Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner geangelt TR/ATRAPS.Gen2 TR/Sirefef.16896 (https://www.trojaner-board.de/122624-trojaner-geangelt-tr-atraps-gen2-tr-sirefef-16896-a.html)

magix1 22.08.2012 18:26
Trojaner geangelt TR/ATRAPS.Gen2 TR/Sirefef.16896
 
Hallo,

habe mir heute wohl oben genannte Trojaner geangelt, obwohl ich igentlich nichts anders gemacht habe als sonst.

Die Meldung von Avira kommt alle paar Minuten, da ich leider nicht der Computerexpete bin, würde ich mich über leicht verständliche Hilfe echt freuen.

Gruß

Marcel

So,
habe gerade mal Malewarebytes laufen lassen und versuche mal die Logdatei einzustellen.
hoffe weiterhin auf eure hilfe !!


Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.22.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [Administrator]

Schutz: Aktiviert

22.08.2012 19:45:50
mbam-log-2012-08-22 (19-45-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395355
Laufzeit: 1 Stunde(n), 58 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Marcel\AppData\Local\Temp\71171649.exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marcel\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marcel\Downloads\SoftonicDownloader_fuer_adobe-photoshop.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john 22.08.2012 22:55
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

magix1 22.08.2012 23:40
Hallo t´john,

der malewarebytes scan von oben ist der aktuelle

hier nochmal dann OTL

Code:
OTL logfile created on: 23.08.2012 00:21:54 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\Marcel\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 55,07% Memory free
7,73 Gb Paging File | 5,62 Gb Available in Paging File | 72,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 185,21 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marcel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe (Lexmark International, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomPackage.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtGui4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtCore4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtXml4.dll ()
MOD - C:\Program Files (x86)\ICQ7.0\MDb.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (McProxy) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (lxcz_device) -- C:\Windows\SysWOW64\lxczcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360110l516l0438z115t5491d633
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360110l516l0438z115t5491d633
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360110l516l0438z115t5491d633
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360110l516l0438z115t5491d633
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360110l516l0438z115t5491d633
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=5e59854f000000000000c217fe11528c
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101112230724\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DFBA4D-B72E-40B9-A5B8-6FE1CF027F9A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=E23BE595-7F66-4CAC-B9D0-07D842DEA3EA&apn_sauid=08AA9609-C76A-457D-86AE-DA926E248168
IE - HKCU\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=5e59854f000000000000c217fe11528c
IE - HKCU\..\SearchScopes\{58C1D4EB-C408-46EE-8439-62FBB35807E4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE363
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE363
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=386496&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.07.29 21:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 07:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.06 17:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.12 14:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 07:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.06 17:50:48 | 000,000,000 | ---D | M]
 
[2010.02.23 21:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions
[2010.02.23 21:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 11:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\cetgyoqc.default\extensions
[2012.07.09 22:16:19 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\cetgyoqc.default\extensions\toolbar@ask.com
[2012.07.09 22:16:19 | 000,002,323 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\searchplugins\askcom.xml
[2011.04.14 09:54:14 | 000,000,961 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\searchplugins\icqplugin-2.xml
[2010.02.22 18:47:22 | 000,000,961 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\searchplugins\icqplugin.xml
[2011.11.23 10:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.01.20 21:33:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.30 22:21:06 | 000,000,000 | ---D | M] (FreeRIP Toolbar) -- C:\PROGRAM FILES (X86)\FREERIP TOOLBAR\FF
[2012.07.29 21:10:53 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.07.19 07:26:34 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.13 20:22:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.13 18:26:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.27 08:59:24 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.13 18:26:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.13 18:26:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.13 18:26:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.13 18:26:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.13 18:26:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101112230724\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0646DD38-26C1-4A16-B57A-56F71175FD77}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{079E895E-A34A-44CA-AB30-B5385D4D0B79}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69e5a646-177a-11e1-be5e-d86d45e990b9}\Shell - "" = AutoRun
O33 - MountPoints2\{69e5a646-177a-11e1-be5e-d86d45e990b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\Shell - "" = AutoRun
O33 - MountPoints2\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cade6a6b-2011-11e1-9060-8164c617a550}\Shell - "" = AutoRun
O33 - MountPoints2\{cade6a6b-2011-11e1-9060-8164c617a550}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cade6a6e-2011-11e1-9060-8164c617a550}\Shell - "" = AutoRun
O33 - MountPoints2\{cade6a6e-2011-11e1-9060-8164c617a550}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.22 22:37:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.08.22 22:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.22 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2CB66B48-4665-4724-975B-4259B1242FFB}
[2012.08.22 19:30:37 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes
[2012.08.22 19:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.22 19:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.22 19:30:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.22 19:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.21 21:55:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{61EF40A1-3C57-42D5-99AF-5F573AAD294E}
[2012.08.21 09:54:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{92E07D5E-FC97-4359-A049-DCCBE96586FB}
[2012.08.20 09:24:00 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{EFBA0C8F-91B6-444F-8DC7-700EB164E7D0}
[2012.08.20 08:46:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.20 08:46:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.20 08:46:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.20 08:46:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.20 08:46:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.20 08:46:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.20 08:46:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.20 08:46:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.20 08:46:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.20 08:46:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.20 08:46:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.20 08:46:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.20 08:46:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 08:12:42 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 08:12:38 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 08:12:38 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 08:12:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 08:12:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 08:12:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 08:12:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 08:12:30 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.10 18:29:44 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Canneverbe Limited
[2012.08.10 18:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.08.10 18:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.08.08 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{F3D75E1E-1CB3-4526-B60F-A6017A4C8103}
[2012.08.08 14:20:03 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{949BFA44-C59B-46E1-B937-540DD3056557}
[2012.08.02 11:25:41 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.02 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\PDAppFlex
[2012.08.02 11:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.08.02 11:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.08.02 11:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.08.02 10:31:09 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Adobe Illustrator CS6
[2012.08.02 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.02 10:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012.08.02 09:43:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vector Magic
[2012.08.02 09:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vector Magic
[2012.07.31 13:09:15 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{29C9E5BE-43C6-45DB-B11A-D9572868393C}
[2012.07.31 13:07:15 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2CF2F7FC-0B6A-486F-BE13-18BBA6E9D8AA}
[2012.07.31 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1FF1A9E8-CDF2-4614-9136-631BF8DB2669}
[2012.07.30 20:43:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{48EB3E66-8F59-434F-AAA6-18BFCFA81816}
[2012.07.30 08:43:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{26562CA5-1D5A-4363-9EDE-76117032EC48}
[2012.07.29 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{B559176A-6712-4E00-85D1-F4FC8023ED94}
[2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.23 00:26:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.23 00:04:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.22 22:38:09 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.08.22 22:37:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.08.22 21:56:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.22 21:56:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.22 21:48:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.22 21:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.22 21:48:15 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.22 21:47:30 | 000,046,803 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.08.22 19:30:20 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.21 10:29:20 | 000,000,256 | ---- | M] () -- C:\Windows\Lexstat.ini
[2012.08.20 09:21:45 | 004,982,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 11:47:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 11:47:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 08:23:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2012.08.10 18:29:29 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.08.09 21:18:02 | 000,022,330 | ---- | M] () -- C:\Users\Marcel\Documents\Thyssen.ods
[2012.08.08 09:22:03 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.08 09:22:03 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.08 09:22:03 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.08 09:22:03 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.08 09:22:03 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.02 22:12:58 | 000,044,228 | ---- | M] () -- C:\Users\Marcel\Documents\Bestellung DM.ods
[2012.08.02 10:29:41 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012.08.02 09:43:35 | 000,000,979 | ---- | M] () -- C:\Users\Marcel\Desktop\Vector Magic.lnk
[2012.08.02 09:06:55 | 000,090,888 | ---- | M] () -- C:\Users\Marcel\Desktop\ROCKETS_SCHRIFTZUG.jpg
[2012.08.02 09:06:41 | 000,144,720 | ---- | M] () -- C:\Users\Marcel\Desktop\ROCKETS_LOGO_SCHWARZ.jpg
[2012.08.02 09:06:16 | 000,117,051 | ---- | M] () -- C:\Users\Marcel\Desktop\ROCKETS_LOGO_ROT.jpg
 
========== Files Created - No Company Name ==========
 
[2012.08.22 22:38:08 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.08.22 19:30:20 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.22 16:06:15 | 000,001,712 | ---- | C] () -- C:\Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\U\00000001.@
[2012.08.10 18:29:29 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.08.10 18:29:29 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.08.09 21:18:00 | 000,022,330 | ---- | C] () -- C:\Users\Marcel\Documents\Thyssen.ods
[2012.08.02 22:12:56 | 000,044,228 | ---- | C] () -- C:\Users\Marcel\Documents\Bestellung DM.ods
[2012.08.02 11:21:42 | 000,001,618 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[2012.08.02 11:20:03 | 000,001,522 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
[2012.08.02 11:18:07 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012.08.02 11:17:20 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.08.02 11:15:07 | 000,001,321 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.08.02 11:14:59 | 000,001,487 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.08.02 11:14:31 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.08.02 10:29:41 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.08.02 10:29:41 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012.08.02 09:43:35 | 000,000,979 | ---- | C] () -- C:\Users\Marcel\Desktop\Vector Magic.lnk
[2012.08.02 09:06:55 | 000,090,888 | ---- | C] () -- C:\Users\Marcel\Desktop\ROCKETS_SCHRIFTZUG.jpg
[2012.08.02 09:06:40 | 000,144,720 | ---- | C] () -- C:\Users\Marcel\Desktop\ROCKETS_LOGO_SCHWARZ.jpg
[2012.08.02 09:06:13 | 000,117,051 | ---- | C] () -- C:\Users\Marcel\Desktop\ROCKETS_LOGO_ROT.jpg
[2012.05.15 10:19:17 | 000,007,602 | ---- | C] () -- C:\Users\Marcel\AppData\Local\Resmon.ResmonCfg
[2012.04.24 16:48:45 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.02.08 10:52:12 | 000,000,256 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.02.08 10:44:54 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2012.02.08 10:41:12 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2012.02.08 10:41:12 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2012.02.08 10:41:12 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2012.02.08 10:41:12 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2012.02.08 10:41:12 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2012.02.08 10:41:11 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2012.02.08 10:41:11 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2012.02.08 10:41:11 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2012.02.08 10:41:11 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2012.02.08 10:41:11 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2012.02.08 10:41:11 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2012.02.08 10:41:11 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2012.02.08 10:41:10 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2012.02.08 10:41:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2012.02.08 10:41:10 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2012.02.08 10:41:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2012.02.08 10:41:10 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2012.01.11 18:38:21 | 000,002,048 | -HS- | C] () -- C:\Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\@
[2011.02.10 17:12:28 | 000,002,134 | ---- | C] () -- C:\Users\Marcel\.recently-used.xbel
[2011.02.01 18:56:18 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.27 19:41:39 | 000,000,434 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.12.27 19:28:50 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.12.27 19:28:35 | 000,000,034 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.12.27 19:28:25 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.07.31 10:01:36 | 000,001,034 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\wklnhst.dat

< End of report >

und extras

Code:
OTL Extras logfile created on: 23.08.2012 00:21:54 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\Marcel\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 55,07% Memory free
7,73 Gb Paging File | 5,62 Gb Available in Paging File | 72,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 185,21 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B31713B-B0A8-4F09-9C0E-4C63C37BAFE6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20A283F4-4E13-43A8-A681-8702454996BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23E44D72-5465-48E1-A1A4-069045C35CDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C81D73A-FF56-49A0-B417-3034D6203955}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4964AFFF-F662-4505-B7FD-7EE406CA2737}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F601ED5-87ED-442B-A2C6-6F823CD09D71}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{535B48A4-4C1A-4A73-981A-9D4EFDE4F8BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A323D55-4570-4BCB-9327-E9434FF7B72C}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AF4D8D6-F0FA-4A80-A26A-4116406BBF03}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E5CE47C-FE43-4F0D-B273-F7BD0287F4C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B262784-896C-464B-B474-E1D09E8C4F99}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F1224D3-2DB2-4BB9-93FB-3AC024AE5EB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{79917095-40B2-4DD9-A78B-953E6431E7EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D87E697-E700-4B09-9C58-3EB0D7C66461}" = lport=2869 | protocol=6 | dir=in | app=system |
"{857D9BEB-F69A-4CBF-AC9A-BD8EA9081EAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{88DF770F-65BD-4203-96FA-A1B5FFBBA7A9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{913621E5-E20D-46AC-8D34-0107C8C21B7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9420C09A-EB6D-4E5F-A5ED-23600E3E37DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{9BB14594-C815-4777-8644-97BAE96F14CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9ECB38E5-36F7-44E1-B782-ED73B7CBACD6}" = rport=139 | protocol=6 | dir=out | app=system |
"{B78A6245-D2B5-48DC-95E0-A8AB333A16ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BCAFB83D-A6FB-47C4-B254-4AF03EF8A35D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C29D49FD-7ACB-40E1-B619-F147D412DD60}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E19AFD17-1BA6-4468-8510-011DCD9D971D}" = lport=137 | protocol=17 | dir=in | app=system |
"{F74EFEDF-2A0F-4E16-B72D-616294B12DF7}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0135EDC0-21D0-4487-AD9E-A7646E7CC7B7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DDED90B-AC96-454F-9021-08DB649A559F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11E7CF78-0D76-4267-9A7E-93CC8D2FAC19}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{121A0B1A-6F3A-4E59-8B41-11986BAB35EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1ABA5C6B-9016-45E9-8B68-4A55256B6AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1B54732E-0C3C-4301-91D2-9635A0124BDE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1CEA8EE6-EF5F-4D1E-BCEE-4E900887C7C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E73461B-3636-4987-AA2C-AFBCE8749299}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{1EE59920-C611-4013-81CB-D0D203D23FFC}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{26029B11-A04C-4206-83B1-14C50846F010}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{266A5903-08BB-4CD7-9AB4-6A66017FA3C4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{2676908E-3002-43DC-80C1-EC24C99EAD78}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{357F2ADA-0C6B-4D20-9D7C-515AA2225627}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3737C5E8-44CF-4745-B000-D10C2234D58E}" = protocol=6 | dir=out | app=system |
"{43A52D34-3D10-4B8A-B5B8-0842A167A692}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{5A4E9297-E733-4266-B391-907AB052FBCE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{5DFA9EDC-6695-4B4D-BF47-7DC946185766}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA3E5B7-5446-4DD5-8397-6FC8C241EE3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67AF3A33-66C5-4A24-96FA-0297061989CE}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{6C39CAED-3650-4C9C-8563-4BE14210D01B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{7547687C-4451-421B-90C1-F05BACA0A480}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{75D63446-B498-47E4-810E-94D202C8BF0B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{79C4AAAC-7FCC-4A14-B8F0-5E1E55CEFFD7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7C971DD2-B3A8-412B-83A5-B06B5786DA90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80D17EED-C1B0-4716-A253-560115589AC0}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{81340DF4-7285-4523-AE04-31105C554652}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{83CBECD9-9671-4713-94B9-FF951E9AFF33}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{8B2C9FEC-2E9B-46FB-AFFD-E12A36014445}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{8C658714-7861-40E4-9590-67EA0C25D18E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{8F584AD8-DA61-412E-A297-50AD6EB93C17}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{8F83E2E8-073A-4802-9464-1C4236224125}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A288F545-8CF6-4FAA-8576-736E27370182}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A42010F9-9215-4C49-A00B-93437A81260B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A9882B31-9D16-4FFC-B01E-00F04FDA66D5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AA304D81-0737-4BE8-BEF0-850054D32807}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AAEA6392-35B6-41AE-8B65-1BB3AABFC73C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{B00DDAA8-2D1C-4F8E-85F1-DA1E11281207}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B22EAC2C-BDE8-442C-9F48-61062702ACF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B6E22A95-1DCE-4A57-8185-E40F1449E18C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BAC55FA5-4DAC-4F38-AC9F-5A036D9E4C19}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BD758410-667A-4DC9-A984-7DDDEB8BC3FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDF63FBD-3389-439F-8CDF-8B2C655BC4FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C03C4139-7799-458C-8902-393A516F835A}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{C11F99DF-CE7D-4156-B3A4-34C7C300CD0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C14444F5-619C-41DD-9AD4-646DDE5FFC9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2696CEC-C7B5-4690-AFFB-EAE511FD1E97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C560B8AD-5405-46B0-A3AB-7A2C6C18402C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{CBA34E63-21A2-4543-B470-D0647915171D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD48E4D2-21DC-4B1C-92F3-BF399FEDA924}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CDCFE617-3DD3-4547-A745-6A8C214D83B0}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{D03F1423-DF7E-47F3-A098-4748818FA168}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{D88ABBEE-533B-40A2-8D06-47A14780DDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DF2E0762-9F24-4690-9065-09E5E7215B60}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E05D00BA-9DDC-4945-BAD7-5B1F73832AC2}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{E1059F87-9FFA-49EF-90CB-792F2ED1C971}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{E484C1F5-A2F3-4C4F-BD26-DD9EF6970080}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA628BB8-9236-40D4-920F-11E76C507758}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{EB56EB0C-CBAC-4EF0-8620-A9C0C4147E29}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{F193B967-F70C-46B8-8AF8-227B01439202}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{F1EA693C-CFAD-4CC2-B460-D01770D7B29C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FC9CBD5C-05E6-4644-BA9D-C23F24A7057D}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FFCBF1A2-4ADC-4C0A-924D-2A4F5C33AC83}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 1200 Series" = Lexmark 1200 Series
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{398B3CD3-316F-4a9e-A322-28D40D99F736}" = FreeRIP Toolbar v4.6
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170BF54-7808-45EE-AB06-6BCE7A254E29}" = Angry Birds Space
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (32bit)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4C92944-F31A-3FB0-C3B0-D7C5950B1D82}" = Adobe Download Assistant
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cinergy T Stick MKII" = Cinergy T Stick MKII V9.06.3.01
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Driver Updater" = Carambis Driver Updater
"ESET Online Scanner" = ESET Online Scanner v3
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"Lexmark 1200 Series" = Lexmark 1200 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MyTomTom" = MyTomTom 3.0.2.363
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Vector Magic" = Vector Magic
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"PhotoFiltre" = PhotoFiltre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2011 10:19:34 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2011 10:19:34 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045
 
Error - 30.10.2011 10:19:34 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error - 30.10.2011 10:19:35 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2011 10:19:35 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059
 
Error - 30.10.2011 10:19:35 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059
 
Error - 30.10.2011 10:19:36 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2011 10:19:36 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3073
 
Error - 30.10.2011 10:19:36 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3073
 
Error - 30.10.2011 10:19:38 | Computer Name = Marcel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ Media Center Events ]
Error - 20.03.2010 13:23:26 | Computer Name = Marcel-PC | Source = MCUpdate | ID = 0
Description = 18:23:26 - Fehler beim Herstellen der Internetverbindung.  18:23:26
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 20.03.2010 19:38:38 | Computer Name = Marcel-PC | Source = MCUpdate | ID = 0
Description = 00:38:38 - Fehler beim Herstellen der Internetverbindung.  00:38:38
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.03.2010 08:43:12 | Computer Name = Marcel-PC | Source = MCUpdate | ID = 0
Description = 13:43:12 - Fehler beim Herstellen der Internetverbindung.  13:43:12
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 20.08.2012 02:49:21 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 20.08.2012 02:49:21 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 20.08.2012 03:18:31 | Computer Name = Marcel-PC | Source = DCOM | ID = 10010
Description =
 
Error - 20.08.2012 15:53:55 | Computer Name = Marcel-PC | Source = DCOM | ID = 10010
Description =
 
Error - 21.08.2012 03:46:26 | Computer Name = Marcel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?08.?2012 um 08:33:45 unerwartet heruntergefahren.
 
Error - 21.08.2012 13:58:37 | Computer Name = Marcel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?08.?2012 um 19:53:16 unerwartet heruntergefahren.
 
Error - 21.08.2012 14:01:15 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.08.2012 14:01:15 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 McAfee Services erreicht.
 
Error - 21.08.2012 14:01:15 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Services" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 22.08.2012 02:50:34 | Computer Name = Marcel-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

t'john 22.08.2012 23:45
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=386496&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69e5a646-177a-11e1-be5e-d86d45e990b9}\Shell - "" = AutoRun
O33 - MountPoints2\{69e5a646-177a-11e1-be5e-d86d45e990b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\Shell - "" = AutoRun
O33 - MountPoints2\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cade6a6b-2011-11e1-9060-8164c617a550}\Shell - "" = AutoRun
O33 - MountPoints2\{cade6a6b-2011-11e1-9060-8164c617a550}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cade6a6e-2011-11e1-9060-8164c617a550}\Shell - "" = AutoRun
O33 - MountPoints2\{cade6a6e-2011-11e1-9060-8164c617a550}\Shell\AutoRun\command - "" = E:\AutoRun.exe

achineCore.job
[2012.08.15 08:23:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2012.08.22 16:06:15 | 000,001,712 | ---- | C] () -- C:\Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\U\00000001.@

 
[2012.01.11 18:38:21 | 000,002,048 | -HS- | C] () -- C:\Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\@
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

magix1 22.08.2012 23:58
so, ausgeführt wie beschrieben, das kam dabei heraus



Code:
Files\Folders moved on Reboot...
C:\Users\Marcel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 22.08.2012 23:58
Du musst den FIx in OTL reinkopieren!

Nochmal!

magix1 23.08.2012 00:03
hatte ich, beim ausführen sagte er es liege ein schwerwiegendes problem vor und der rechner wird in 1 minute neu gestartet

t'john 23.08.2012 00:05
Nochmal probieren.

magix1 23.08.2012 00:12
neuer versuch :

Code:
All processes killed
========== OTL ==========
Error: No service named Akamai was found to stop!
Service\Driver key Akamai not found.
File  c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll  not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
File c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\20101112230724\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E634228A-03CF-4BC8-B0AB-668257F1FD8C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06DFBA4D-B72E-40B9-A5B8-6FE1CF027F9A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06DFBA4D-B72E-40B9-A5B8-6FE1CF027F9A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{58C1D4EB-C408-46EE-8439-62FBB35807E4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58C1D4EB-C408-46EE-8439-62FBB35807E4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=386496" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=386496&p=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E634228A-03CF-4BC8-B0AB-668257F1FD8C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{081230F8-EA50-42A9-983C-D22ABC2EED3B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
File C:\Program Files (x86)\FreeRIP3\toolband.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69e5a646-177a-11e1-be5e-d86d45e990b9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e5a646-177a-11e1-be5e-d86d45e990b9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69e5a646-177a-11e1-be5e-d86d45e990b9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e5a646-177a-11e1-be5e-d86d45e990b9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69e5a64c-177a-11e1-be5e-d86d45e990b9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cade6a6b-2011-11e1-9060-8164c617a550}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cade6a6b-2011-11e1-9060-8164c617a550}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cade6a6b-2011-11e1-9060-8164c617a550}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cade6a6b-2011-11e1-9060-8164c617a550}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cade6a6e-2011-11e1-9060-8164c617a550}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cade6a6e-2011-11e1-9060-8164c617a550}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cade6a6e-2011-11e1-9060-8164c617a550}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cade6a6e-2011-11e1-9060-8164c617a550}\ not found.
File E:\AutoRun.exe not found.
File C:\Windows\tasks\McDefragTask.job not found.
File C:\Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\U\00000001.@ not found.
File C:\Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\@ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Marcel\Desktop\cmd.bat deleted successfully.
C:\Users\Marcel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marcel
->Temp folder emptied: 396359 bytes
->Temporary Internet Files folder emptied: 209796999 bytes
->Java cache emptied: 2476292 bytes
->FireFox cache emptied: 81416694 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 118455 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316450283 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36079450 bytes
RecycleBin emptied: 4610289421 bytes
 
Total Files Cleaned = 5.014,00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08232012_010545

Files\Folders moved on Reboot...
C:\Users\Marcel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\mcmsc_4wHTWS0lmSn9xUr not found!
File\Folder C:\Windows\temp\mcmsc_JG7M6S1YYEOuvvy not found!
File\Folder C:\Windows\temp\mcmsc_Zz2DyU14MjMy1sc not found!
File\Folder C:\Windows\temp\sqlite_ejzYxyixmPa7qme not found!
File\Folder C:\Windows\temp\sqlite_HxoP9QWpvykVKbj not found!
File\Folder C:\Windows\temp\sqlite_yHKlnRRF806nfjD not found!
File\Folder C:\Windows\temp\sqlite_Z96YNS7Z70MkoJt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 23.08.2012 00:15
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

magix1 23.08.2012 00:17
darf ich das morgen früh machen ?? malware dauert wieder 2 std :-)

rechner läuft bis jetzt wie immer

dektop icons mußte ich verkleinern

t'john 23.08.2012 00:20
Klar, bis morgen :)

magix1 23.08.2012 00:21
ok,

danke bis jetzt schonmal :bussi::rofl:

so, dann nochmal der malewarebytes

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.23.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [Administrator]

Schutz: Aktiviert

23.08.2012 07:45:06
mbam-log-2012-08-23 (07-45-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377592
Laufzeit: 1 Stunde(n), 44 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und der adwcleaner

Code:
# AdwCleaner v1.801 - Logfile created 08/23/2012 at 11:22:09
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Marcel - MARCEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Marcel\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Marcel\AppData\Local\Babylon
Folder Found : C:\Users\Marcel\AppData\Local\TempDir
Folder Found : C:\Users\Marcel\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\Marcel\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Marcel\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Marcel\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Marcel\AppData\Roaming\Babylon
Folder Found : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\ProgramData\Partner
File Found : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\searchplugins\Askcom.xml
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Search Settings
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\AskBarDis
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\b
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "5e59854f000000000000c217fe11528c");
Found : user_pref("extensions.BabylonToolbar_i.id", "5e59854f000000000000c217fe11528c");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15457");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109958&babsrc=NT_s[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:59:28");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]

*************************

AdwCleaner[R1].txt - [15161 octets] - [23/08/2012 11:22:09]

########## EOF - C:\AdwCleaner[R1].txt - [15290 octets] ##########




kann ich jetzt wieder alles ganz normal mit dem rechner machen wie vorher auch ?? is er wieder sauber ??

t'john 23.08.2012 18:28
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:


Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

magix1 23.08.2012 18:40
Code:
# AdwCleaner v1.801 - Logfile created 08/23/2012 at 19:35:03
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Marcel - MARCEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Marcel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Marcel\AppData\Local\Babylon
Folder Deleted : C:\Users\Marcel\AppData\Local\TempDir
Folder Deleted : C:\Users\Marcel\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Marcel\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Marcel\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Marcel\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Marcel\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Search Settings
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\prefs.js

C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "5e59854f000000000000c217fe11528c");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "5e59854f000000000000c217fe11528c");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15457");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109958&babsrc=NT_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:59:28");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]

*************************

AdwCleaner[R1].txt - [15158 octets] - [23/08/2012 11:22:09]
AdwCleaner[S1].txt - [11647 octets] - [23/08/2012 19:35:03]

########## EOF - C:\AdwCleaner[S1].txt - [11776 octets] ##########
combofix log

Code:
ComboFix 12-08-22.03 - Marcel 23.08.2012  19:51:48.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3956.2570 [GMT 2:00]
ausgeführt von:: c:\users\Marcel\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Marcel\AppData\Roaming\Microsoft\Windows\Templates\setup_11.0.0.1245.x01_2012_03_02_13_06.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-23 bis 2012-08-23  ))))))))))))))))))))))))))))))
.
.
2012-08-23 17:58 . 2012-08-23 17:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-22 22:49 . 2012-08-22 22:49        --------        d-----w-        C:\_OTL
2012-08-22 20:11 . 2012-08-22 20:11        --------        d-----w-        c:\program files (x86)\ESET
2012-08-22 17:30 . 2012-08-22 17:30        --------        d-----w-        c:\users\Marcel\AppData\Roaming\Malwarebytes
2012-08-22 17:30 . 2012-08-22 17:30        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-22 17:30 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-22 17:30 . 2012-08-22 17:30        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-15 06:12 . 2012-05-05 08:30        503808        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 06:12 . 2012-05-05 07:44        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2012-08-15 06:12 . 2012-02-11 06:36        751104        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 06:12 . 2012-02-11 06:29        559104        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 06:12 . 2012-02-11 06:29        67584        ----a-w-        c:\windows\splwow64.exe
2012-08-15 06:12 . 2012-02-11 05:44        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll
2012-08-15 06:12 . 2012-07-04 22:04        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-08-15 06:12 . 2012-07-04 22:01        58880        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 06:12 . 2012-07-04 22:01        136704        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 06:12 . 2012-07-04 21:23        41472        ----a-w-        c:\windows\SysWow64\browcli.dll
2012-08-15 06:12 . 2012-07-18 17:31        3146752        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 06:12 . 2012-05-14 05:20        956416        ----a-w-        c:\windows\system32\localspl.dll
2012-08-10 16:29 . 2012-08-10 16:29        --------        d-----w-        c:\users\Marcel\AppData\Roaming\Canneverbe Limited
2012-08-10 16:29 . 2012-08-10 16:29        --------        d-----w-        c:\programdata\Canneverbe Limited
2012-08-10 16:29 . 2012-08-10 16:29        --------        d-----w-        c:\program files (x86)\CDBurnerXP
2012-08-02 09:25 . 2012-08-02 09:25        --------        d-----w-        c:\users\Marcel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-02 09:24 . 2012-08-02 09:24        --------        d-----w-        c:\users\Marcel\AppData\Roaming\PDAppFlex
2012-08-02 09:19 . 2012-08-02 09:19        --------        d-----w-        c:\programdata\ALM
2012-08-02 09:16 . 2012-08-02 09:17        --------        d-----w-        c:\program files\Adobe
2012-08-02 09:10 . 2012-08-02 09:20        --------        d-----w-        c:\program files\Common Files\Adobe
2012-08-02 08:31 . 2012-08-02 09:04        --------        d-----w-        c:\users\Marcel\Adobe Illustrator CS6
2012-08-02 08:29 . 2012-08-02 08:29        --------        d-----w-        c:\users\Marcel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-02 08:29 . 2012-08-02 08:29        --------        d-----w-        c:\program files (x86)\Adobe Download Assistant
2012-08-02 07:43 . 2012-08-02 07:43        --------        d-----w-        c:\program files (x86)\Vector Magic
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 06:42 . 2010-08-13 10:33        62134624        ----a-w-        c:\windows\system32\MRT.exe
2012-08-15 09:47 . 2012-04-13 17:25        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 09:47 . 2011-11-23 08:43        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 22:58 . 2012-08-21 06:13        9309624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{78375537-13FB-4853-AF51-DC0BC56F719F}\mpengine.dll
2012-06-09 05:30 . 2012-07-12 07:03        14165504        ----a-w-        c:\windows\system32\shell32.dll
2012-06-06 18:59 . 2012-06-06 18:59        1070152        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:50 . 2012-07-11 06:53        2003968        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 06:53        1880064        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 06:53        1389568        ----a-w-        c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 06:53        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-07-01 19:11        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-01 19:12        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-01 19:12        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-01 19:12        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-01 19:11        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-01 19:12        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-01 19:11        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-07-01 19:11        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-07-01 19:11        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-11 06:36        95088        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 06:36        152432        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 06:36        459216        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 06:36        340992        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 06:36        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 06:36        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 06:36        225280        ----a-w-        c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 06:36        219136        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 06:36        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-01-21 08:43        279656        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-06-14 399320]
"ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-12 181480]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF15BDA.sys [2009-10-02 514144]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-06-15 103472]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 09:47]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 20:14]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 20:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-06 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360110l516l0438z115t5491d633
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &FreeRIP Search - c:\program files (x86)\FreeRIP3\toolband.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\cetgyoqc.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{081230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Lexmark 1200 Series - c:\program files (x86) (x86)\Lexmark 1200 Series\Install\x64\Uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-23  20:09:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-23 18:09
.
Vor Suchlauf: 17 Verzeichnis(se), 204.003.065.856 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 203.613.827.072 Bytes frei
.
- - End Of File - - B7078A48B2060741C04DF6A7AF0D3602

t'john 23.08.2012 19:26
Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

magix1 23.08.2012 19:33
für den betrieb mit windows 7 ist service pack 1 erforderlich

t'john 23.08.2012 23:38
Alles Windows Updates einspielen, inkl. Service Pack!

magix1 24.08.2012 12:46
so, da habe ich dann nochmal nen brandaktuellen bericht

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 23.08.2012 22:26:46

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        24.08.2012 11:53:21

c:\program files (x86)\freerip3        gefunden: Trace.File.freerip v3.0!E1
c:\users\marcel\appdata\roaming\microsoft\internet explorer\quick launch\freerip.lnk        gefunden: Trace.File.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayicon        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayname        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayversion        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: app path        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: icon group        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: setup version        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: user        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installdate        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installlocation        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> norepair        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> publisher        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> nomodify        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> quietuninstallstring        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> uninstallstring        gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> urlinfoabout        gefunden: Trace.Registry.freerip v3.0!E1
C:\_OTL\MovedFiles\08232012_004956\C_Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\U\00000001.@        gefunden: Trojan.Crypt.EFC!E2
C:\Users\Marcel\Videos\Filme\OO Software CleverCache Professional v7 1 2737 Incl Keygen\keygen.exe        gefunden: Trojan-Proxy.Win32.Agent!E2

Gescannt        638436
Gefunden        116

Scan Ende:        24.08.2012 13:34:08
Scan Zeit:        1:40:47

C:\Users\Marcel\Videos\Filme\OO Software CleverCache Professional v7 1 2737 Incl Keygen\keygen.exe        Quarantäne Trojan-Proxy.Win32.Agent!E2
C:\_OTL\MovedFiles\08232012_004956\C_Users\Marcel\AppData\Local\{52bde81c-418a-f651-b260-dca8cdaeb747}\U\00000001.@        Quarantäne Trojan.Crypt.EFC!E2
Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayicon        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayname        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayversion        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: app path        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: icon group        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: setup version        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: user        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installdate        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installlocation        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> norepair        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> publisher        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> nomodify        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> quietuninstallstring        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> uninstallstring        Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> urlinfoabout        Quarantäne Trace.Registry.freerip v3.0!E1
c:\program files (x86)\freerip3        Quarantäne Trace.File.freerip v3.0!E1
c:\users\marcel\appdata\roaming\microsoft\internet explorer\quick launch\freerip.lnk        Quarantäne Trace.File.freerip v3.0!E1

Quarantäne        116

t'john 24.08.2012 15:07
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

magix1 25.08.2012 00:36
einmal ESET


Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6226b4ee95f46146aff5fb161ea326fe
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-24 04:56:18
# local_time=2012-08-24 06:56:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 377196 82361283 172711 0
# compatibility_mode=5121 16776637 100 82 79355431 98186775 0 0
# compatibility_mode=5893 16776573 100 94 10758 97454277 0 0
# compatibility_mode=8192 67108863 100 0 83 83 0 0
# scanned=89025
# found=0
# cleaned=0
# scan_time=2951
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6226b4ee95f46146aff5fb161ea326fe
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-24 11:27:25
# local_time=2012-08-25 01:27:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 380291 82364378 175806 0
# compatibility_mode=5121 16776637 100 82 79358526 98189870 0 0
# compatibility_mode=5893 16776573 100 94 13853 97457372 0 0
# compatibility_mode=8192 67108863 100 0 3178 3178 0 0
# scanned=198314
# found=1
# cleaned=1
# scan_time=23322
C:\Windows\Installer\841ea65.msi        a variant of Win32/Toolbar.Widgi application (deleted - quarantined)        00000000000000000000000000000000        C

t'john 25.08.2012 15:36
Konrolle:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".


dann:


TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.

magix1 25.08.2012 18:50
du wirst es nicht glauben, aber während malwarebytes gerade durchläuft meldet sich avira mit TR/Sirefef.P.35 gefunden :-(

aktueller malwarebytes

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [Administrator]

Schutz: Aktiviert

25.08.2012 19:08:32
mbam-log-2012-08-25 (19-08-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388340
Laufzeit: 1 Stunde(n), 45 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und tdss

Code:
21:06:27.0963 4752  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:06:27.0995 4752  ============================================================
21:06:27.0995 4752  Current date / time: 2012/08/25 21:06:27.0995
21:06:27.0995 4752  SystemInfo:
21:06:27.0995 4752 
21:06:27.0995 4752  OS Version: 6.1.7601 ServicePack: 1.0
21:06:27.0995 4752  Product type: Workstation
21:06:27.0995 4752  ComputerName: MARCEL-PC
21:06:27.0995 4752  UserName: Marcel
21:06:27.0995 4752  Windows directory: C:\Windows
21:06:27.0995 4752  System windows directory: C:\Windows
21:06:27.0995 4752  Running under WOW64
21:06:27.0995 4752  Processor architecture: Intel x64
21:06:27.0995 4752  Number of processors: 4
21:06:27.0995 4752  Page size: 0x1000
21:06:27.0995 4752  Boot type: Normal boot
21:06:27.0995 4752  ============================================================
21:06:28.0806 4752  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:06:28.0806 4752  ============================================================
21:06:28.0806 4752  \Device\Harddisk0\DR0:
21:06:28.0806 4752  MBR partitions:
21:06:28.0806 4752  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
21:06:28.0806 4752  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
21:06:28.0806 4752  ============================================================
21:06:28.0837 4752  C: <-> \Device\Harddisk0\DR0\Partition2
21:06:28.0837 4752  ============================================================
21:06:28.0837 4752  Initialize success
21:06:28.0837 4752  ============================================================
21:06:39.0882 6836  ============================================================
21:06:39.0882 6836  Scan started
21:06:39.0882 6836  Mode: Manual;
21:06:39.0882 6836  ============================================================
21:06:40.0147 6836  ================ Scan system memory ========================
21:06:40.0147 6836  System memory - ok
21:06:40.0147 6836  ================ Scan services =============================
21:06:40.0365 6836  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:06:40.0365 6836  1394ohci - ok
21:06:40.0412 6836  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:06:40.0412 6836  ACPI - ok
21:06:40.0459 6836  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
21:06:40.0459 6836  AcpiPmi - ok
21:06:40.0615 6836  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:06:40.0615 6836  AdobeFlashPlayerUpdateSvc - ok
21:06:40.0693 6836  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:40.0709 6836  adp94xx - ok
21:06:40.0771 6836  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
21:06:40.0771 6836  adpahci - ok
21:06:40.0802 6836  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
21:06:40.0802 6836  adpu320 - ok
21:06:40.0849 6836  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
21:06:40.0865 6836  AeLookupSvc - ok
21:06:40.0896 6836  [ 65F8D71074FCE72B6C491F63535FEDC6 ] AF9035BDA      C:\Windows\system32\DRIVERS\AF15BDA.sys
21:06:40.0911 6836  AF9035BDA - ok
21:06:40.0974 6836  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
21:06:40.0989 6836  AFD - ok
21:06:41.0083 6836  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
21:06:41.0083 6836  AgereModemAudio - ok
21:06:41.0130 6836  [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
21:06:41.0145 6836  AgereSoftModem - ok
21:06:41.0192 6836  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:06:41.0192 6836  agp440 - ok
21:06:41.0208 6836  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
21:06:41.0208 6836  ALG - ok
21:06:41.0255 6836  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:06:41.0255 6836  aliide - ok
21:06:41.0286 6836  [ 41A0813F22D3330C0CA71CE5BBD42B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:06:41.0301 6836  AMD External Events Utility - ok
21:06:41.0333 6836  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:06:41.0333 6836  amdide - ok
21:06:41.0348 6836  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
21:06:41.0348 6836  AmdK8 - ok
21:06:41.0379 6836  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:06:41.0379 6836  AmdPPM - ok
21:06:41.0426 6836  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
21:06:41.0442 6836  amdsata - ok
21:06:41.0489 6836  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:41.0489 6836  amdsbs - ok
21:06:41.0504 6836  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
21:06:41.0504 6836  amdxata - ok
21:06:41.0551 6836  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
21:06:41.0551 6836  AmUStor - ok
21:06:41.0645 6836  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:06:41.0660 6836  AntiVirSchedulerService - ok
21:06:41.0691 6836  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:06:41.0691 6836  AntiVirService - ok
21:06:41.0769 6836  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
21:06:41.0769 6836  AppID - ok
21:06:41.0785 6836  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:06:41.0785 6836  AppIDSvc - ok
21:06:41.0816 6836  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
21:06:41.0816 6836  Appinfo - ok
21:06:41.0925 6836  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:06:41.0925 6836  Apple Mobile Device - ok
21:06:41.0957 6836  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
21:06:41.0972 6836  arc - ok
21:06:42.0003 6836  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:06:42.0003 6836  arcsas - ok
21:06:42.0035 6836  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:42.0035 6836  AsyncMac - ok
21:06:42.0081 6836  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
21:06:42.0081 6836  atapi - ok
21:06:42.0144 6836  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:06:42.0175 6836  athr - ok
21:06:42.0378 6836  [ 37456BE85384E4CC38DC899F07F88C45 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:06:42.0612 6836  atikmdag - ok
21:06:42.0674 6836  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:06:42.0690 6836  AudioEndpointBuilder - ok
21:06:42.0705 6836  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:06:42.0705 6836  AudioSrv - ok
21:06:42.0752 6836  [ B1224E6B086CD6548315B04AB575A23E ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:06:42.0752 6836  avgntflt - ok
21:06:42.0768 6836  [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:06:42.0768 6836  avipbb - ok
21:06:42.0830 6836  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:06:42.0846 6836  AxInstSV - ok
21:06:42.0877 6836  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
21:06:42.0893 6836  b06bdrv - ok
21:06:42.0924 6836  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:42.0924 6836  b57nd60a - ok
21:06:43.0033 6836  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc          C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:06:43.0033 6836  BBSvc - ok
21:06:43.0095 6836  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
21:06:43.0111 6836  BCM43XX - ok
21:06:43.0142 6836  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:06:43.0142 6836  BDESVC - ok
21:06:43.0173 6836  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:06:43.0173 6836  Beep - ok
21:06:43.0236 6836  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
21:06:43.0251 6836  BFE - ok
21:06:43.0314 6836  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:06:43.0345 6836  BITS - ok
21:06:43.0376 6836  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:43.0376 6836  blbdrive - ok
21:06:43.0454 6836  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:06:43.0454 6836  Bonjour Service - ok
21:06:43.0517 6836  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:06:43.0517 6836  bowser - ok
21:06:43.0548 6836  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:43.0548 6836  BrFiltLo - ok
21:06:43.0563 6836  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:43.0563 6836  BrFiltUp - ok
21:06:43.0579 6836  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:06:43.0579 6836  BridgeMP - ok
21:06:43.0626 6836  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
21:06:43.0626 6836  Browser - ok
21:06:43.0657 6836  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
21:06:43.0657 6836  Brserid - ok
21:06:43.0673 6836  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:43.0673 6836  BrSerWdm - ok
21:06:43.0704 6836  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:43.0704 6836  BrUsbMdm - ok
21:06:43.0719 6836  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:43.0719 6836  BrUsbSer - ok
21:06:43.0735 6836  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:43.0735 6836  BTHMODEM - ok
21:06:43.0782 6836  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
21:06:43.0782 6836  bthserv - ok
21:06:43.0782 6836  catchme - ok
21:06:43.0813 6836  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:06:43.0829 6836  cdfs - ok
21:06:43.0860 6836  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
21:06:43.0875 6836  cdrom - ok
21:06:43.0922 6836  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
21:06:43.0922 6836  CertPropSvc - ok
21:06:43.0938 6836  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:06:43.0938 6836  circlass - ok
21:06:43.0969 6836  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:06:43.0969 6836  CLFS - ok
21:06:44.0047 6836  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:44.0047 6836  clr_optimization_v2.0.50727_32 - ok
21:06:44.0094 6836  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:44.0094 6836  clr_optimization_v2.0.50727_64 - ok
21:06:44.0187 6836  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:44.0203 6836  clr_optimization_v4.0.30319_32 - ok
21:06:44.0250 6836  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:44.0250 6836  clr_optimization_v4.0.30319_64 - ok
21:06:44.0265 6836  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:44.0281 6836  CmBatt - ok
21:06:44.0297 6836  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:06:44.0297 6836  cmdide - ok
21:06:44.0343 6836  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
21:06:44.0343 6836  CNG - ok
21:06:44.0390 6836  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:06:44.0390 6836  Compbatt - ok
21:06:44.0421 6836  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:06:44.0421 6836  CompositeBus - ok
21:06:44.0437 6836  COMSysApp - ok
21:06:44.0453 6836  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
21:06:44.0453 6836  crcdisk - ok
21:06:44.0515 6836  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:06:44.0515 6836  CryptSvc - ok
21:06:44.0562 6836  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:06:44.0562 6836  DcomLaunch - ok
21:06:44.0609 6836  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
21:06:44.0609 6836  defragsvc - ok
21:06:44.0671 6836  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:06:44.0671 6836  DfsC - ok
21:06:44.0702 6836  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:06:44.0702 6836  Dhcp - ok
21:06:44.0733 6836  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:06:44.0733 6836  discache - ok
21:06:44.0796 6836  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:06:44.0796 6836  Disk - ok
21:06:44.0889 6836  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr        C:\Windows\syswow64\Drivers\DKbFltr.sys
21:06:44.0889 6836  DKbFltr - ok
21:06:44.0936 6836  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:06:44.0936 6836  Dnscache - ok
21:06:44.0983 6836  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
21:06:44.0983 6836  dot3svc - ok
21:06:45.0014 6836  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
21:06:45.0030 6836  DPS - ok
21:06:45.0061 6836  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
21:06:45.0061 6836  drmkaud - ok
21:06:45.0123 6836  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
21:06:45.0139 6836  DXGKrnl - ok
21:06:45.0170 6836  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
21:06:45.0170 6836  EapHost - ok
21:06:45.0264 6836  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
21:06:45.0357 6836  ebdrv - ok
21:06:45.0404 6836  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
21:06:45.0404 6836  EFS - ok
21:06:45.0498 6836  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
21:06:45.0513 6836  ehRecvr - ok
21:06:45.0529 6836  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
21:06:45.0529 6836  ehSched - ok
21:06:45.0576 6836  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
21:06:45.0576 6836  elxstor - ok
21:06:45.0685 6836  [ FB67AA8AC61B9365ADD546139A21BED6 ] ePowerSvc      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:06:45.0701 6836  ePowerSvc - ok
21:06:45.0716 6836  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:06:45.0716 6836  ErrDev - ok
21:06:45.0779 6836  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
21:06:45.0779 6836  EventSystem - ok
21:06:45.0810 6836  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
21:06:45.0810 6836  exfat - ok
21:06:45.0841 6836  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
21:06:45.0841 6836  fastfat - ok
21:06:45.0903 6836  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
21:06:45.0903 6836  Fax - ok
21:06:45.0919 6836  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
21:06:45.0919 6836  fdc - ok
21:06:45.0950 6836  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
21:06:45.0950 6836  fdPHost - ok
21:06:45.0966 6836  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:06:45.0966 6836  FDResPub - ok
21:06:45.0997 6836  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:06:45.0997 6836  FileInfo - ok
21:06:45.0997 6836  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
21:06:46.0013 6836  Filetrace - ok
21:06:46.0028 6836  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:46.0028 6836  flpydisk - ok
21:06:46.0059 6836  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:06:46.0059 6836  FltMgr - ok
21:06:46.0122 6836  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
21:06:46.0137 6836  FontCache - ok
21:06:46.0200 6836  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:46.0200 6836  FontCache3.0.0.0 - ok
21:06:46.0231 6836  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
21:06:46.0231 6836  FsDepends - ok
21:06:46.0293 6836  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
21:06:46.0293 6836  fssfltr - ok
21:06:46.0403 6836  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:06:46.0418 6836  fsssvc - ok
21:06:46.0465 6836  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:06:46.0465 6836  Fs_Rec - ok
21:06:46.0512 6836  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:06:46.0512 6836  fvevol - ok
21:06:46.0559 6836  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:06:46.0559 6836  gagp30kx - ok
21:06:46.0605 6836  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:06:46.0605 6836  GEARAspiWDM - ok
21:06:46.0668 6836  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
21:06:46.0683 6836  gpsvc - ok
21:06:46.0761 6836  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
21:06:46.0777 6836  Greg_Service - ok
21:06:46.0824 6836  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:06:46.0824 6836  gupdate - ok
21:06:46.0855 6836  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:06:46.0871 6836  gupdatem - ok
21:06:46.0886 6836  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:06:46.0902 6836  gusvc - ok
21:06:46.0917 6836  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:06:46.0917 6836  hcw85cir - ok
21:06:46.0980 6836  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:06:46.0980 6836  HdAudAddService - ok
21:06:47.0011 6836  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:06:47.0027 6836  HDAudBus - ok
21:06:47.0042 6836  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
21:06:47.0058 6836  HECIx64 - ok
21:06:47.0089 6836  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
21:06:47.0105 6836  HidBatt - ok
21:06:47.0136 6836  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:06:47.0136 6836  HidBth - ok
21:06:47.0167 6836  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
21:06:47.0167 6836  HidIr - ok
21:06:47.0183 6836  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\System32\hidserv.dll
21:06:47.0183 6836  hidserv - ok
21:06:47.0229 6836  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:06:47.0229 6836  HidUsb - ok
21:06:47.0276 6836  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:06:47.0276 6836  hkmsvc - ok
21:06:47.0339 6836  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:06:47.0339 6836  HomeGroupListener - ok
21:06:47.0385 6836  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:06:47.0385 6836  HomeGroupProvider - ok
21:06:47.0417 6836  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:06:47.0417 6836  HpSAMD - ok
21:06:47.0463 6836  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:06:47.0479 6836  HTTP - ok
21:06:47.0510 6836  hwdatacard - ok
21:06:47.0557 6836  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:06:47.0557 6836  hwpolicy - ok
21:06:47.0619 6836  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:06:47.0619 6836  i8042prt - ok
21:06:47.0697 6836  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:06:47.0697 6836  IAANTMON - ok
21:06:47.0760 6836  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:06:47.0760 6836  iaStor - ok
21:06:47.0838 6836  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
21:06:47.0838 6836  iaStorV - ok
21:06:47.0931 6836  [ 848EDEBB3C1D6FEC50E09EDA95C21E84 ] ICQ Service    C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
21:06:47.0931 6836  ICQ Service - ok
21:06:48.0025 6836  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:06:48.0041 6836  idsvc - ok
21:06:48.0212 6836  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:06:48.0384 6836  igfx - ok
21:06:48.0431 6836  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
21:06:48.0431 6836  iirsp - ok
21:06:48.0477 6836  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:06:48.0493 6836  IKEEXT - ok
21:06:48.0524 6836  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
21:06:48.0524 6836  Impcd - ok
21:06:48.0618 6836  [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:06:48.0649 6836  IntcAzAudAddService - ok
21:06:48.0665 6836  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:06:48.0680 6836  intelide - ok
21:06:48.0711 6836  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:06:48.0711 6836  intelppm - ok
21:06:48.0711 6836  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
21:06:48.0727 6836  IPBusEnum - ok
21:06:48.0774 6836  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:48.0774 6836  IpFilterDriver - ok
21:06:48.0836 6836  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:06:48.0836 6836  iphlpsvc - ok
21:06:48.0867 6836  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
21:06:48.0867 6836  IPMIDRV - ok
21:06:48.0899 6836  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
21:06:48.0899 6836  IPNAT - ok
21:06:49.0070 6836  [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:06:49.0070 6836  iPod Service - ok
21:06:49.0133 6836  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:06:49.0133 6836  IRENUM - ok
21:06:49.0164 6836  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:06:49.0164 6836  isapnp - ok
21:06:49.0195 6836  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:06:49.0211 6836  iScsiPrt - ok
21:06:49.0257 6836  [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
21:06:49.0273 6836  k57nd60a - ok
21:06:49.0289 6836  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:06:49.0289 6836  kbdclass - ok
21:06:49.0320 6836  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:06:49.0320 6836  kbdhid - ok
21:06:49.0351 6836  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:06:49.0351 6836  KeyIso - ok
21:06:49.0382 6836  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:06:49.0382 6836  KSecDD - ok
21:06:49.0413 6836  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
21:06:49.0413 6836  KSecPkg - ok
21:06:49.0429 6836  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
21:06:49.0429 6836  ksthunk - ok
21:06:49.0460 6836  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
21:06:49.0476 6836  KtmRm - ok
21:06:49.0491 6836  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E            C:\Windows\system32\DRIVERS\L1E62x64.sys
21:06:49.0507 6836  L1E - ok
21:06:49.0523 6836  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:06:49.0523 6836  LanmanServer - ok
21:06:49.0569 6836  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:06:49.0569 6836  LanmanWorkstation - ok
21:06:49.0616 6836  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:06:49.0616 6836  lltdio - ok
21:06:49.0632 6836  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
21:06:49.0647 6836  lltdsvc - ok
21:06:49.0663 6836  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
21:06:49.0663 6836  lmhosts - ok
21:06:49.0710 6836  [ 7485FBCEF9136F530953575E2977859D ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:06:49.0725 6836  LMS - ok
21:06:49.0757 6836  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:06:49.0757 6836  LSI_FC - ok
21:06:49.0772 6836  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
21:06:49.0772 6836  LSI_SAS - ok
21:06:49.0772 6836  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:06:49.0772 6836  LSI_SAS2 - ok
21:06:49.0803 6836  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:06:49.0803 6836  LSI_SCSI - ok
21:06:49.0819 6836  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
21:06:49.0819 6836  luafv - ok
21:06:49.0850 6836  lxcz_device - ok
21:06:49.0881 6836  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
21:06:49.0881 6836  MBAMProtector - ok
21:06:49.0928 6836  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:06:49.0928 6836  MBAMService - ok
21:06:50.0006 6836  [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
21:06:50.0006 6836  McAfee SiteAdvisor Service - ok
21:06:50.0115 6836  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:06:50.0115 6836  McComponentHostService - ok
21:06:50.0178 6836  [ 0FC36E77D779F8D021D338BDC7368181 ] mcmscsvc        C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
21:06:50.0178 6836  mcmscsvc - ok
21:06:50.0303 6836  [ 2988E515570E4F8B9D9B256137F8E8F4 ] McNASvc        c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
21:06:50.0334 6836  McNASvc - ok
21:06:50.0396 6836  [ 504C0AF387549FAB2F3E867E5043851D ] McODS          C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
21:06:50.0412 6836  McODS - ok
21:06:50.0459 6836  [ C85968D24449E37653B891B03188140C ] McProxy        c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
21:06:50.0459 6836  McProxy - ok
21:06:50.0490 6836  [ C833BCEE15F6F489D57748514C4DE8B8 ] McShield        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
21:06:50.0490 6836  McShield - ok
21:06:50.0552 6836  [ F2A433E0EA959028E349FB1D5BAE01E7 ] McSysmon        C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
21:06:50.0552 6836  McSysmon - ok
21:06:50.0599 6836  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
21:06:50.0599 6836  Mcx2Svc - ok
21:06:50.0630 6836  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
21:06:50.0630 6836  megasas - ok
21:06:50.0661 6836  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:06:50.0661 6836  MegaSR - ok
21:06:50.0693 6836  [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk        C:\Windows\system32\drivers\mfeavfk.sys
21:06:50.0693 6836  mfeavfk - ok
21:06:50.0724 6836  [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk        C:\Windows\system32\drivers\mfehidk.sys
21:06:50.0724 6836  mfehidk - ok
21:06:50.0755 6836  [ 624D717B11E5004F68442B5740F17F21 ] mferkdk        C:\Windows\system32\drivers\mferkdk.sys
21:06:50.0755 6836  mferkdk - ok
21:06:50.0771 6836  [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk        C:\Windows\system32\drivers\mfesmfk.sys
21:06:50.0771 6836  mfesmfk - ok
21:06:50.0802 6836  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
21:06:50.0802 6836  MMCSS - ok
21:06:50.0833 6836  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
21:06:50.0833 6836  Modem - ok
21:06:50.0864 6836  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
21:06:50.0864 6836  monitor - ok
21:06:50.0895 6836  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:06:50.0895 6836  mouclass - ok
21:06:50.0927 6836  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:06:50.0927 6836  mouhid - ok
21:06:50.0973 6836  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:06:50.0973 6836  mountmgr - ok
21:06:51.0036 6836  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:06:51.0036 6836  MozillaMaintenance - ok
21:06:51.0067 6836  [ AE2E68527013EB4F761ECCC630F7F1A3 ] MPFP            C:\Windows\system32\Drivers\Mpfp.sys
21:06:51.0067 6836  MPFP - ok
21:06:51.0129 6836  [ DB4D0DFE069E995B3F45CE4623ABFDD9 ] MpfService      C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
21:06:51.0129 6836  MpfService - ok
21:06:51.0176 6836  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:06:51.0176 6836  mpio - ok
21:06:51.0207 6836  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:06:51.0207 6836  mpsdrv - ok
21:06:51.0270 6836  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:06:51.0270 6836  MpsSvc - ok
21:06:51.0301 6836  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:06:51.0301 6836  MRxDAV - ok
21:06:51.0332 6836  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:51.0332 6836  mrxsmb - ok
21:06:51.0348 6836  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:51.0363 6836  mrxsmb10 - ok
21:06:51.0379 6836  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:51.0379 6836  mrxsmb20 - ok
21:06:51.0410 6836  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:06:51.0410 6836  msahci - ok
21:06:51.0426 6836  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
21:06:51.0426 6836  msdsm - ok
21:06:51.0441 6836  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
21:06:51.0441 6836  MSDTC - ok
21:06:51.0488 6836  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:06:51.0488 6836  Msfs - ok
21:06:51.0504 6836  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
21:06:51.0504 6836  mshidkmdf - ok
21:06:51.0535 6836  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:06:51.0535 6836  msisadrv - ok
21:06:51.0551 6836  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
21:06:51.0566 6836  MSiSCSI - ok
21:06:51.0566 6836  msiserver - ok
21:06:51.0644 6836  [ CF3C267356F458BE85C5034BFC382022 ] MSK80Service    C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
21:06:51.0644 6836  MSK80Service - ok
21:06:51.0675 6836  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
21:06:51.0675 6836  MSKSSRV - ok
21:06:51.0691 6836  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:51.0707 6836  MSPCLOCK - ok
21:06:51.0707 6836  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
21:06:51.0707 6836  MSPQM - ok
21:06:51.0738 6836  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
21:06:51.0753 6836  MsRPC - ok
21:06:51.0769 6836  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:06:51.0785 6836  mssmbios - ok
21:06:51.0785 6836  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
21:06:51.0785 6836  MSTEE - ok
21:06:51.0800 6836  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:06:51.0800 6836  MTConfig - ok
21:06:51.0816 6836  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
21:06:51.0816 6836  Mup - ok
21:06:51.0847 6836  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:06:51.0847 6836  mwlPSDFilter - ok
21:06:51.0878 6836  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ    C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:06:51.0878 6836  mwlPSDNServ - ok
21:06:51.0909 6836  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk    C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:06:51.0909 6836  mwlPSDVDisk - ok
21:06:52.0003 6836  [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:06:52.0003 6836  MWLService - ok
21:06:52.0065 6836  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:06:52.0065 6836  napagent - ok
21:06:52.0128 6836  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
21:06:52.0128 6836  NativeWifiP - ok
21:06:52.0175 6836  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:06:52.0190 6836  NDIS - ok
21:06:52.0221 6836  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
21:06:52.0237 6836  NdisCap - ok
21:06:52.0253 6836  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:52.0268 6836  NdisTapi - ok
21:06:52.0284 6836  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:52.0299 6836  Ndisuio - ok
21:06:52.0315 6836  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:52.0315 6836  NdisWan - ok
21:06:52.0362 6836  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
21:06:52.0362 6836  NDProxy - ok
21:06:52.0409 6836  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
21:06:52.0409 6836  NetBIOS - ok
21:06:52.0455 6836  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
21:06:52.0455 6836  NetBT - ok
21:06:52.0487 6836  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:06:52.0487 6836  Netlogon - ok
21:06:52.0518 6836  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:06:52.0533 6836  Netman - ok
21:06:52.0565 6836  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:06:52.0565 6836  netprofm - ok
21:06:52.0596 6836  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:06:52.0596 6836  NetTcpPortSharing - ok
21:06:52.0658 6836  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
21:06:52.0658 6836  nfrd960 - ok
21:06:52.0721 6836  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:06:52.0721 6836  NlaSvc - ok
21:06:52.0799 6836  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:06:52.0799 6836  Npfs - ok
21:06:52.0830 6836  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
21:06:52.0830 6836  nsi - ok
21:06:52.0845 6836  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:06:52.0845 6836  nsiproxy - ok
21:06:52.0923 6836  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:06:52.0939 6836  Ntfs - ok
21:06:53.0017 6836  [ 14E66F603FB187713AEB02AD3B0390CF ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:06:53.0017 6836  NTI IScheduleSvc - ok
21:06:53.0064 6836  [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:06:53.0064 6836  NTIBackupSvc - ok
21:06:53.0095 6836  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
21:06:53.0095 6836  NTIDrvr - ok
21:06:53.0126 6836  [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:06:53.0126 6836  NTISchedulerSvc - ok
21:06:53.0157 6836  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:06:53.0157 6836  Null - ok
21:06:53.0204 6836  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:06:53.0204 6836  nvraid - ok
21:06:53.0220 6836  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:06:53.0235 6836  nvstor - ok
21:06:53.0267 6836  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:06:53.0267 6836  nv_agp - ok
21:06:53.0360 6836  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:06:53.0360 6836  odserv - ok
21:06:53.0391 6836  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:06:53.0391 6836  ohci1394 - ok
21:06:53.0454 6836  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:06:53.0454 6836  ose - ok
21:06:53.0485 6836  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:06:53.0485 6836  p2pimsvc - ok
21:06:53.0516 6836  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:06:53.0532 6836  p2psvc - ok
21:06:53.0547 6836  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
21:06:53.0547 6836  Parport - ok
21:06:53.0594 6836  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
21:06:53.0594 6836  partmgr - ok
21:06:53.0625 6836  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:06:53.0625 6836  PcaSvc - ok
21:06:53.0657 6836  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
21:06:53.0657 6836  pci - ok
21:06:53.0703 6836  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:06:53.0735 6836  pciide - ok
21:06:53.0781 6836  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:06:53.0797 6836  pcmcia - ok
21:06:53.0844 6836  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
21:06:53.0844 6836  pcw - ok
21:06:53.0891 6836  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:06:53.0906 6836  PEAUTH - ok
21:06:54.0031 6836  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:06:54.0031 6836  PerfHost - ok
21:06:54.0109 6836  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
21:06:54.0140 6836  pla - ok
21:06:54.0203 6836  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:06:54.0218 6836  PlugPlay - ok
21:06:54.0234 6836  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
21:06:54.0234 6836  PNRPAutoReg - ok
21:06:54.0249 6836  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
21:06:54.0249 6836  PNRPsvc - ok
21:06:54.0296 6836  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
21:06:54.0312 6836  PolicyAgent - ok
21:06:54.0343 6836  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
21:06:54.0343 6836  Power - ok
21:06:54.0405 6836  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:06:54.0405 6836  PptpMiniport - ok
21:06:54.0437 6836  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
21:06:54.0437 6836  Processor - ok
21:06:54.0483 6836  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
21:06:54.0499 6836  ProfSvc - ok
21:06:54.0499 6836  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:06:54.0499 6836  ProtectedStorage - ok
21:06:54.0561 6836  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:06:54.0561 6836  Psched - ok
21:06:54.0639 6836  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:06:54.0655 6836  ql2300 - ok
21:06:54.0702 6836  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:06:54.0702 6836  ql40xx - ok
21:06:54.0717 6836  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
21:06:54.0733 6836  QWAVE - ok
21:06:54.0733 6836  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:06:54.0733 6836  QWAVEdrv - ok
21:06:54.0764 6836  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:06:54.0764 6836  RasAcd - ok
21:06:54.0795 6836  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
21:06:54.0795 6836  RasAgileVpn - ok
21:06:54.0827 6836  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
21:06:54.0842 6836  RasAuto - ok
21:06:54.0873 6836  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
21:06:54.0889 6836  Rasl2tp - ok
21:06:54.0920 6836  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:06:54.0936 6836  RasMan - ok
21:06:54.0967 6836  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:06:54.0967 6836  RasPppoe - ok
21:06:54.0983 6836  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
21:06:54.0983 6836  RasSstp - ok
21:06:55.0014 6836  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
21:06:55.0014 6836  rdbss - ok
21:06:55.0029 6836  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:06:55.0029 6836  rdpbus - ok
21:06:55.0076 6836  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:06:55.0076 6836  RDPCDD - ok
21:06:55.0092 6836  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:06:55.0092 6836  RDPENCDD - ok
21:06:55.0107 6836  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:06:55.0107 6836  RDPREFMP - ok
21:06:55.0154 6836  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
21:06:55.0154 6836  RDPWD - ok
21:06:55.0217 6836  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:06:55.0217 6836  rdyboost - ok
21:06:55.0248 6836  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:06:55.0248 6836  RemoteAccess - ok
21:06:55.0279 6836  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:06:55.0279 6836  RemoteRegistry - ok
21:06:55.0295 6836  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:06:55.0310 6836  RpcEptMapper - ok
21:06:55.0326 6836  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:06:55.0326 6836  RpcLocator - ok
21:06:55.0357 6836  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
21:06:55.0357 6836  RpcSs - ok
21:06:55.0388 6836  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:06:55.0388 6836  rspndr - ok
21:06:55.0435 6836  [ 7421A35C45484B95E83B5E9E107CEFC2 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
21:06:55.0435 6836  RTHDMIAzAudService - ok
21:06:55.0451 6836  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
21:06:55.0451 6836  SamSs - ok
21:06:55.0482 6836  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:06:55.0482 6836  sbp2port - ok
21:06:55.0513 6836  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:06:55.0513 6836  SCardSvr - ok
21:06:55.0560 6836  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:06:55.0560 6836  scfilter - ok
21:06:55.0622 6836  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:06:55.0638 6836  Schedule - ok
21:06:55.0685 6836  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
21:06:55.0685 6836  SCPolicySvc - ok
21:06:55.0716 6836  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:06:55.0716 6836  SDRSVC - ok
21:06:55.0809 6836  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:06:55.0809 6836  SeaPort - ok
21:06:55.0841 6836  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:06:55.0856 6836  secdrv - ok
21:06:55.0872 6836  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:06:55.0872 6836  seclogon - ok
21:06:55.0934 6836  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:06:55.0934 6836  SENS - ok
21:06:55.0965 6836  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:06:55.0965 6836  SensrSvc - ok
21:06:55.0997 6836  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
21:06:55.0997 6836  Serenum - ok
21:06:56.0028 6836  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:06:56.0028 6836  Serial - ok
21:06:56.0075 6836  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:06:56.0075 6836  sermouse - ok
21:06:56.0121 6836  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:06:56.0137 6836  SessionEnv - ok
21:06:56.0153 6836  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
21:06:56.0153 6836  sffdisk - ok
21:06:56.0168 6836  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:06:56.0168 6836  sffp_mmc - ok
21:06:56.0184 6836  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
21:06:56.0199 6836  sffp_sd - ok
21:06:56.0215 6836  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
21:06:56.0215 6836  sfloppy - ok
21:06:56.0246 6836  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:06:56.0246 6836  SharedAccess - ok
21:06:56.0309 6836  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:06:56.0309 6836  ShellHWDetection - ok
21:06:56.0340 6836  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:06:56.0340 6836  SiSRaid2 - ok
21:06:56.0371 6836  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:06:56.0371 6836  SiSRaid4 - ok
21:06:56.0402 6836  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
21:06:56.0402 6836  Smb - ok
21:06:56.0449 6836  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:06:56.0449 6836  SNMPTRAP - ok
21:06:56.0480 6836  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
21:06:56.0480 6836  spldr - ok
21:06:56.0527 6836  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
21:06:56.0527 6836  Spooler - ok
21:06:56.0667 6836  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:06:56.0792 6836  sppsvc - ok
21:06:56.0839 6836  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
21:06:56.0839 6836  sppuinotify - ok
21:06:56.0886 6836  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
21:06:56.0886 6836  srv - ok
21:06:56.0917 6836  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:06:56.0917 6836  srv2 - ok
21:06:56.0933 6836  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:06:56.0933 6836  srvnet - ok
21:06:56.0979 6836  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
21:06:56.0979 6836  SSDPSRV - ok
21:06:57.0011 6836  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
21:06:57.0011 6836  SstpSvc - ok
21:06:57.0042 6836  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:06:57.0042 6836  stexstor - ok
21:06:57.0089 6836  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:06:57.0104 6836  stisvc - ok
21:06:57.0120 6836  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:06:57.0120 6836  swenum - ok
21:06:57.0260 6836  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:06:57.0276 6836  SwitchBoard - ok
21:06:57.0323 6836  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
21:06:57.0323 6836  swprv - ok
21:06:57.0385 6836  [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
21:06:57.0385 6836  SynTP - ok
21:06:57.0463 6836  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
21:06:57.0479 6836  SysMain - ok
21:06:57.0525 6836  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:06:57.0525 6836  TabletInputService - ok
21:06:57.0557 6836  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
21:06:57.0557 6836  TapiSrv - ok
21:06:57.0603 6836  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
21:06:57.0603 6836  TBS - ok
21:06:57.0713 6836  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
21:06:57.0728 6836  Tcpip - ok
21:06:57.0791 6836  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:06:57.0806 6836  TCPIP6 - ok
21:06:57.0853 6836  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:06:57.0853 6836  tcpipreg - ok
21:06:57.0869 6836  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:06:57.0869 6836  TDPIPE - ok
21:06:57.0915 6836  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
21:06:57.0915 6836  TDTCP - ok
21:06:57.0962 6836  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
21:06:57.0962 6836  tdx - ok
21:06:58.0009 6836  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:06:58.0009 6836  TermDD - ok
21:06:58.0056 6836  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
21:06:58.0071 6836  TermService - ok
21:06:58.0087 6836  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:06:58.0087 6836  Themes - ok
21:06:58.0118 6836  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
21:06:58.0118 6836  THREADORDER - ok
21:06:58.0134 6836  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:06:58.0149 6836  TrkWks - ok
21:06:58.0212 6836  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:06:58.0212 6836  TrustedInstaller - ok
21:06:58.0243 6836  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:58.0243 6836  tssecsrv - ok
21:06:58.0274 6836  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:06:58.0274 6836  TsUsbFlt - ok
21:06:58.0321 6836  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:06:58.0321 6836  tunnel - ok
21:06:58.0352 6836  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
21:06:58.0352 6836  TurboB - ok
21:06:58.0399 6836  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:06:58.0399 6836  TurboBoost - ok
21:06:58.0446 6836  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:06:58.0446 6836  uagp35 - ok
21:06:58.0477 6836  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:06:58.0477 6836  UBHelper - ok
21:06:58.0524 6836  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:06:58.0539 6836  udfs - ok
21:06:58.0571 6836  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
21:06:58.0571 6836  UI0Detect - ok
21:06:58.0617 6836  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:06:58.0617 6836  uliagpkx - ok
21:06:58.0649 6836  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
21:06:58.0649 6836  umbus - ok
21:06:58.0664 6836  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:06:58.0680 6836  UmPass - ok
21:06:58.0805 6836  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:06:58.0836 6836  UNS - ok
21:06:58.0914 6836  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:06:58.0914 6836  Updater Service - ok
21:06:58.0945 6836  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:06:58.0961 6836  upnphost - ok
21:06:58.0992 6836  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
21:06:58.0992 6836  USBAAPL64 - ok
21:06:59.0023 6836  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:59.0023 6836  usbccgp - ok
21:06:59.0070 6836  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:06:59.0070 6836  usbcir - ok
21:06:59.0101 6836  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
21:06:59.0101 6836  usbehci - ok
21:06:59.0148 6836  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:06:59.0148 6836  usbhub - ok
21:06:59.0179 6836  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
21:06:59.0179 6836  usbohci - ok
21:06:59.0210 6836  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:06:59.0210 6836  usbprint - ok
21:06:59.0273 6836  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
21:06:59.0273 6836  usbscan - ok
21:06:59.0304 6836  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\drivers\USBSTOR.SYS
21:06:59.0304 6836  USBSTOR - ok
21:06:59.0319 6836  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
21:06:59.0319 6836  usbuhci - ok
21:06:59.0382 6836  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:06:59.0382 6836  usbvideo - ok
21:06:59.0444 6836  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
21:06:59.0444 6836  usb_rndisx - ok
21:06:59.0491 6836  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
21:06:59.0491 6836  UxSms - ok
21:06:59.0522 6836  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:06:59.0522 6836  VaultSvc - ok
21:06:59.0538 6836  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:06:59.0553 6836  vdrvroot - ok
21:06:59.0585 6836  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
21:06:59.0600 6836  vds - ok
21:06:59.0631 6836  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:59.0631 6836  vga - ok
21:06:59.0663 6836  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
21:06:59.0663 6836  VgaSave - ok
21:06:59.0678 6836  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
21:06:59.0694 6836  vhdmp - ok
21:06:59.0709 6836  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:06:59.0709 6836  viaide - ok
21:06:59.0741 6836  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:06:59.0741 6836  volmgr - ok
21:06:59.0803 6836  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
21:06:59.0803 6836  volmgrx - ok
21:06:59.0834 6836  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
21:06:59.0834 6836  volsnap - ok
21:06:59.0881 6836  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
21:06:59.0881 6836  vsmraid - ok
21:06:59.0959 6836  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
21:06:59.0975 6836  VSS - ok
21:07:00.0021 6836  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:00.0021 6836  vwifibus - ok
21:07:00.0037 6836  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:00.0037 6836  vwififlt - ok
21:07:00.0068 6836  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
21:07:00.0068 6836  vwifimp - ok
21:07:00.0115 6836  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
21:07:00.0131 6836  W32Time - ok
21:07:00.0146 6836  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:07:00.0146 6836  WacomPen - ok
21:07:00.0193 6836  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:07:00.0209 6836  WANARP - ok
21:07:00.0209 6836  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:07:00.0209 6836  Wanarpv6 - ok
21:07:00.0287 6836  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:07:00.0318 6836  wbengine - ok
21:07:00.0349 6836  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:07:00.0349 6836  WbioSrvc - ok
21:07:00.0411 6836  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
21:07:00.0411 6836  wcncsvc - ok
21:07:00.0427 6836  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:07:00.0443 6836  WcsPlugInService - ok
21:07:00.0474 6836  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:07:00.0474 6836  Wd - ok
21:07:00.0505 6836  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:07:00.0521 6836  Wdf01000 - ok
21:07:00.0536 6836  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:07:00.0536 6836  WdiServiceHost - ok
21:07:00.0552 6836  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
21:07:00.0552 6836  WdiSystemHost - ok
21:07:00.0599 6836  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
21:07:00.0599 6836  WebClient - ok
21:07:00.0677 6836  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:07:00.0692 6836  Wecsvc - ok
21:07:00.0708 6836  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
21:07:00.0723 6836  wercplsupport - ok
21:07:00.0723 6836  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:07:00.0739 6836  WerSvc - ok
21:07:00.0755 6836  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:00.0755 6836  WfpLwf - ok
21:07:00.0770 6836  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:07:00.0770 6836  WIMMount - ok
21:07:00.0786 6836  WinDefend - ok
21:07:00.0786 6836  WinHttpAutoProxySvc - ok
21:07:00.0833 6836  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
21:07:00.0833 6836  Winmgmt - ok
21:07:00.0926 6836  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
21:07:00.0957 6836  WinRM - ok
21:07:01.0020 6836  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:07:01.0020 6836  WinUsb - ok
21:07:01.0067 6836  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
21:07:01.0082 6836  Wlansvc - ok
21:07:01.0145 6836  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:07:01.0160 6836  wlcrasvc - ok
21:07:01.0269 6836  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:07:01.0301 6836  wlidsvc - ok
21:07:01.0332 6836  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
21:07:01.0332 6836  WmiAcpi - ok
21:07:01.0363 6836  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:07:01.0363 6836  wmiApSrv - ok
21:07:01.0410 6836  WMPNetworkSvc - ok
21:07:01.0410 6836  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:07:01.0410 6836  WPCSvc - ok
21:07:01.0441 6836  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:07:01.0441 6836  WPDBusEnum - ok
21:07:01.0488 6836  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
21:07:01.0488 6836  ws2ifsl - ok
21:07:01.0519 6836  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:07:01.0535 6836  wscsvc - ok
21:07:01.0535 6836  WSearch - ok
21:07:01.0644 6836  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:07:01.0659 6836  wuauserv - ok
21:07:01.0691 6836  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:07:01.0691 6836  WudfPf - ok
21:07:01.0722 6836  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:01.0737 6836  WUDFRd - ok
21:07:01.0753 6836  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
21:07:01.0753 6836  wudfsvc - ok
21:07:01.0784 6836  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
21:07:01.0784 6836  WwanSvc - ok
21:07:01.0847 6836  ================ Scan global ===============================
21:07:01.0862 6836  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:07:01.0909 6836  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:07:01.0925 6836  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:07:01.0956 6836  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:07:01.0987 6836  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:07:01.0987 6836  [Global] - ok
21:07:01.0987 6836  ================ Scan MBR ==================================
21:07:02.0003 6836  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:07:02.0221 6836  \Device\Harddisk0\DR0 - ok
21:07:02.0221 6836  ================ Scan VBR ==================================
21:07:02.0221 6836  [ 68F6694F27B92DE3B92FDAF34A438DD5 ] \Device\Harddisk0\DR0\Partition1
21:07:02.0221 6836  \Device\Harddisk0\DR0\Partition1 - ok
21:07:02.0237 6836  [ EAC1E4D51B7F6B20BE429E1EB50316D8 ] \Device\Harddisk0\DR0\Partition2
21:07:02.0237 6836  \Device\Harddisk0\DR0\Partition2 - ok
21:07:02.0237 6836  ============================================================
21:07:02.0237 6836  Scan finished
21:07:02.0237 6836  ============================================================
21:07:02.0252 6288  Detected object count: 0
21:07:02.0252 6288  Actual detected object count: 0

t'john 26.08.2012 01:11
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

magix1 26.08.2012 08:20
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 14.0.1 ist aktuell

Flash 11,3,300,271 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,6) ist aktuell.

Adobe Reader 9,3,0,148 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 10,1,3



Zurück

Tools:

StartSeite
PluginCheck
Secunia Online Scan

Weiterführendes:

Java Updaten und Einstellen

Secunia Personal Software Inspector (PSI)

Family:

TR/Agent

t'john 27.08.2012 00:11
Sehr gut! :daumenhoc

damit bist Du entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

magix1 27.08.2012 07:52
Ist der sirefef.p.35 den Avira mir gestern gemeldet hatte auch verschwunden ?

t'john 27.08.2012 17:42
Poste das Log von Avira.

magix1 27.08.2012 20:16
Wo find ich den Avira Log?

Wo find ich den Avira Log?

das kam gerade beim download von cccleaner

Code:
Typ:        Datei
Quelle:        C:\Users\Marcel\Downloads\DownloadAcceleratorSetup.exe
Status:        Infiziert
Quarantäne-Objekt:        55186e0c.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows 2000/XP/VISTA Workstation
Suchengine:        8.02.10.146
Virendefinitionsdatei:        7.11.40.250
Meldung:        Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
Datum/Uhrzeit:        27.08.2012, 21:43
und das ist der sirefef.P.35

Code:
Typ:        Datei
Quelle:        C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5355E1F0-09FC-237D-6F4D-3D6CD8015739}-71171649.exe
Status:        Infiziert
Quarantäne-Objekt:        553eb756.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows 2000/XP/VISTA Workstation
Suchengine:        8.02.10.146
Virendefinitionsdatei:        7.11.40.250
Meldung:        Ist das Trojanische Pferd TR/Sirefef.P.35
Datum/Uhrzeit:        25.08.2012, 20:15

t'john 28.08.2012 16:17
Das ist OK, das is die Quarantaene von Windows Defender.

Er ist also nicht aktiv.

magix1 28.08.2012 19:00
Und was mache ich jetzt mit der Meldung vom cccleaner?

Den habe ich nach der Avira Meldung nicht ausgefuhrt

t'john 29.08.2012 01:35
Das ist doch nicht der CCleaner!

Loeschen und neu laden!

magix1 29.08.2012 12:08
ccleaner ausgeführt !!!

Und nu ??

t'john 29.08.2012 19:00
Noch Probleme?

magix1 29.08.2012 20:44
zumindest keine erkennbaren beim benutzen :-)

t'john 29.08.2012 22:05
Dann sollten wir froh sein :)

magix1 30.08.2012 07:40
also kann ich den rechner jetzt wieder so nutzen wie vorher auch ??

t'john 30.08.2012 19:10
jupp und immer aktuell halten!

magix1 30.08.2012 19:41
Ok, danke !!!!!!!!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131