv - ok
18:55:52.0466 3272        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:55:52.0481 3272        MSiSCSI - ok
18:55:52.0481 3272        msiserver - ok
18:55:52.0528 3272        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:55:52.0528 3272        MSKSSRV - ok
18:55:52.0575 3272        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:52.0575 3272        MSPCLOCK - ok
18:55:52.0590 3272        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:55:52.0590 3272        MSPQM - ok
18:55:52.0668 3272        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:55:52.0684 3272        MsRPC - ok
18:55:52.0731 3272        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:55:52.0731 3272        mssmbios - ok
18:55:52.0762 3272        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:55:52.0762 3272        MSTEE - ok
18:55:52.0778 3272        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:55:52.0793 3272        MTConfig - ok
18:55:52.0809 3272        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:55:52.0809 3272        Mup - ok
18:55:52.0902 3272        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:55:52.0902 3272        napagent - ok
18:55:53.0012 3272        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:55:53.0027 3272        NativeWifiP - ok
18:55:53.0168 3272        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:55:53.0168 3272        NDIS - ok
18:55:53.0214 3272        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:53.0214 3272        NdisCap - ok
18:55:53.0246 3272        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:53.0246 3272        NdisTapi - ok
18:55:53.0308 3272        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:53.0324 3272        Ndisuio - ok
18:55:53.0370 3272        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:53.0386 3272        NdisWan - ok
18:55:53.0526 3272        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:55:53.0526 3272        NDProxy - ok
18:55:53.0558 3272        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:55:53.0558 3272        NetBIOS - ok
18:55:53.0620 3272        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:55:53.0620 3272        NetBT - ok
18:55:53.0667 3272        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:53.0667 3272        Netlogon - ok
18:55:53.0729 3272        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:55:53.0729 3272        Netman - ok
18:55:53.0792 3272        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:55:53.0792 3272        netprofm - ok
18:55:53.0870 3272        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:55:53.0885 3272        NetTcpPortSharing - ok
18:55:54.0400 3272        netw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
18:55:54.0540 3272        netw5v64 - ok
18:55:54.0696 3272        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:55:54.0696 3272        nfrd960 - ok
18:55:54.0774 3272        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:55:54.0774 3272        NlaSvc - ok
18:55:54.0806 3272        nmwcdcx64 - ok
18:55:54.0852 3272        nmwcdx64 - ok
18:55:54.0868 3272        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:55:54.0868 3272        Npfs - ok
18:55:54.0899 3272        npggsvc - ok
18:55:54.0962 3272        NPPTNT2 - ok
18:55:54.0993 3272        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:55:54.0993 3272        nsi - ok
18:55:55.0040 3272        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:55:55.0040 3272        nsiproxy - ok
18:55:55.0211 3272        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:55:55.0289 3272        Ntfs - ok
18:55:55.0367 3272        NTIBackupSvc    (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
18:55:55.0367 3272        NTIBackupSvc - ok
18:55:55.0508 3272        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
18:55:55.0508 3272        NTIDrvr - ok
18:55:55.0554 3272        NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
18:55:55.0570 3272        NTISchedulerSvc - ok
18:55:55.0617 3272        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:55:55.0617 3272        Null - ok
18:55:55.0679 3272        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:55:55.0695 3272        nvraid - ok
18:55:55.0757 3272        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:55:55.0773 3272        nvstor - ok
18:55:55.0804 3272        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:55:55.0820 3272        nv_agp - ok
18:55:55.0866 3272        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:55:55.0866 3272        ohci1394 - ok
18:55:55.0913 3272        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:55:55.0944 3272        p2pimsvc - ok
18:55:56.0022 3272        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:55:56.0054 3272        p2psvc - ok
18:55:56.0100 3272        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:55:56.0116 3272        Parport - ok
18:55:56.0163 3272        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:55:56.0163 3272        partmgr - ok
18:55:56.0194 3272        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:55:56.0194 3272        PcaSvc - ok
18:55:56.0241 3272        pccsmcfd - ok
18:55:56.0272 3272        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:55:56.0288 3272        pci - ok
18:55:56.0319 3272        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:55:56.0319 3272        pciide - ok
18:55:56.0366 3272        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:55:56.0366 3272        pcmcia - ok
18:55:56.0397 3272        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:55:56.0397 3272        pcw - ok
18:55:56.0444 3272        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:55:56.0459 3272        PEAUTH - ok
18:55:56.0553 3272        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:55:56.0553 3272        PerfHost - ok
18:55:56.0709 3272        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:55:56.0740 3272        pla - ok
18:55:56.0818 3272        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:55:56.0834 3272        PlugPlay - ok
18:55:56.0880 3272        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:55:56.0880 3272        PNRPAutoReg - ok
18:55:56.0927 3272        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:55:56.0927 3272        PNRPsvc - ok
18:55:56.0990 3272        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:55:57.0005 3272        PolicyAgent - ok
18:55:57.0068 3272        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:55:57.0068 3272        Power - ok
18:55:57.0161 3272        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:55:57.0161 3272        PptpMiniport - ok
18:55:57.0208 3272        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:55:57.0208 3272        Processor - ok
18:55:57.0286 3272        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:55:57.0302 3272        ProfSvc - ok
18:55:57.0348 3272        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:57.0348 3272        ProtectedStorage - ok
18:55:57.0411 3272        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:55:57.0411 3272        Psched - ok
18:55:57.0536 3272        PSI_SVC_2      (e7483be1e7a6fb16fc9ad6b54f99dee4) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:55:57.0536 3272        PSI_SVC_2 - ok
18:55:57.0660 3272        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:55:57.0692 3272        ql2300 - ok
18:55:57.0848 3272        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:55:57.0848 3272        ql40xx - ok
18:55:57.0910 3272        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:55:57.0957 3272        QWAVE - ok
18:55:58.0019 3272        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:55:58.0019 3272        QWAVEdrv - ok
18:55:58.0035 3272        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:55:58.0035 3272        RasAcd - ok
18:55:58.0097 3272        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:55:58.0097 3272        RasAgileVpn - ok
18:55:58.0128 3272        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:55:58.0175 3272        RasAuto - ok
18:55:58.0222 3272        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:58.0222 3272        Rasl2tp - ok
18:55:58.0316 3272        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:55:58.0331 3272        RasMan - ok
18:55:58.0378 3272        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:58.0378 3272        RasPppoe - ok
18:55:58.0394 3272        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:55:58.0394 3272        RasSstp - ok
18:55:58.0440 3272        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:55:58.0440 3272        rdbss - ok
18:55:58.0472 3272        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:55:58.0472 3272        rdpbus - ok
18:55:58.0487 3272        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:58.0487 3272        RDPCDD - ok
18:55:58.0518 3272        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:55:58.0518 3272        RDPENCDD - ok
18:55:58.0534 3272        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:55:58.0534 3272        RDPREFMP - ok
18:55:58.0596 3272        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:55:58.0612 3272        RDPWD - ok
18:55:58.0674 3272        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:55:58.0706 3272        rdyboost - ok
18:55:58.0737 3272        regi - ok
18:55:58.0768 3272        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:55:58.0784 3272        RemoteAccess - ok
18:55:58.0815 3272        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:55:58.0815 3272        RemoteRegistry - ok
18:55:58.0862 3272        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:55:58.0877 3272        RpcEptMapper - ok
18:55:58.0908 3272        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:55:58.0908 3272        RpcLocator - ok
18:55:59.0033 3272        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:55:59.0049 3272        RpcSs - ok
18:55:59.0080 3272        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:55:59.0080 3272        rspndr - ok
18:55:59.0158 3272        RSUSBSTOR      (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
18:55:59.0174 3272        RSUSBSTOR - ok
18:55:59.0267 3272        RS_Service      (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
18:55:59.0267 3272        RS_Service - ok
18:55:59.0298 3272        RtsUIR - ok
18:55:59.0423 3272        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:55:59.0423 3272        SamSs - ok
18:55:59.0486 3272        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:55:59.0486 3272        sbp2port - ok
18:55:59.0532 3272        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:55:59.0548 3272        SCardSvr - ok
18:55:59.0595 3272        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:55:59.0595 3272        scfilter - ok
18:55:59.0766 3272        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:55:59.0798 3272        Schedule - ok
18:55:59.0844 3272        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:55:59.0844 3272        SCPolicySvc - ok
18:55:59.0891 3272        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:55:59.0907 3272        SDRSVC - ok
18:56:00.0000 3272        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:56:00.0016 3272        secdrv - ok
18:56:00.0078 3272        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:56:00.0078 3272        seclogon - ok
18:56:00.0141 3272        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:56:00.0141 3272        SENS - ok
18:56:00.0172 3272        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:56:00.0172 3272        SensrSvc - ok
18:56:00.0203 3272        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:56:00.0203 3272        Serenum - ok
18:56:00.0234 3272        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:56:00.0234 3272        Serial - ok
18:56:00.0281 3272        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:56:00.0281 3272        sermouse - ok
18:56:00.0344 3272        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:56:00.0359 3272        SessionEnv - ok
18:56:00.0406 3272        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:56:00.0406 3272        sffdisk - ok
18:56:00.0437 3272        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:00.0437 3272        sffp_mmc - ok
18:56:00.0453 3272        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:56:00.0453 3272        sffp_sd - ok
18:56:00.0484 3272        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:56:00.0484 3272        sfloppy - ok
18:56:00.0531 3272        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:56:00.0546 3272        SharedAccess - ok
18:56:00.0640 3272        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:56:00.0656 3272        ShellHWDetection - ok
18:56:00.0702 3272        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:56:00.0702 3272        SiSRaid2 - ok
18:56:00.0718 3272        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:56:00.0718 3272        SiSRaid4 - ok
18:56:00.0858 3272        SkypeUpdate    (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:56:00.0874 3272        SkypeUpdate - ok
18:56:00.0921 3272        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:56:00.0952 3272        Smb - ok
18:56:01.0014 3272        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:56:01.0014 3272        SNMPTRAP - ok
18:56:01.0030 3272        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:56:01.0030 3272        spldr - ok
18:56:01.0124 3272        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:56:01.0139 3272        Spooler - ok
18:56:01.0420 3272        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:56:01.0482 3272        sppsvc - ok
18:56:01.0592 3272        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:56:01.0592 3272        sppuinotify - ok
18:56:01.0716 3272        SQLWriter      (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:56:01.0716 3272        SQLWriter - ok
18:56:01.0810 3272        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:56:01.0841 3272        srv - ok
18:56:01.0888 3272        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:56:01.0904 3272        srv2 - ok
18:56:01.0966 3272        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:01.0982 3272        srvnet - ok
18:56:02.0044 3272        ssadbus        (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
18:56:02.0075 3272        ssadbus - ok
18:56:02.0122 3272        ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:56:02.0122 3272        ssadmdfl - ok
18:56:02.0153 3272        ssadmdm        (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
18:56:02.0169 3272        ssadmdm - ok
18:56:02.0200 3272        ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
18:56:02.0216 3272        ssadserd - ok
18:56:02.0278 3272        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:56:02.0278 3272        SSDPSRV - ok
18:56:02.0294 3272        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:56:02.0294 3272        SstpSvc - ok
18:56:02.0340 3272        ss_bbus        (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
18:56:02.0356 3272        ss_bbus - ok
18:56:02.0372 3272        ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:56:02.0387 3272        ss_bmdfl - ok
18:56:02.0403 3272        ss_bmdm        (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:56:02.0418 3272        ss_bmdm - ok
18:56:02.0465 3272        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:56:02.0465 3272        stexstor - ok
18:56:02.0543 3272        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:56:02.0559 3272        stisvc - ok
18:56:02.0606 3272        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:56:02.0606 3272        swenum - ok
18:56:02.0668 3272        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:56:02.0684 3272        swprv - ok
18:56:02.0746 3272        SynTP          (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
18:56:02.0746 3272        SynTP - ok
18:56:02.0902 3272        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:56:02.0933 3272        SysMain - ok
18:56:03.0105 3272        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:56:03.0105 3272        TabletInputService - ok
18:56:03.0183 3272        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:56:03.0214 3272        TapiSrv - ok
18:56:03.0276 3272        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:56:03.0276 3272        TBS - ok
18:56:03.0464 3272        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:56:03.0495 3272        Tcpip - ok
18:56:03.0713 3272        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:03.0729 3272        TCPIP6 - ok
18:56:03.0885 3272        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:56:03.0885 3272        tcpipreg - ok
18:56:03.0978 3272        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:56:03.0978 3272        TDPIPE - ok
18:56:04.0025 3272        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:56:04.0025 3272        TDTCP - ok
18:56:04.0103 3272        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:56:04.0103 3272        tdx - ok
18:56:04.0150 3272        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:56:04.0150 3272        TermDD - ok
18:56:04.0212 3272        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:56:04.0259 3272        TermService - ok
18:56:04.0306 3272        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:56:04.0306 3272        Themes - ok
18:56:04.0337 3272        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:56:04.0337 3272        THREADORDER - ok
18:56:04.0384 3272        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:56:04.0384 3272        TrkWks - ok
18:56:04.0462 3272        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:56:04.0462 3272        TrustedInstaller - ok
18:56:04.0509 3272        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:04.0509 3272        tssecsrv - ok
18:56:04.0587 3272        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:56:04.0602 3272        TsUsbFlt - ok
18:56:04.0821 3272        TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
18:56:04.0852 3272        TuneUp.UtilitiesSvc - ok
18:56:04.0961 3272        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
18:56:04.0977 3272        TuneUpUtilitiesDrv - ok
18:56:05.0148 3272        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:05.0148 3272        tunnel - ok
18:56:05.0180 3272        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:56:05.0180 3272        uagp35 - ok
18:56:05.0273 3272        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
18:56:05.0273 3272        UBHelper - ok
18:56:05.0336 3272        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:56:05.0367 3272        udfs - ok
18:56:05.0398 3272        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:56:05.0414 3272        UI0Detect - ok
18:56:05.0476 3272        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:56:05.0476 3272        uliagpkx - ok
18:56:05.0554 3272        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:56:05.0554 3272        umbus - ok
18:56:05.0585 3272        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:56:05.0585 3272        UmPass - ok
18:56:05.0710 3272        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:56:05.0710 3272        Updater Service - ok
18:56:05.0772 3272        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:56:05.0788 3272        upnphost - ok
18:56:05.0788 3272        upperdev - ok
18:56:05.0835 3272        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:56:05.0835 3272        usbaudio - ok
18:56:05.0866 3272        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:05.0866 3272        usbccgp - ok
18:56:05.0882 3272        USBCCID - ok
18:56:05.0991 3272        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:56:06.0006 3272        usbcir - ok
18:56:06.0022 3272        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:56:06.0022 3272        usbehci - ok
18:56:06.0084 3272        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:06.0084 3272        usbhub - ok
18:56:06.0116 3272        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:56:06.0116 3272        usbohci - ok
18:56:06.0147 3272        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:06.0147 3272        usbprint - ok
18:56:06.0209 3272        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:56:06.0209 3272        usbscan - ok
18:56:06.0240 3272        UsbserFilt - ok
18:56:06.0256 3272        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:06.0256 3272        USBSTOR - ok
18:56:06.0287 3272        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
18:56:06.0287 3272        usbuhci - ok
18:56:06.0350 3272        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:56:06.0350 3272        usbvideo - ok
18:56:06.0396 3272        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:56:06.0396 3272        UxSms - ok
18:56:06.0459 3272        UxTuneUp        (5bf180f7f7c2f68ed6d5777840270bce) C:\Windows\System32\uxtuneup.dll
18:56:06.0474 3272        UxTuneUp - ok
18:56:06.0521 3272        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:56:06.0521 3272        VaultSvc - ok
18:56:06.0568 3272        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:56:06.0568 3272        vdrvroot - ok
18:56:06.0646 3272        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:56:06.0662 3272        vds - ok
18:56:06.0693 3272        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:06.0693 3272        vga - ok
18:56:06.0724 3272        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:56:06.0724 3272        VgaSave - ok
18:56:06.0755 3272        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:56:06.0771 3272        vhdmp - ok
18:56:06.0802 3272        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:56:06.0802 3272        viaide - ok
18:56:06.0833 3272        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:56:06.0833 3272        volmgr - ok
18:56:06.0911 3272        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:56:06.0911 3272        volmgrx - ok
18:56:06.0989 3272        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:56:06.0989 3272        volsnap - ok
18:56:07.0036 3272        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:56:07.0052 3272        vsmraid - ok
18:56:07.0208 3272        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:56:07.0239 3272        VSS - ok
18:56:07.0379 3272        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:56:07.0379 3272        vwifibus - ok
18:56:07.0426 3272        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:56:07.0426 3272        vwififlt - ok
18:56:07.0488 3272        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:56:07.0488 3272        vwifimp - ok
18:56:07.0566 3272        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:56:07.0566 3272        W32Time - ok
18:56:07.0598 3272        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:56:07.0598 3272        WacomPen - ok
18:56:07.0676 3272        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:07.0676 3272        WANARP - ok
18:56:07.0707 3272        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:07.0707 3272        Wanarpv6 - ok
18:56:07.0847 3272        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:56:07.0878 3272        wbengine - ok
18:56:08.0050 3272        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:56:08.0066 3272        WbioSrvc - ok
18:56:08.0144 3272        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:56:08.0190 3272        wcncsvc - ok
18:56:08.0206 3272        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:56:08.0222 3272        WcsPlugInService - ok
18:56:08.0300 3272        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:56:08.0300 3272        Wd - ok
18:56:08.0378 3272        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:56:08.0393 3272        Wdf01000 - ok
18:56:08.0409 3272        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:56:08.0409 3272        WdiServiceHost - ok
18:56:08.0424 3272        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:56:08.0424 3272        WdiSystemHost - ok
18:56:08.0487 3272        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:56:08.0502 3272        WebClient - ok
18:56:08.0534 3272        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:56:08.0549 3272        Wecsvc - ok
18:56:08.0565 3272        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:56:08.0580 3272        wercplsupport - ok
18:56:08.0627 3272        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:56:08.0627 3272        WerSvc - ok
18:56:08.0690 3272        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:08.0690 3272        WfpLwf - ok
18:56:08.0721 3272        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:56:08.0721 3272        WIMMount - ok
18:56:08.0783 3272        WinDefend - ok
18:56:08.0799 3272        WinHttpAutoProxySvc - ok
18:56:08.0892 3272        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:56:08.0970 3272        Winmgmt - ok
18:56:09.0142 3272        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:56:09.0173 3272        WinRM - ok
18:56:09.0360 3272        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:56:09.0376 3272        Wlansvc - ok
18:56:09.0454 3272        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:56:09.0454 3272        WmiAcpi - ok
18:56:09.0532 3272        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:56:09.0548 3272        wmiApSrv - ok
18:56:09.0610 3272        WMPNetworkSvc - ok
18:56:09.0657 3272        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:56:09.0657 3272        WPCSvc - ok
18:56:09.0704 3272        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:56:09.0766 3272        WPDBusEnum - ok
18:56:09.0844 3272        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:09.0844 3272        ws2ifsl - ok
18:56:09.0860 3272        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:56:09.0860 3272        wscsvc - ok
18:56:09.0875 3272        WSearch - ok
18:56:10.0156 3272        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:56:10.0234 3272        wuauserv - ok
18:56:10.0406 3272        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:56:10.0406 3272        WudfPf - ok
18:56:10.0468 3272        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:10.0484 3272        WUDFRd - ok
18:56:10.0530 3272        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:56:10.0530 3272        wudfsvc - ok
18:56:10.0577 3272        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:56:10.0577 3272        WwanSvc - ok
18:56:10.0702 3272        X6va003 - ok
18:56:10.0749 3272        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:56:11.0030 3272        \Device\Harddisk0\DR0 - ok
18:56:11.0045 3272        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:56:11.0045 3272        \Device\Harddisk1\DR1 - ok
18:56:11.0061 3272        Boot (0x1200)  (857224011d3173959bd2608e972dc936) \Device\Harddisk0\DR0\Partition0
18:56:11.0061 3272        \Device\Harddisk0\DR0\Partition0 - ok
18:56:11.0076 3272        Boot (0x1200)  (b928abbf659f00ba2f7c73a5fb0bad0a) \Device\Harddisk0\DR0\Partition1
18:56:11.0092 3272        \Device\Harddisk0\DR0\Partition1 - ok
18:56:11.0092 3272        Boot (0x1200)  (da5e5f194b93252fbcbc625e40263488) \Device\Harddisk1\DR1\Partition0
18:56:11.0108 3272        \Device\Harddisk1\DR1\Partition0 - ok
18:56:11.0108 3272        ============================================================
18:56:11.0108 3272        Scan finished
18:56:11.0108 3272        ============================================================
18:56:11.0123 3368        Detected object count: 1
18:56:11.0123 3368        Actual detected object count: 1
18:58:03.0749 3368        Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:58:03.0749 3368        Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:58:46.0009 3824        ============================================================
18:58:46.0009 3824        Scan started
18:58:46.0009 3824        Mode: Manual; SigCheck; TDLFS;
18:58:46.0009 3824        ============================================================
18:58:46.0243 3824        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:58:47.0101 3824        1394ohci - ok
18:58:47.0179 3824        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:58:47.0195 3824        ACPI - ok
18:58:47.0257 3824        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:58:47.0523 3824        AcpiPmi - ok
18:58:47.0679 3824        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:58:47.0679 3824        AdobeARMservice - ok
18:58:47.0741 3824        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:58:47.0757 3824        adp94xx - ok
18:58:47.0803 3824        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:58:47.0835 3824        adpahci - ok
18:58:47.0866 3824        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:58:47.0913 3824        adpu320 - ok
18:58:47.0959 3824        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:58:48.0240 3824        AeLookupSvc - ok
18:58:48.0303 3824        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:58:48.0474 3824        AFD - ok
18:58:48.0521 3824        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:58:48.0552 3824        agp440 - ok
18:58:48.0942 3824        Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
18:58:48.0942 3824        Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
18:58:48.0958 3824        Akamai ( HiddenFile.Multi.Generic ) - warning
18:58:48.0958 3824        Akamai - detected HiddenFile.Multi.Generic (1)
18:58:49.0083 3824        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:58:49.0176 3824        ALG - ok
18:58:49.0254 3824        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:58:49.0270 3824        aliide - ok
18:58:49.0285 3824        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:58:49.0301 3824        amdide - ok
18:58:49.0332 3824        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:58:49.0457 3824        AmdK8 - ok
18:58:49.0504 3824        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:58:49.0613 3824        AmdPPM - ok
18:58:49.0644 3824        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:58:49.0660 3824        amdsata - ok
18:58:49.0707 3824        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:58:49.0753 3824        amdsbs - ok
18:58:49.0769 3824        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:58:49.0785 3824        amdxata - ok
18:58:49.0831 3824        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
18:58:50.0253 3824        androidusb - ok
18:58:50.0346 3824        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:58:50.0377 3824        AntiVirSchedulerService - ok
18:58:50.0409 3824        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:58:50.0424 3824        AntiVirService - ok
18:58:50.0471 3824        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:58:50.0752 3824        AppID - ok
18:58:50.0799 3824        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:58:50.0939 3824        AppIDSvc - ok
18:58:50.0970 3824        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:58:51.0079 3824        Appinfo - ok
18:58:51.0126 3824        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:58:51.0142 3824        arc - ok
18:58:51.0173 3824        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:58:51.0189 3824        arcsas - ok
18:58:51.0204 3824        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:58:51.0376 3824        AsyncMac - ok
18:58:51.0407 3824        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:58:51.0438 3824        atapi - ok
18:58:51.0563 3824        athr            (b2c3a8618867404475228f7dd260698b) C:\Windows\system32\DRIVERS\athrx.sys
18:58:51.0750 3824        athr - ok
18:58:51.0891 3824        atksgt          (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
18:58:52.0031 3824        atksgt ( UnsignedFile.Multi.Generic ) - warning
18:58:52.0031 3824        atksgt - detected UnsignedFile.Multi.Generic (1)
18:58:52.0109 3824        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:58:52.0343 3824        AudioEndpointBuilder - ok
18:58:52.0343 3824        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:58:52.0499 3824        AudioSrv - ok
18:58:53.0731 3824        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:58:53.0794 3824        avgntflt - ok
18:58:53.0841 3824        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:58:53.0856 3824        avipbb - ok
18:58:53.0903 3824        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:58:53.0934 3824        avkmgr - ok
18:58:53.0981 3824        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:58:54.0184 3824        AxInstSV - ok
18:58:54.0246 3824        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:58:54.0387 3824        b06bdrv - ok
18:58:54.0433 3824        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:58:54.0558 3824        b57nd60a - ok
18:58:54.0621 3824        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:58:54.0777 3824        BDESVC - ok
18:58:54.0792 3824        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:58:54.0964 3824        Beep - ok
18:58:55.0042 3824        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:58:55.0167 3824        BFE - ok
18:58:55.0260 3824        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:58:55.0401 3824        BITS - ok
18:58:55.0463 3824        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:58:55.0541 3824        blbdrive - ok
18:58:56.0586 3824        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:58:56.0711 3824        bowser - ok
18:58:57.0647 3824        BRA_Scheduler  (ad5d76b93b7a277cbdb964bf678f9633) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
18:58:57.0725 3824        BRA_Scheduler ( UnsignedFile.Multi.Generic ) - warning
18:58:57.0725 3824        BRA_Scheduler - detected UnsignedFile.Multi.Generic (1)
18:58:57.0756 3824        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:58:57.0928 3824        BrFiltLo - ok
18:58:57.0943 3824        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:58:57.0990 3824        BrFiltUp - ok
18:58:58.0053 3824        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:58:58.0162 3824        Browser - ok
18:58:58.0209 3824        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
18:58:58.0287 3824        Brserid - ok
18:58:58.0318 3824        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:58:58.0411 3824        BrSerWdm - ok
18:58:58.0443 3824        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:58:58.0567 3824        BrUsbMdm - ok
18:58:58.0599 3824        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
18:58:58.0677 3824        BrUsbSer - ok
18:58:58.0708 3824        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:58:58.0801 3824        BTHMODEM - ok
18:58:58.0848 3824        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:58:58.0942 3824        bthserv - ok
18:58:59.0956 3824        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:59:00.0065 3824        cdfs - ok
18:59:00.0143 3824        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:59:00.0221 3824        cdrom - ok
18:59:00.0268 3824        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:59:00.0361 3824        CertPropSvc - ok
18:59:00.0393 3824        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:59:00.0471 3824        circlass - ok
18:59:02.0608 3824        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:59:02.0623 3824        CLFS - ok
18:59:02.0701 3824        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:02.0717 3824        clr_optimization_v2.0.50727_32 - ok
18:59:02.0779 3824        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:59:02.0795 3824        clr_optimization_v2.0.50727_64 - ok
18:59:02.0904 3824        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:02.0920 3824        clr_optimization_v4.0.30319_32 - ok
18:59:02.0967 3824        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:59:02.0982 3824        clr_optimization_v4.0.30319_64 - ok
18:59:03.0013 3824        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:03.0107 3824        CmBatt - ok
18:59:03.0138 3824        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:59:03.0154 3824        cmdide - ok
18:59:03.0216 3824        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:59:03.0310 3824        CNG - ok
18:59:03.0388 3824        CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
18:59:03.0559 3824        CnxtHdAudService - ok
18:59:03.0591 3824        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:59:03.0591 3824        Compbatt - ok
18:59:03.0653 3824        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:59:03.0731 3824        CompositeBus - ok
18:59:03.0747 3824        COMSysApp - ok
18:59:03.0778 3824        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:59:03.0825 3824        crcdisk - ok
18:59:03.0887 3824        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:59:04.0012 3824        CryptSvc - ok
18:59:04.0121 3824        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:59:04.0230 3824        DcomLaunch - ok
18:59:04.0277 3824        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:59:04.0417 3824        defragsvc - ok
18:59:04.0464 3824        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:59:04.0573 3824        DfsC - ok
18:59:04.0636 3824        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:59:04.0776 3824        Dhcp - ok
18:59:04.0807 3824        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:59:04.0917 3824        discache - ok
18:59:04.0932 3824        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:59:04.0948 3824        Disk - ok
18:59:05.0041 3824        DKbFltr        (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
18:59:05.0088 3824        DKbFltr - ok
18:59:05.0151 3824        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:59:05.0307 3824        Dnscache - ok
18:59:05.0369 3824        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:59:05.0478 3824        dot3svc - ok
18:59:05.0509 3824        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:59:05.0619 3824        DPS - ok
18:59:05.0650 3824        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:59:05.0775 3824        drmkaud - ok
18:59:05.0806 3824        dump_wmimmc - ok
18:59:05.0931 3824        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:59:05.0962 3824        DXGKrnl - ok
18:59:06.0009 3824        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:59:06.0102 3824        EapHost - ok
18:59:06.0336 3824        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:59:06.0492 3824        ebdrv - ok
18:59:06.0617 3824        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:59:06.0820 3824        EFS - ok
18:59:06.0929 3824        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:59:07.0101 3824        ehRecvr - ok
18:59:07.0132 3824        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:59:07.0257 3824        ehSched - ok
18:59:07.0366 3824        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:59:07.0413 3824        elxstor - ok
18:59:07.0553 3824        ePowerSvc      (7c35c6865957289d9efe6cc73f4ab2e1) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:59:07.0600 3824        ePowerSvc - ok
18:59:07.0771 3824        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:59:07.0834 3824        ErrDev - ok
18:59:07.0896 3824        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:59:07.0990 3824        EventSystem - ok
18:59:08.0037 3824        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:59:08.0130 3824        exfat - ok
18:59:08.0161 3824        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:59:08.0271 3824        fastfat - ok
18:59:08.0349 3824        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:59:08.0473 3824        Fax - ok
18:59:08.0505 3824        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:59:08.0629 3824        fdc - ok
18:59:08.0661 3824        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:59:08.0801 3824        fdPHost - ok
18:59:08.0832 3824        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:59:08.0973 3824        FDResPub - ok
18:59:09.0035 3824        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:59:09.0051 3824        FileInfo - ok
18:59:09.0066 3824        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:59:09.0191 3824        Filetrace - ok
18:59:09.0222 3824        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:09.0300 3824        flpydisk - ok
18:59:09.0347 3824        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:59:09.0363 3824        FltMgr - ok
18:59:09.0487 3824        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:59:09.0550 3824        FontCache - ok
18:59:09.0643 3824        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:09.0659 3824        FontCache3.0.0.0 - ok
18:59:09.0721 3824        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:59:09.0737 3824        FsDepends - ok
18:59:09.0768 3824        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:59:09.0831 3824        Fs_Rec - ok
18:59:09.0877 3824        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:59:09.0909 3824        fvevol - ok
18:59:09.0955 3824        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:59:09.0971 3824        gagp30kx - ok
18:59:10.0065 3824        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:59:10.0236 3824        gpsvc - ok
18:59:10.0392 3824        Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
18:59:10.0470 3824        Greg_Service - ok
18:59:10.0564 3824        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:10.0564 3824        gupdate - ok
18:59:10.0579 3824        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:10.0595 3824        gupdatem - ok
18:59:10.0673 3824        gusvc          (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:10.0689 3824        gusvc - ok
18:59:10.0845 3824        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:59:10.0985 3824        hcw85cir - ok
18:59:11.0047 3824        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:59:11.0172 3824        HdAudAddService - ok
18:59:11.0203 3824        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:59:11.0297 3824        HDAudBus - ok
18:59:11.0328 3824        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:59:11.0422 3824        HidBatt - ok
18:59:11.0453 3824        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:59:11.0578 3824        HidBth - ok
18:59:11.0609 3824        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:59:11.0687 3824        HidIr - ok
18:59:11.0734 3824        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:59:11.0827 3824        hidserv - ok
18:59:11.0874 3824        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:59:11.0890 3824        HidUsb - ok
18:59:11.0937 3824        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:59:12.0077 3824        hkmsvc - ok
18:59:12.0139 3824        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:59:12.0217 3824        HomeGroupListener - ok
18:59:12.0264 3824        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:59:12.0358 3824        HomeGroupProvider - ok
18:59:12.0389 3824        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:59:12.0389 3824        HpSAMD - ok
18:59:12.0498 3824        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:59:12.0592 3824        HTTP - ok
18:59:12.0623 3824        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:59:12.0639 3824        hwpolicy - ok
18:59:12.0670 3824        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:59:12.0685 3824        i8042prt - ok
18:59:12.0795 3824        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:59:12.0841 3824        IAANTMON - ok
18:59:12.0904 3824        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
18:59:12.0982 3824        iaStor - ok
18:59:13.0029 3824        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:59:13.0060 3824        iaStorV - ok
18:59:13.0200 3824        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:13.0231 3824        idsvc - ok
18:59:13.0746 3824        igfx            (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:59:14.0011 3824        igfx - ok
18:59:14.0199 3824        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:59:14.0199 3824        iirsp - ok
18:59:14.0308 3824        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:59:14.0433 3824        IKEEXT - ok
18:59:14.0495 3824        int15.sys      (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
18:59:14.0542 3824        int15.sys - ok
18:59:14.0589 3824        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:59:14.0604 3824        intelide - ok
18:59:14.0635 3824        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:59:14.0729 3824        intelppm - ok
18:59:14.0776 3824        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:59:14.0869 3824        IPBusEnum - ok
18:59:14.0932 3824        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:15.0119 3824        IpFilterDriver - ok
18:59:15.0166 3824        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:59:15.0275 3824        iphlpsvc - ok
18:59:15.0540 3824        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:59:15.0634 3824        IPMIDRV - ok
18:59:15.0696 3824        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:59:15.0821 3824        IPNAT - ok
18:59:15.0837 3824        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:59:15.0993 3824        IRENUM - ok
18:59:16.0039 3824        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:59:16.0055 3824        isapnp - ok
18:59:16.0117 3824        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:59:16.0133 3824        iScsiPrt - ok
18:59:16.0211 3824        IviRegMgr      (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:59:16.0227 3824        IviRegMgr - ok
18:59:16.0258 3824        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:59:16.0273 3824        kbdclass - ok
18:59:16.0320 3824        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:59:16.0336 3824        kbdhid - ok
18:59:16.0383 3824        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:16.0429 3824        KeyIso - ok
18:59:16.0461 3824        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:59:16.0476 3824        KSecDD - ok
18:59:16.0523 3824        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:59:16.0539 3824        KSecPkg - ok
18:59:16.0570 3824        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:59:16.0757 3824        ksthunk - ok
18:59:16.0819 3824        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:59:16.0960 3824        KtmRm - ok
18:59:16.0991 3824        L1C            (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:59:17.0085 3824        L1C - ok
18:59:17.0178 3824        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:59:17.0272 3824        LanmanServer - ok
18:59:17.0334 3824        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:59:17.0459 3824        LanmanWorkstation - ok
18:59:17.0506 3824        Lbd            (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
18:59:17.0521 3824        Lbd - ok
18:59:17.0568 3824        lirsgt          (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
18:59:17.0693 3824        lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:59:17.0693 3824        lirsgt - detected UnsignedFile.Multi.Generic (1)
18:59:17.0724 3824        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:59:17.0833 3824        lltdio - ok
18:59:17.0896 3824        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:59:18.0036 3824        lltdsvc - ok
18:59:18.0052 3824        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:59:18.0177 3824        lmhosts - ok
18:59:18.0208 3824        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:18.0223 3824        LSI_FC - ok
18:59:18.0270 3824        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:18.0286 3824        LSI_SAS - ok
18:59:18.0317 3824        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:18.0333 3824        LSI_SAS2 - ok
18:59:18.0348 3824        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:18.0364 3824        LSI_SCSI - ok
18:59:18.0395 3824        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:59:18.0567 3824        luafv - ok
18:59:18.0598 3824        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
18:59:18.0629 3824        MBAMProtector - ok
18:59:18.0769 3824        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:59:18.0785 3824        MBAMService - ok
18:59:18.0832 3824        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:59:19.0003 3824        Mcx2Svc - ok
18:59:19.0035 3824        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:59:19.0050 3824        megasas - ok
18:59:19.0081 3824        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:19.0097 3824        MegaSR - ok
18:59:19.0159 3824        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:59:19.0284 3824        MMCSS - ok
18:59:19.0315 3824        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:59:19.0425 3824        Modem - ok
18:59:19.0440 3824        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:59:19.0550 3824        monitor - ok
18:59:19.0581 3824        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:59:19.0596 3824        mouclass - ok
18:59:19.0628 3824        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:59:19.0737 3824        mouhid - ok
18:59:19.0784 3824        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:59:19.0799 3824        mountmgr - ok
18:59:19.0862 3824        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:59:19.0877 3824        MozillaMaintenance - ok
18:59:19.0940 3824        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:59:19.0955 3824        mpio - ok
18:59:19.0971 3824        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:59:20.0064 3824        mpsdrv - ok
18:59:20.0174 3824        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:59:20.0283 3824        MpsSvc - ok
18:59:20.0314 3824        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:59:20.0423 3824        MRxDAV - ok
18:59:20.0454 3824        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:20.0564 3824        mrxsmb - ok
18:59:20.0610 3824        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:20.0720 3824        mrxsmb10 - ok
18:59:20.0751 3824        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:20.0844 3824        mrxsmb20 - ok
18:59:20.0891 3824        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:59:20.0907 3824        msahci - ok
18:59:20.0969 3824        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:59:20.0985 3824        msdsm - ok
18:59:21.0016 3824        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:59:21.0141 3824        MSDTC - ok
18:59:21.0188 3824        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:59:21.0297 3824        Msfs - ok
18:59:21.0312 3824        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:59:21.0437 3824        mshidkmdf - ok
18:59:21.0468 3824        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:59:21.0484 3824        msisadrv - ok
18:59:21.0531 3824        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:59:21.0734 3824        MSiSCSI - ok
18:59:21.0734 3824        msiserver - ok
18:59:21.0765 3824        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:59:21.0890 3824        MSKSSRV - ok
18:59:21.0936 3824        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:22.0061 3824        MSPCLOCK - ok
18:59:22.0092 3824        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:59:22.0202 3824        MSPQM - ok
18:59:22.0264 3824        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:59:22.0280 3824        MsRPC - ok
18:59:22.0342 3824        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:59:22.0358 3824        mssmbios - ok
18:59:22.0373 3824        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:59:22.0529 3824        MSTEE - ok
18:59:22.0560 3824        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:22.0638 3824        MTConfig - ok
18:59:22.0685 3824        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:59:22.0701 3824        Mup - ok
18:59:22.0779 3824        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:59:22.0888 3824        napagent - ok
18:59:22.0935 3824        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:59:23.0044 3824        NativeWifiP - ok
18:59:23.0138 3824        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:59:23.0169 3824        NDIS - ok
18:59:23.0184 3824        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:23.0387 3824        NdisCap - ok
18:59:23.0403 3824        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:23.0543 3824        NdisTapi - ok
18:59:23.0590 3824        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:23.0699 3824        Ndisuio - ok
18:59:23.0762 3824        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:23.0933 3824        NdisWan - ok
18:59:24.0011 3824        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:59:24.0167 3824        NDProxy - ok
18:59:24.0198 3824        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:59:24.0323 3824        NetBIOS - ok
18:59:24.0370 3824        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:59:24.0479 3824        NetBT - ok
18:59:24.0526 3824        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:24.0588 3824        Netlogon - ok
18:59:24.0635 3824        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:59:24.0760 3824        Netman - ok
18:59:24.0822 3824        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:59:24.0963 3824        netprofm - ok
18:59:25.0041 3824        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:59:25.0056 3824        NetTcpPortSharing - ok
18:59:25.0509 3824        netw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
18:59:25.0758 3824        netw5v64 - ok
18:59:25.0914 3824        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:25.0946 3824        nfrd960 - ok
18:59:25.0992 3824        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:59:26.0226 3824        NlaSvc - ok
18:59:26.0242 3824        nmwcdcx64 - ok
18:59:26.0242 3824        nmwcdx64 - ok
18:59:26.0273 3824        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:59:26.0460 3824        Npfs - ok
18:59:26.0476 3824        npggsvc - ok
18:59:26.0492 3824        NPPTNT2 - ok
18:59:26.0538 3824        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:59:26.0741 3824        nsi - ok
18:59:26.0772 3824        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:59:27.0084 3824        nsiproxy - ok
18:59:27.0272 3824        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:59:27.0318 3824        Ntfs - ok
18:59:27.0396 3824        NTIBackupSvc    (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
18:59:27.0412 3824        NTIBackupSvc - ok
18:59:27.0521 3824        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
18:59:27.0568 3824        NTIDrvr - ok
18:59:27.0599 3824        NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
18:59:27.0615 3824        NTISchedulerSvc - ok
18:59:27.0677 3824        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:59:27.0989 3824        Null - ok
18:59:28.0098 3824        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:59:28.0114 3824        nvraid - ok
18:59:28.0192 3824        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:59:28.0426 3824        nvstor - ok
18:59:28.0816 3824        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:59:28.0910 3824        nv_agp - ok
18:59:29.0409 3824        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:59:29.0487 3824        ohci1394 - ok
18:59:29.0565 3824        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:59:29.0627 3824        p2pimsvc - ok
18:59:29.0736 3824        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:59:29.0830 3824        p2psvc - ok
18:59:29.0955 3824        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:59:30.0064 3824        Parport - ok
18:59:30.0111 3824        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:59:30.0189 3824        partmgr - ok
18:59:30.0329 3824        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:59:30.0423 3824        PcaSvc - ok
18:59:30.0438 3824        pccsmcfd - ok
18:59:30.0501 3824        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:59:30.0516 3824        pci - ok
18:59:30.0563 3824        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:59:30.0579 3824        pciide - ok
18:59:30.0735 3824        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:59:30.0766 3824        pcmcia - ok
18:59:30.0797 3824        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:59:30.0813 3824        pcw - ok
18:59:30.0875 3824        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:59:30.0922 3824        PEAUTH - ok
18:59:31.0031 3824        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:59:31.0078 3824        PerfHost - ok
18:59:31.0218 3824        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:59:31.0374 3824        pla - ok
18:59:31.0546 3824        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:59:31.0671 3824        PlugPlay - ok
18:59:31.0811 3824        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:59:31.0874 3824        PNRPAutoReg - ok
18:59:31.0952 3824        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:59:31.0983 3824        PNRPsvc - ok
18:59:32.0045 3824        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:59:32.0123 3824        PolicyAgent - ok
18:59:32.0186 3824        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:59:32.0248 3824        Power - ok
18:59:32.0326 3824        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:59:32.0404 3824        PptpMiniport - ok
18:59:32.0451 3824        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:59:32.0482 3824        Processor - ok
18:59:32.0529 3824        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:59:32.0607 3824        ProfSvc - ok
18:59:32.0669 3824        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:32.0669 3824        ProtectedStorage - ok
18:59:32.0747 3824        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:59:32.0810 3824        Psched - ok
18:59:33.0012 3824        PSI_SVC_2      (e7483be1e7a6fb16fc9ad6b54f99dee4) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:59:33.0012 3824        PSI_SVC_2 - ok
18:59:33.0184 3824        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:59:33.0231 3824        ql2300 - ok
18:59:33.0480 3824        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:59:33.0496 3824        ql40xx - ok
18:59:33.0590 3824        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:59:33.0605 3824        QWAVE - ok
18:59:33.0699 3824        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:59:33.0714 3824        QWAVEdrv - ok
18:59:33.0746 3824        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:59:33.0792 3824        RasAcd - ok
18:59:33.0870 3824        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:33.0917 3824        RasAgileVpn - ok
18:59:33.0980 3824        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:59:34.0026 3824        RasAuto - ok
18:59:34.0167 3824        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:34.0292 3824        Rasl2tp - ok
18:59:34.0354 3824        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:59:34.0416 3824        RasMan - ok
18:59:34.0448 3824        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:34.0526 3824        RasPppoe - ok
18:59:34.0541 3824        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:59:34.0588 3824        RasSstp - ok
18:59:34.0666 3824        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:59:34.0744 3824        rdbss - ok
18:59:34.0791 3824        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:59:34.0822 3824        rdpbus - ok
18:59:34.0853 3824        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:34.0916 3824        RDPCDD - ok
18:59:34.0978 3824        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:59:35.0040 3824        RDPENCDD - ok
18:59:35.0072 3824        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:59:35.0118 3824        RDPREFMP - ok
18:59:35.0165 3824        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:59:35.0243 3824        RDPWD - ok
18:59:35.0306 3824        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:59:35.0321 3824        rdyboost - ok
18:59:35.0368 3824        regi - ok
18:59:35.0399 3824        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:59:35.0477 3824        RemoteAccess - ok
18:59:35.0508 3824        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:59:35.0571 3824        RemoteRegistry - ok
18:59:35.0602 3824        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:59:35.0649 3824        RpcEptMapper - ok
18:59:35.0696 3824        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:59:35.0727 3824        RpcLocator - ok
18:59:35.0805 3824        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:59:35.0852 3824        RpcSs - ok
18:59:35.0898 3824        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:59:35.0961 3824        rspndr - ok
18:59:36.0023 3824        RSUSBSTOR      (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
18:59:36.0054 3824        RSUSBSTOR - ok
18:59:36.0164 3824        RS_Service      (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
18:59:36.0195 3824        RS_Service ( UnsignedFile.Multi.Generic ) - warning
18:59:36.0195 3824        RS_Service - detected UnsignedFile.Multi.Generic (1)
18:59:36.0195 3824        RtsUIR - ok
18:59:36.0242 3824        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:36.0257 3824        SamSs - ok
18:59:36.0304 3824        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:59:36.0320 3824        sbp2port - ok
18:59:36.0366 3824        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:59:36.0429 3824        SCardSvr - ok
18:59:36.0476 3824        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:59:36.0538 3824        scfilter - ok
18:59:36.0663 3824        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:59:36.0725 3824        Schedule - ok
18:59:36.0772 3824        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:59:36.0819 3824        SCPolicySvc - ok
18:59:36.0850 3824        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:59:36.0928 3824        SDRSVC - ok
18:59:37.0022 3824        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:59:37.0068 3824        secdrv - ok
18:59:37.0115 3824        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:59:37.0162 3824        seclogon - ok
18:59:37.0209 3824        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:59:37.0256 3824        SENS - ok
18:59:37.0287 3824        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:59:37.0334 3824        SensrSvc - ok
18:59:37.0349 3824        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:59:37.0380 3824        Serenum - ok
18:59:37.0396 3824        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:59:37.0427 3824        Serial - ok
18:59:37.0474 3824        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:59:37.0505 3824        sermouse - ok
18:59:37.0568 3824        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:59:37.0646 3824        SessionEnv - ok
18:59:37.0677 3824        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:59:37.0724 3824        sffdisk - ok
18:59:37.0739 3824        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:59:37.0786 3824        sffp_mmc - ok
18:59:37.0802 3824        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:59:37.0848 3824        sffp_sd - ok
18:59:37.0895 3824        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:37.0942 3824        sfloppy - ok
18:59:38.0004 3824        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:59:38.0082 3824        SharedAccess - ok
18:59:38.0145 3824        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:59:38.0207 3824        ShellHWDetection - ok
18:59:38.0238 3824        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:59:38.0254 3824        SiSRaid2 - ok
18:59:38.0270 3824        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:59:38.0285 3824        SiSRaid4 - ok
18:59:38.0379 3824        SkypeUpdate    (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:59:38.0394 3824        SkypeUpdate - ok
18:59:38.0426 3824        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:59:38.0504 3824        Smb - ok
18:59:38.0550 3824        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:59:38.0582 3824        SNMPTRAP - ok
18:59:38.0628 3824        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:59:38.0644 3824        spldr - ok
18:59:38.0738 3824        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:59:38.0784 3824        Spooler - ok
18:59:39.0096 3824        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:59:39.0190 3824        sppsvc - ok
18:59:39.0393 3824        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:59:39.0471 3824        sppuinotify - ok
18:59:39.0549 3824        SQLWriter      (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:59:39.0564 3824        SQLWriter - ok
18:59:39.0689 3824        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:59:39.0767 3824        srv - ok
18:59:39.0861 3824        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:59:39.0908 3824        srv2 - ok
18:59:39.0986 3824        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:59:40.0110 3824        srvnet - ok
18:59:40.0204 3824        ssadbus        (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
18:59:40.0266 3824        ssadbus - ok
18:59:40.0313 3824        ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:59:40.0344 3824        ssadmdfl - ok
18:59:40.0422 3824        ssadmdm        (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
18:59:40.0454 3824        ssadmdm - ok
18:59:40.0500 3824        ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
18:59:40.0532 3824        ssadserd - ok
18:59:40.0594 3824        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:59:40.0656 3824        SSDPSRV - ok
18:59:40.0672 3824        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:59:40.0734 3824        SstpSvc - ok
18:59:40.0766 3824        ss_bbus        (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
18:59:40.0781 3824        ss_bbus - ok
18:59:40.0797 3824        ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:59:40.0812 3824        ss_bmdfl - ok
18:59:40.0844 3824        ss_bmdm        (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:59:40.0859 3824        ss_bmdm - ok
18:59:40.0875 3824        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:59:40.0890 3824        stexstor - ok
18:59:41.0046 3824        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:59:41.0171 3824        stisvc - ok
18:59:41.0249 3824        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:59:41.0280 3824        swenum - ok
18:59:41.0436 3824        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:59:41.0546 3824        swprv - ok
18:59:41.0624 3824        SynTP          (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
18:59:41.0670 3824        SynTP - ok
18:59:42.0014 3824        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:59:42.0170 3824        SysMain - ok
18:59:42.0388 3824        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:59:42.0513 3824        TabletInputService - ok
18:59:42.0575 3824        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:59:42.0653 3824        TapiSrv - ok
18:59:42.0716 3824        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:59:42.0778 3824        TBS - ok
18:59:43.0152 3824        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:59:43.0324 3824        Tcpip - ok
18:59:43.0854 3824        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:59:44.0026 3824        TCPIP6 - ok
18:59:44.0276 3824        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:59:44.0385 3824        tcpipreg - ok
18:59:44.0463 3824        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:59:44.0510 3824        TDPIPE - ok
18:59:44.0603 3824        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:59:44.0634 3824        TDTCP - ok
18:59:44.0666 3824        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:59:44.0712 3824        tdx - ok
18:59:44.0775 3824        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:59:44.0790 3824        TermDD - ok
18:59:44.0868 3824        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:59:44.0931 3824        TermService - ok
18:59:44.0978 3824        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:59:45.0024 3824        Themes - ok
18:59:45.0071 3824        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:59:45.0118 3824        THREADORDER - ok
18:59:45.0149 3824        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:59:45.0212 3824        TrkWks - ok
18:59:45.0305 3824        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:59:45.0368 3824        TrustedInstaller - ok
18:59:45.0430 3824        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:45.0492 3824        tssecsrv - ok
18:59:45.0539 3824        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:59:45.0586 3824        TsUsbFlt - ok
18:59:45.0804 3824        TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
18:59:45.0851 3824        TuneUp.UtilitiesSvc - ok
18:59:45.0914 3824        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
18:59:45.0929 3824        TuneUpUtilitiesDrv - ok
18:59:46.0070 3824        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:59:46.0132 3824        tunnel - ok
18:59:46.0179 3824        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:59:46.0194 3824        uagp35 - ok
18:59:46.0226 3824        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
18:59:46.0241 3824        UBHelper - ok
18:59:46.0304 3824        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:59:46.0350 3824        udfs - ok
18:59:46.0413 3824        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:59:46.0428 3824        UI0Detect - ok
18:59:46.0491 3824        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:59:46.0506 3824        uliagpkx - ok
18:59:46.0553 3824        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:59:46.0616 3824        umbus - ok
18:59:46.0647 3824        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:59:46.0772 3824        UmPass - ok
18:59:46.0896 3824        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:59:46.0912 3824        Updater Service - ok
18:59:46.0959 3824        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:59:47.0037 3824        upnphost - ok
18:59:47.0037 3824        upperdev - ok
18:59:47.0084 3824        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:59:47.0099 3824        usbaudio - ok
18:59:47.0130 3824        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:47.0177 3824        usbccgp - ok
18:59:47.0193 3824        USBCCID - ok
18:59:47.0255 3824        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:59:47.0302 3824        usbcir - ok
18:59:47.0349 3824        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:59:47.0380 3824        usbehci - ok
18:59:47.0458 3824        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:59:47.0567 3824        usbhub - ok
18:59:47.0598 3824        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:59:47.0630 3824        usbohci - ok
18:59:47.0676 3824        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:59:47.0708 3824        usbprint - ok
18:59:47.0739 3824        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:59:47.0817 3824        usbscan - ok
18:59:47.0832 3824        UsbserFilt - ok
18:59:47.0910 3824        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:48.0113 3824        USBSTOR - ok
18:59:48.0144 3824        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
18:59:48.0176 3824        usbuhci - ok
18:59:48.0222 3824        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:59:48.0238 3824        usbvideo - ok
18:59:48.0285 3824        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:59:48.0347 3824        UxSms - ok
18:59:48.0394 3824        UxTuneUp        (5bf180f7f7c2f68ed6d5777840270bce) C:\Windows\System32\uxtuneup.dll
18:59:48.0394 3824        UxTuneUp - ok
18:59:48.0456 3824        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:59:48.0472 3824        VaultSvc - ok
18:59:48.0488 3824        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:59:48.0503 3824        vdrvroot - ok
18:59:48.0581 3824        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:59:48.0644 3824        vds - ok
18:59:48.0690 3824        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:48.0722 3824        vga - ok
18:59:48.0737 3824        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:59:48.0893 3824        VgaSave - ok
18:59:49.0065 3824        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:59:49.0080 3824        vhdmp - ok
18:59:49.0096 3824        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:59:49.0127 3824        viaide - ok
18:59:49.0143 3824        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:59:49.0158 3824        volmgr - ok
18:59:49.0221 3824        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:59:49.0236 3824        volmgrx - ok
18:59:49.0330 3824        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:59:49.0439 3824        volsnap - ok
18:59:49.0502 3824        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:59:49.0564 3824        vsmraid - ok
18:59:49.0704 3824        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:59:49.0782 3824        VSS - ok
18:59:49.0923 3824        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:59:49.0985 3824        vwifibus - ok
18:59:50.0032 3824        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:59:50.0157 3824        vwififlt - ok
18:59:50.0235 3824        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:59:50.0282 3824        vwifimp - ok
18:59:50.0360 3824        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:59:50.0406 3824        W32Time - ok
18:59:50.0422 3824        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:59:50.0453 3824        WacomPen - ok
18:59:50.0500 3824        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:59:50.0547 3824        WANARP - ok
18:59:50.0562 3824        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:59:50.0594 3824        Wanarpv6 - ok
18:59:50.0734 3824        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:59:50.0781 3824        wbengine - ok
18:59:50.0937 3824        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:59:50.0952 3824        WbioSrvc - ok
18:59:51.0030 3824        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:59:51.0077 3824        wcncsvc - ok
18:59:51.0108 3824        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:59:51.0155 3824        WcsPlugInService - ok
18:59:51.0218 3824        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:59:51.0233 3824        Wd - ok
18:59:51.0296 3824        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:59:51.0311 3824        Wdf01000 - ok
18:59:51.0342 3824        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:59:51.0452 3824        WdiServiceHost - ok
18:59:51.0452 3824        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:59:51.0483 3824        WdiSystemHost - ok
18:59:51.0545 3824        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:59:51.0576 3824        WebClient - ok
18:59:51.0623 3824        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:59:51.0686 3824        Wecsvc - ok
18:59:51.0717 3824        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:59:51.0779 3824        wercplsupport - ok
18:59:51.0810 3824        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:59:51.0873 3824        WerSvc - ok
18:59:51.0935 3824        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:51.0966 3824        WfpLwf - ok
18:59:51.0998 3824        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:59:52.0013 3824        WIMMount - ok
18:59:52.0060 3824        WinDefend - ok
18:59:52.0076 3824        WinHttpAutoProxySvc - ok
18:59:52.0169 3824        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:59:52.0232 3824        Winmgmt - ok
18:59:52.0388 3824        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:59:52.0466 3824        WinRM - ok
18:59:52.0637 3824        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:59:52.0684 3824        Wlansvc - ok
18:59:52.0762 3824        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:59:52.0793 3824        WmiAcpi - ok
18:59:52.0887 3824        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:59:52.0918 3824        wmiApSrv - ok
18:59:52.0980 3824        WMPNetworkSvc - ok
18:59:53.0012 3824        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:59:53.0043 3824        WPCSvc - ok
18:59:53.0136 3824        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:59:53.0152 3824        WPDBusEnum - ok
18:59:53.0214 3824        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:59:53.0277 3824        ws2ifsl - ok
18:59:53.0324 3824        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:59:53.0370 3824        wscsvc - ok
18:59:53.0386 3824        WSearch - ok
18:59:53.0589 3824        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:59:53.0651 3824        wuauserv - ok
18:59:53.0823 3824        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:59:53.0870 3824        WudfPf - ok
18:59:53.0916 3824        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:53.0979 3824        WUDFRd - ok
18:59:54.0010 3824        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:59:54.0072 3824        wudfsvc - ok
18:59:54.0104 3824        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:59:54.0150 3824        WwanSvc - ok
18:59:54.0228 3824        X6va003 - ok
18:59:54.0275 3824        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:59:54.0650 3824        \Device\Harddisk0\DR0 - ok
18:59:54.0665 3824        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:59:54.0821 3824        \Device\Harddisk1\DR1 - ok
18:59:54.0821 3824        Boot (0x1200)  (857224011d3173959bd2608e972dc936) \Device\Harddisk0\DR0\Partition0
18:59:54.0821 3824        \Device\Harddisk0\DR0\Partition0 - ok
18:59:54.0868 3824        Boot (0x1200)  (b928abbf659f00ba2f7c73a5fb0bad0a) \Device\Harddisk0\DR0\Partition1
18:59:54.0868 3824        \Device\Harddisk0\DR0\Partition1 - ok
18:59:54.0868 3824        Boot (0x1200)  (da5e5f194b93252fbcbc625e40263488) \Device\Harddisk1\DR1\Partition0
18:59:54.0884 3824        \Device\Harddisk1\DR1\Partition0 - ok
18:59:54.0884 3824        ============================================================
18:59:54.0884 3824        Scan finished
18:59:54.0884 3824        ============================================================
18:59:54.0899 1328        Detected object count: 5
18:59:54.0899 1328        Actual detected object count: 5
19:00:10.0312 1328        Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:00:10.0312 1328        Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:00:10.0328 1328        atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:10.0328 1328        atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:10.0328 1328        BRA_Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:10.0328 1328        BRA_Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:10.0328 1328        lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:10.0328 1328        lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:10.0328 1328        RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:10.0328 1328        RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 29.07.2012 19:53
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

DavideEngel 29.07.2012 20:34
Combofix Logfile:
Code:
ComboFix 12-07-29.02 - Ralf 29.07.2012  21:07:57.1.1 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1977.1036 [GMT 2:00]
ausgeführt von:: c:\users\Ralf\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\SysWow64\ui
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-28 bis 2012-07-29  ))))))))))))))))))))))))))))))
.
.
2012-07-29 19:15 . 2012-07-29 19:15        --------        d-----w-        c:\users\Samuel\AppData\Local\temp
2012-07-29 19:15 . 2012-07-29 19:15        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-07-29 19:15 . 2012-07-29 19:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-28 05:16 . 2012-06-29 10:04        9133488        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAB50774-CE48-4916-B8D1-65B3F796433E}\mpengine.dll
2012-07-24 15:53 . 2012-07-24 15:53        --------        d-----w-        C:\_OTL
2012-07-19 20:21 . 2012-07-19 20:21        --------        d-----w-        c:\program files (x86)\ESET
2012-07-19 18:33 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-17 05:04 . 2012-07-12 15:13        405144        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-15 15:03 . 2012-07-15 15:03        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-15 15:03 . 2012-07-15 15:03        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-14 19:48 . 2012-07-14 19:48        --------        d-----w-        c:\users\Gast\AppData\Roaming\TuneUp Software
2012-07-14 16:29 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-14 16:05 . 2012-05-29 11:09        29024        ----a-w-        c:\windows\SysWow64\uxtuneup.dll
2012-07-14 16:05 . 2012-05-29 11:09        35680        ----a-w-        c:\windows\system32\uxtuneup.dll
2012-07-14 15:27 . 2012-05-29 11:09        34656        ----a-w-        c:\windows\system32\TURegOpt.exe
2012-07-14 15:27 . 2012-05-29 11:09        25952        ----a-w-        c:\windows\system32\authuitu.dll
2012-07-14 15:27 . 2012-05-29 11:09        21344        ----a-w-        c:\windows\SysWow64\authuitu.dll
2012-07-14 15:24 . 2012-07-14 15:24        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-14 12:24 . 2012-07-14 13:33        --------        d-----w-        c:\users\Ralf\AppData\Roaming\TuneUp Software
2012-07-14 12:24 . 2012-07-14 15:27        --------        d-----w-        c:\program files (x86)\TuneUp Utilities 2012
2012-07-14 12:23 . 2012-07-14 12:25        --------        d-----w-        c:\programdata\TuneUp Software
2012-07-14 12:23 . 2012-07-14 12:23        --------        d--h--w-        c:\programdata\Common Files
2012-07-14 12:21 . 2012-07-14 14:14        --------        d-----w-        c:\program files (x86)\Trojan Remover
2012-07-14 12:21 . 2012-07-14 12:21        --------        d-----w-        c:\users\Ralf\AppData\Roaming\Simply Super Software
2012-07-14 12:21 . 2012-07-14 12:21        --------        d-----w-        c:\programdata\Simply Super Software
2012-07-07 16:46 . 2012-07-07 16:46        --------        d-----w-        c:\users\Ralf\AppData\Roaming\Malwarebytes
2012-07-07 16:46 . 2012-07-07 16:46        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-07 16:46 . 2012-07-19 18:33        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-07 13:28 . 2012-07-08 13:59        --------        d-----w-        c:\program files (x86)\DVDVideoSoftTB_DE
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 03:43 . 2012-03-31 15:40        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-20 03:43 . 2011-05-17 13:29        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 16:25 . 2010-01-27 17:10        59701280        ----a-w-        c:\windows\system32\MRT.exe
2012-06-26 07:02 . 2012-01-30 23:15        330240        ----a-w-        c:\windows\MASetupCaller.dll
2012-06-26 07:02 . 2012-01-30 23:15        45320        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll
2012-06-23 06:05 . 2012-06-23 06:05        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-06-23 06:05 . 2010-06-04 05:33        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-25 19:58        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 19:58        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 19:58        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 19:58        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 19:58        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 19:58        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 19:58        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 19:57        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-25 19:57        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-01-26 14:42        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-13 20:29        1188864        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 20:28        64512        ----a-w-        c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 20:29        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-05-08 16:48 . 2011-10-13 19:29        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:48 . 2011-10-13 19:29        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-04 11:06 . 2012-06-13 20:20        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 20:20        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 20:20        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 20:20        209920        ----a-w-        c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"Akamai NetSession Interface"="c:\users\Ralf\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"BrowserMask"="c:\program files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2011-11-02 101280]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-10 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-10 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-09 40960]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-10 3524536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\ShotOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-15 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2011-12-08 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2011-12-08 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2011-12-08 161280]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 X6va003;X6va003;c:\users\Ralf\AppData\Local\Temp\0032BCD.tmp [x]
R4 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2009-01-21 65536]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-14 69152]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-07 00:18]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-07 00:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5235&r=273601109306l0373z165i4725v315
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Ralf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 83.169.186.161 83.169.186.225
FF - ProfilePath - c:\users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\ikk4hkqq.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Hintergrund mit der Losung_is1 - e:\programme\HMLosung\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Ralf\AppData\Local\Temp\0032BCD.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-29  21:26:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-29 19:26
.
Vor Suchlauf: 18 Verzeichnis(se), 82.056.720.384 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 81.609.531.392 Bytes frei
.
- - End Of File - - 9BD815DC01988A7404B51E4CFF15BD68
--- --- ---

cosinus 29.07.2012 21:04
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:30 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132