Rechner stürzt willkürlich ab und faehrt wieder runter

Kelderon · 19.06.2012, 19:47

Hallo zusammen, ich habe ein Problem, weiss aber nicht genau obs ein Plagegeist ist oder nicht.

Ich zocke Diablo III und manchmal stürzt der LapTop ab. Mal 4 mal innerhalb einer Minute zocken mal auch gar nicht. Hardware sollte es locker packen, es ist nen Acer 7750g mit 8GB Ram und ner Radeon 6850M. Auch habe ich die Ram überprüft und sogar einfach neue geholt. Er stürzt ab wie gesagt mal nach wenigen Minuten wo der Rechner noch kalt ist mal auch nach Stunden langem spielen nicht, daher kann ich mir auch kein Hitzeproblem vorstellen.

Sobald der Rechner neu gestartet ist habe ich diese Meldung als Problem:

Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: 1000007e
BCP1: FFFFFFFFC0000094
BCP2: FFFFF8800595499E
BCP3: FFFFF88002369D98
BCP4: FFFFF880023695F0
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\061912-8658-01.dmp
C:\Users\Kelderon\AppData\Local\Temp\WER-16317-0.sysdata.xml

Lesen Sie unsere Datenschutzbestimmungen online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407

Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
C:\Windows\system32\de-DE\erofflps.txt

Nun habe ich natürlich auch gegogelt und was von Sandybridgeproblemen gelesen, was ich aber bei Acer auf der Seite durch eingabe der S/N des Lap Tops prüfen lassen konnte. Somit ist es das Problem auch nicht.

Nun ist meine Vermutung das ich mir was gefangen habe.

Bitte helft mir.

Keiner da der mir helfen könnte ?? :-(

Keiner da der mir helfen könnte?

cosinus · 21.06.2012, 20:50

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Kelderon · 23.06.2012, 08:52

Hier schonmal der Log von MalWare, der andere folgt:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kelderon :: KELDERON-PC [Administrator]

Schutz: Aktiviert

23.06.2012 09:25:49
mbam-log-2012-06-23 (09-25-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401874
Laufzeit: 23 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\CPUCooL\instser.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kelderon\Downloads\SoftonicDownloader_fuer_pc-wizard.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kelderon\Downloads\Sonstiges\SoftonicDownloader_fuer_divx-plus-web-player.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

So hier der Log von Eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=620e2f5213a00241971a081ef0badd37
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-23 08:57:20
# local_time=2012-06-23 10:57:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 92068087 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=207893
# found=4
# cleaned=0
# scan_time=3603
D:\KELDERON-PC\Backup Set 2012-02-26 193452\Backup Files 2012-02-26 224140\Backup files 4.zip	HTML/Fraud.BG trojan (unable to clean)	00000000000000000000000000000000	I
D:\KELDERON-PC\Backup Set 2012-02-26 193452\Backup Files 2012-04-01 195118\Backup files 1.zip	JS/Kryptik.KY trojan (unable to clean)	00000000000000000000000000000000	I
D:\KELDERON-PC\Backup Set 2012-02-26 193452\Backup Files 2012-04-01 195118\Backup files 3.zip	JS/Exploit.Pdfka.PJG trojan (unable to clean)	00000000000000000000000000000000	I
D:\KELDERON-PC\Backup Set 2012-02-26 193452\Backup Files 2012-05-01 193226\Backup files 1.zip	a variant of Win32/InstallCore.Q application (unable to clean)	00000000000000000000000000000000	I

Ich seh schon da sind ja schon einige Funde. Ist das schon was was das Problem verursachen könnte?

cosinus · 24.06.2012, 16:10

Code:

ATTFilter

C:\Users\Kelderon\Downloads\SoftonicDownloader_fuer_pc-wizard.exe

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Kelderon · 25.06.2012, 07:44

Also der ganz normale Betrieb mit Windows macht keine Probleme.

Leere Ordner habe ich nicht und vermisse auch keine. Kann ich das Softtonic deinstallieren oder löschen?

cosinus · 25.06.2012, 11:00

Softonic löschen!!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Kelderon · 25.06.2012, 13:10

So, Softonic Programm, woher und warum ich das auch immer hatte , ist deinstalliert. Hier der Bericht von OTL:

Code:

ATTFilter

OTL logfile created on: 25.06.2012 13:35:17 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Kelderon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 80,89% Memory free
15,96 Gb Paging File | 14,30 Gb Available in Paging File | 89,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,69 Gb Total Space | 24,97 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 532,79 Gb Free Space | 76,26% Space Free | Partition Type: NTFS
 
Computer Name: KELDERON-PC | User Name: Kelderon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.25 13:32:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kelderon\Downloads\OTL.exe
PRC - [2012.06.12 09:17:59 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
PRC - [2012.06.12 09:17:59 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2012.04.06 01:24:32 | 000,641,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.05.26 08:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.04.24 03:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.04.02 23:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011.03.14 13:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.03.14 13:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.03.14 13:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.03.14 13:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.02.22 10:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.02.22 10:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.02.18 16:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.23 04:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.23 04:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.18 13:09:24 | 000,330,696 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 20:55:08 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll
MOD - [2012.06.14 20:38:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 20:38:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.12 09:17:59 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
MOD - [2012.05.23 23:11:37 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MOD - [2012.05.22 21:53:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.22 21:53:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.22 21:53:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.22 21:53:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.22 21:53:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.22 21:53:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.19 01:47:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.04.24 03:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011.02.22 10:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.02.22 10:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.24 01:56:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.20 09:15:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.12 09:17:59 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2012.05.18 16:08:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.12.01 18:11:48 | 000,743,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.05.26 08:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.04.02 23:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.03.25 17:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.03.14 13:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.02.18 17:09:08 | 000,238,576 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe -- (CLKMSVC10_34E30CCC)
SRV - [2011.01.20 18:23:22 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.23 04:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.23 04:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.11.18 13:09:24 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 23:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.13 07:35:36 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.06.13 07:35:36 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.05.30 22:20:32 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.06.01 06:57:51 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.06.01 06:57:51 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.06.01 06:57:51 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.03.26 03:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.03.26 03:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.03.26 03:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.03.26 03:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.03.26 03:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.03.01 16:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.01.20 18:23:50 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.12 08:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.06.17 15:17:46 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.06.12 09:18:00 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.06.12 09:18:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=80B92AD001CD3535007A5514&install_time=2012-05-18T20:33:37Z&src_id=31000&camp_id=4886&tb_version=1.2.0000.2(B)
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes\{AC11BFE8-0C0C-4239-97E4-2E0BEE1F2B56}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=077105b8-12fc-4cf1-8052-87ecf8c88c98&apn_sauid=60A18FF3-82FB-4904-9AB8-F05976836CC7
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-flv"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv"
FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.alothome.com/en"
FF - prefs.js..keyword.URL: "hxxp://search.alot.com/web?src_id=31000&client_id=72ebf8886cd204945858339c&camp_id=4886&install_time=2012-05-18T20:27:42Z&pr=auto&tb_version=1.0.17000(G)&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.30 22:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.31 10:08:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.06.19 18:53:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 09:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 09:15:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.18 18:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Extensions
[2012.05.31 10:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions
[2012.05.19 21:36:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.18 22:27:42 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com
[2012.05.31 10:06:16 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\ffxtlbra@softonic.com
[2012.05.18 22:27:43 | 000,002,205 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\searchplugins\alot-search.xml
[2012.05.19 00:04:42 | 000,002,474 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\searchplugins\Web Search.xml
[2012.05.18 18:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 09:15:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 09:15:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 09:15:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 09:15:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 09:15:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 09:15:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 09:15:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: YouTube = C:\Users\Kelderon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Kelderon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Kelderon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kelderon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Kelderon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Kelderon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kelderon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk = C:\Program Files (x86)\CPUCooL\CPUCooL.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D6A036B-F802-4D4F-A9DB-2720F54F495A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86E231E1-244F-43DE-8F4A-2386B02D1D6C}: DhcpNameServer = 192.168.1.250
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.21 20:08:07 | 000,000,000 | ---D | M] - D:\Auto CD -- [ NTFS ]
O33 - MountPoints2\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{29eaa849-a335-11e1-bed0-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{29eaa849-a335-11e1-bed0-ccaf78095a58}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{39fcdbff-b519-11e1-8061-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{39fcdbff-b519-11e1-8061-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{39fcdc28-b519-11e1-8061-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{39fcdc28-b519-11e1-8061-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{48750668-aed7-11e1-887e-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{48750668-aed7-11e1-887e-b870f4a32b34}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{4875069c-aed7-11e1-887e-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{4875069c-aed7-11e1-887e-b870f4a32b34}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{487506a8-aed7-11e1-887e-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{487506a8-aed7-11e1-887e-b870f4a32b34}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7658e912-aed9-11e1-beaf-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{7658e912-aed9-11e1-beaf-b870f4a32b34}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 09:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.23 09:24:37 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Roaming\Malwarebytes
[2012.06.23 09:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.23 09:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.23 09:24:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.23 09:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.20 22:12:43 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPUCooL
[2012.06.20 22:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUCooL
[2012.06.19 18:53:53 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.06.19 18:53:53 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.06.19 18:53:53 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.06.19 18:53:53 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.06.19 18:53:53 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.06.19 18:53:53 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.06.19 18:53:53 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.06.19 18:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.06.19 18:53:39 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.06.19 18:53:38 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.06.19 18:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.06.19 18:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.06.17 15:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.06.13 07:35:41 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Roaming\Verbindungsassistent
[2012.06.13 07:35:36 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012.06.13 07:35:36 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012.06.13 07:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbindungsassistent
[2012.06.13 07:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verbindungsassistent
[2012.06.13 07:34:31 | 000,363,008 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\hwgpssensor.dll
[2012.06.13 07:34:31 | 000,363,008 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\hwgpssensor.dll
[2012.06.12 09:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent
[2012.06.12 09:18:09 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.06.12 09:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent
[2012.06.09 09:25:47 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Local\Macromedia
[2012.06.05 08:39:29 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysWow64\drivers\mod7700.sys
[2012.06.05 08:39:29 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbnet.sys
[2012.06.05 08:39:29 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbmdm.sys
[2012.06.05 08:39:29 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_hwusbdev.sys
[2012.06.05 08:39:29 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewdcsc.sys
[2012.06.05 08:39:29 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_usbenumfilter.sys
[2012.06.05 08:37:23 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Roaming\Temp
[2012.05.31 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Local\Windows Live
[2012.05.31 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Local\{D94619FA-5934-4748-B410-7E10E6F3498A}
[2012.05.31 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Local\{9C006920-121E-4E39-BE4A-28C9C2C2BBF9}
[2012.05.31 10:08:22 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Roaming\DivX
[2012.05.31 10:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.05.31 10:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.31 10:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.05.31 10:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.05.31 10:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.05.31 10:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.05.31 10:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.05.31 10:05:48 | 000,918,368 | ---- | C] (DivX, LLC) -- C:\Users\Kelderon\Desktop\DivXWebPlayerInstaller_2.1.2.exe
[2012.05.30 22:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DATA BECKER Downloads
[2012.05.30 22:20:32 | 000,335,288 | ---- | C] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv11.sys
[2012.05.30 22:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2012.05.30 22:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc
[2012.05.30 22:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2012.05.30 22:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.05.29 19:04:19 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Roaming\TuneUp Software
[2012.05.29 19:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.29 19:03:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.29 19:03:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.29 08:22:51 | 000,000,000 | ---D | C] -- C:\Users\Kelderon\AppData\Local\CrashDumps
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.25 13:31:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.25 13:31:11 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.06.25 13:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 13:31:00 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 13:16:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.25 12:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.25 11:00:56 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 11:00:56 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 02:57:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.24 02:57:43 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.24 02:57:43 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.24 02:57:43 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.24 02:57:43 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.23 09:24:35 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.20 22:12:51 | 000,001,039 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
[2012.06.20 22:12:45 | 000,000,999 | ---- | M] () -- C:\Users\Kelderon\Desktop\CPUCooL.lnk
[2012.06.19 18:53:53 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.06.19 18:53:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.06.17 11:40:27 | 000,000,965 | ---- | M] () -- C:\Users\Kelderon\Desktop\Diablo III - Verknüpfung.lnk
[2012.06.14 20:35:49 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 07:35:37 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Verbindungsassistent.lnk
[2012.06.13 07:35:36 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012.06.13 07:35:36 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012.06.12 09:20:50 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.12 09:18:11 | 000,002,284 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
[2012.06.12 09:18:11 | 000,002,241 | ---- | M] () -- C:\Users\Kelderon\Desktop\ALDI TALK Verbindungsassistent.lnk
[2012.06.12 09:18:00 | 000,999,936 | ---- | M] (DiBcom SA) -- C:\Windows\SysWow64\drivers\mod7700.sys
[2012.06.12 09:18:00 | 000,363,008 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\hwgpssensor.dll
[2012.06.12 09:18:00 | 000,363,008 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\hwgpssensor.dll
[2012.06.12 09:18:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbnet.sys
[2012.06.12 09:18:00 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbmdm.sys
[2012.06.12 09:18:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_hwusbdev.sys
[2012.06.12 09:18:00 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_usbenumfilter.sys
[2012.06.12 09:17:59 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewdcsc.sys
[2012.05.31 10:29:47 | 000,001,483 | ---- | M] () -- C:\Users\Kelderon\Desktop\RealPlayer-Downloads - Verknüpfung.lnk
[2012.05.31 10:08:28 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012.05.31 10:08:28 | 000,001,623 | ---- | M] () -- C:\Users\Kelderon\Desktop\DivX Movies.lnk
[2012.05.31 10:08:21 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.05.31 10:05:50 | 000,918,368 | ---- | M] (DivX, LLC) -- C:\Users\Kelderon\Desktop\DivXWebPlayerInstaller_2.1.2.exe
[2012.05.30 22:20:32 | 000,335,288 | ---- | M] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv11.sys
[2012.05.30 22:13:30 | 000,001,362 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.05.30 22:13:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.05.30 22:11:54 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.23 09:24:35 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.20 22:12:51 | 000,001,039 | ---- | C] () -- C:\Users\Kelderon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk
[2012.06.20 22:12:45 | 000,000,999 | ---- | C] () -- C:\Users\Kelderon\Desktop\CPUCooL.lnk
[2012.06.19 18:53:53 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.06.19 18:53:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.06.17 11:40:27 | 000,000,965 | ---- | C] () -- C:\Users\Kelderon\Desktop\Diablo III - Verknüpfung.lnk
[2012.06.13 07:35:37 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Verbindungsassistent.lnk
[2012.06.12 09:18:11 | 000,002,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
[2012.06.12 09:18:11 | 000,002,241 | ---- | C] () -- C:\Users\Kelderon\Desktop\ALDI TALK Verbindungsassistent.lnk
[2012.05.31 10:29:47 | 000,001,483 | ---- | C] () -- C:\Users\Kelderon\Desktop\RealPlayer-Downloads - Verknüpfung.lnk
[2012.05.31 10:08:28 | 000,001,623 | ---- | C] () -- C:\Users\Kelderon\Desktop\DivX Movies.lnk
[2012.05.31 10:08:21 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.05.31 10:08:18 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.31 10:08:15 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012.05.31 10:06:37 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.31 10:06:37 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.30 22:13:30 | 000,001,362 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.05.18 15:54:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.18 15:52:15 | 000,003,126 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.01 06:31:02 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.06.21 13:55:18 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.05.18 22:29:23 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Applian FLV and Media Player
[2012.05.19 00:04:08 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\OpenCandy
[2012.06.05 08:37:23 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Temp
[2012.05.29 19:04:19 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\TuneUp Software
[2012.06.13 09:23:58 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Verbindungsassistent
[2012.06.21 21:47:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.21 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Adobe
[2012.06.21 13:55:18 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.05.18 22:29:23 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Applian FLV and Media Player
[2012.05.23 23:03:37 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\ATI
[2012.05.18 16:34:50 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\CyberLink
[2012.06.11 16:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\DivX
[2012.05.18 16:36:01 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Identities
[2012.05.23 23:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\InstallShield
[2012.05.18 16:36:16 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Intel Corporation
[2012.05.18 16:36:15 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Macromedia
[2012.06.23 09:24:37 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Media Center Programs
[2012.06.09 09:25:47 | 000,000,000 | --SD | M] -- C:\Users\Kelderon\AppData\Roaming\Microsoft
[2012.05.18 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Mozilla
[2012.05.19 00:04:08 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\OpenCandy
[2012.06.25 08:43:09 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Real
[2012.06.05 08:37:23 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Temp
[2012.05.29 19:04:19 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\TuneUp Software
[2012.06.13 09:23:58 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\Verbindungsassistent
[2012.05.24 17:32:08 | 000,000,000 | ---D | M] -- C:\Users\Kelderon\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.06.12 09:18:09 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Del_CD_ROM.exe
[2012.06.12 09:18:09 | 000,262,144 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\devsetup32.exe
[2012.06.12 09:18:09 | 000,354,304 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\devsetup64.exe
[2012.06.12 09:18:10 | 000,323,584 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\HuaweiUninstaller.exe
[2012.06.12 09:18:10 | 000,043,976 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\InstallWTGService.exe
[2012.06.12 09:18:10 | 000,410,568 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\OSU.exe
[2012.06.12 09:18:10 | 001,149,896 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Setup.exe
[2012.06.12 09:18:10 | 001,121,224 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Uninstaller.exe
[2012.06.12 09:18:10 | 007,261,128 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Verbindungsassistent.exe
[2012.06.12 09:18:10 | 000,502,728 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2012.06.12 09:18:10 | 000,330,696 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\WTGService.exe
[2012.06.12 09:18:11 | 000,244,680 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\WTGVistaUtil.exe
[2012.05.19 00:04:12 | 006,527,080 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\OpenCandy\172FC7B4A823415C8D53D69F46950703\LinkuryInstaller_p1v15.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.12 11:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 25.06.2012, 14:28

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=12505cc7-8187-44a4-ad63-81b94a00e2bb&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=80B92AD001CD3535007A5514&install_time=2012-05-18T20:33:37Z&src_id=31000&camp_id=4886&tb_version=1.2.0000.2(B)
IE - HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\..\SearchScopes\{AC11BFE8-0C0C-4239-97E4-2E0BEE1F2B56}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=077105b8-12fc-4cf1-8052-87ecf8c88c98&apn_sauid=60A18FF3-82FB-4904-9AB8-F05976836CC7
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-flv"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv"
FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.alothome.com/en"
FF - prefs.js..keyword.URL: "http://search.alot.com/web?src_id=31000&client_id=72ebf8886cd204945858339c&camp_id=4886&install_time=2012-05-18T20:27:42Z&pr=auto&tb_version=1.0.17000(G)&q="
[2012.05.19 21:36:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.18 22:27:42 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com
[2012.05.31 10:06:16 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\ffxtlbra@softonic.com
[2012.05.18 22:27:43 | 000,002,205 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\searchplugins\alot-search.xml
[2012.05.19 00:04:42 | 000,002,474 | ---- | M] () -- C:\Users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\searchplugins\Web Search.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.21 20:08:07 | 000,000,000 | ---D | M] - D:\Auto CD -- [ NTFS ]
O33 - MountPoints2\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{29eaa849-a335-11e1-bed0-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{29eaa849-a335-11e1-bed0-ccaf78095a58}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{39fcdbff-b519-11e1-8061-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{39fcdbff-b519-11e1-8061-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{39fcdc28-b519-11e1-8061-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{39fcdc28-b519-11e1-8061-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{48750668-aed7-11e1-887e-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{48750668-aed7-11e1-887e-b870f4a32b34}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{4875069c-aed7-11e1-887e-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{4875069c-aed7-11e1-887e-b870f4a32b34}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{487506a8-aed7-11e1-887e-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{487506a8-aed7-11e1-887e-b870f4a32b34}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{7658e912-aed9-11e1-beaf-b870f4a32b34}\Shell - "" = AutoRun
O33 - MountPoints2\{7658e912-aed9-11e1-beaf-b870f4a32b34}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kelderon · 25.06.2012, 14:45

Hier der Log von dem fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1943691070-1327125964-2278805043-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-1943691070-1327125964-2278805043-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1943691070-1327125964-2278805043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-1943691070-1327125964-2278805043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
Registry key HKEY_USERS\S-1-5-21-1943691070-1327125964-2278805043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AC11BFE8-0C0C-4239-97E4-2E0BEE1F2B56}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC11BFE8-0C0C-4239-97E4-2E0BEE1F2B56}\ not found.
Prefs.js: "Yahoo" removed from browser.search.defaultEngine
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chrf-flv" removed from browser.search.param.yahoo-fr
Prefs.js: "chrf-flv" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "ALOT Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.alothome.com/en" removed from browser.startup.homepage
Prefs.js: "hxxp://search.alot.com/web?src_id=31000&client_id=72ebf8886cd204945858339c&camp_id=4886&install_time=2012-05-18T20:27:42Z&pr=auto&tb_version=1.0.17000(G)&q=" removed from keyword.URL
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com\META-INF folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com\gen folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com\defaults\preferences folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com\defaults folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com\components folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com\chrome folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\appbar@alot.com folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\ffxtlbra@softonic.com\META-INF folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\ffxtlbra@softonic.com\content\imgs folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\ffxtlbra@softonic.com\content folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\mozilla\Firefox\Profiles\e2gckr8f.default\extensions\ffxtlbra@softonic.com folder moved successfully.
C:\Users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\searchplugins\alot-search.xml moved successfully.
C:\Users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\searchplugins\Web Search.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16d4faf4-a63a-11e1-91d3-b870f4a32b34}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29eaa849-a335-11e1-bed0-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29eaa849-a335-11e1-bed0-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29eaa849-a335-11e1-bed0-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29eaa849-a335-11e1-bed0-ccaf78095a58}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29eaa85a-a335-11e1-bed0-ccaf78095a58}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fcdbf2-b519-11e1-8061-ccaf78095a58}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39fcdbff-b519-11e1-8061-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fcdbff-b519-11e1-8061-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39fcdbff-b519-11e1-8061-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fcdbff-b519-11e1-8061-ccaf78095a58}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39fcdc28-b519-11e1-8061-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fcdc28-b519-11e1-8061-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39fcdc28-b519-11e1-8061-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39fcdc28-b519-11e1-8061-ccaf78095a58}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48750668-aed7-11e1-887e-b870f4a32b34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48750668-aed7-11e1-887e-b870f4a32b34}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48750668-aed7-11e1-887e-b870f4a32b34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48750668-aed7-11e1-887e-b870f4a32b34}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4875069c-aed7-11e1-887e-b870f4a32b34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4875069c-aed7-11e1-887e-b870f4a32b34}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4875069c-aed7-11e1-887e-b870f4a32b34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4875069c-aed7-11e1-887e-b870f4a32b34}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{487506a8-aed7-11e1-887e-b870f4a32b34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{487506a8-aed7-11e1-887e-b870f4a32b34}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{487506a8-aed7-11e1-887e-b870f4a32b34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{487506a8-aed7-11e1-887e-b870f4a32b34}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7658e8dc-aed9-11e1-beaf-ccaf78095a58}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7658e912-aed9-11e1-beaf-b870f4a32b34}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7658e912-aed9-11e1-beaf-b870f4a32b34}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7658e912-aed9-11e1-beaf-b870f4a32b34}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7658e912-aed9-11e1-beaf-b870f4a32b34}\ not found.
File G:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77c62bb9-a94f-11e1-97da-ccaf78095a58}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb1bb8e-aed5-11e1-b775-ccaf78095a58}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aeb1bba7-aed5-11e1-b775-ccaf78095a58}\ not found.
File F:\.\Autorun.exe AUTORUN=1 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kelderon
->Temp folder emptied: 15040460 bytes
->Temporary Internet Files folder emptied: 279697913 bytes
->FireFox cache emptied: 60080418 bytes
->Google Chrome cache emptied: 10378700 bytes
->Flash cache emptied: 32176 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39229700 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 386,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Kelderon
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06252012_154019

Files\Folders moved on Reboot...
C:\Users\Kelderon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kelderon\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Kelderon\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Kelderon\AppData\Local\Temp\MMDUtl.log not found!
[2012.06.25 15:42:04 | 000,496,882 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
[2012.06.25 15:41:36 | 000,526,749 | ---- | M] () C:\Windows\temp\LMutilps.log : Unable to obtain MD5

Registry entries deleted on Reboot...

cosinus · 25.06.2012, 15:14

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Kelderon · 25.06.2012, 15:49

Ok, habe ich gemacht, hier der Log:

Code:

ATTFilter

16:47:18.0038 3864	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
16:47:18.0300 3864	============================================================
16:47:18.0300 3864	Current date / time: 2012/06/25 16:47:18.0300
16:47:18.0300 3864	SystemInfo:
16:47:18.0300 3864	
16:47:18.0300 3864	OS Version: 6.1.7601 ServicePack: 1.0
16:47:18.0300 3864	Product type: Workstation
16:47:18.0300 3864	ComputerName: KELDERON-PC
16:47:18.0300 3864	UserName: Kelderon
16:47:18.0300 3864	Windows directory: C:\Windows
16:47:18.0300 3864	System windows directory: C:\Windows
16:47:18.0300 3864	Running under WOW64
16:47:18.0300 3864	Processor architecture: Intel x64
16:47:18.0300 3864	Number of processors: 8
16:47:18.0300 3864	Page size: 0x1000
16:47:18.0300 3864	Boot type: Normal boot
16:47:18.0300 3864	============================================================
16:47:22.0239 3864	Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:22.0240 3864	Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:22.0244 3864	============================================================
16:47:22.0244 3864	\Device\Harddisk0\DR0:
16:47:22.0244 3864	MBR partitions:
16:47:22.0244 3864	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
16:47:22.0244 3864	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0xBF61800
16:47:22.0244 3864	\Device\Harddisk1\DR1:
16:47:22.0244 3864	MBR partitions:
16:47:22.0244 3864	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
16:47:22.0244 3864	============================================================
16:47:22.0245 3864	C: <-> \Device\Harddisk0\DR0\Partition1
16:47:22.0284 3864	D: <-> \Device\Harddisk1\DR1\Partition0
16:47:22.0284 3864	============================================================
16:47:22.0284 3864	Initialize success
16:47:22.0284 3864	============================================================
16:47:44.0607 5992	============================================================
16:47:44.0607 5992	Scan started
16:47:44.0607 5992	Mode: Manual; SigCheck; TDLFS; 
16:47:44.0607 5992	============================================================
16:47:44.0678 5992	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:47:44.0763 5992	1394ohci - ok
16:47:44.0778 5992	acedrv11        (84da132e969484f581c550de69bd1727) C:\Windows\system32\drivers\acedrv11.sys
16:47:44.0803 5992	acedrv11 - ok
16:47:44.0813 5992	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:47:44.0828 5992	ACPI - ok
16:47:44.0830 5992	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:47:44.0855 5992	AcpiPmi - ok
16:47:44.0878 5992	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:47:44.0889 5992	AdobeFlashPlayerUpdateSvc - ok
16:47:44.0902 5992	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:47:44.0920 5992	adp94xx - ok
16:47:44.0930 5992	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:47:44.0945 5992	adpahci - ok
16:47:44.0956 5992	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:47:44.0968 5992	adpu320 - ok
16:47:44.0978 5992	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:47:45.0033 5992	AeLookupSvc - ok
16:47:45.0052 5992	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:47:45.0072 5992	AFD - ok
16:47:45.0081 5992	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:47:45.0092 5992	agp440 - ok
16:47:45.0118 5992	ALDITALKVerbindungsassistent_Service (73350b0f3a59c52118137ebde11c2a5d) C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
16:47:45.0133 5992	ALDITALKVerbindungsassistent_Service - ok
16:47:45.0138 5992	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:47:45.0156 5992	ALG - ok
16:47:45.0158 5992	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:47:45.0168 5992	aliide - ok
16:47:45.0176 5992	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
16:47:45.0208 5992	AMD External Events Utility - ok
16:47:45.0211 5992	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:47:45.0221 5992	amdide - ok
16:47:45.0230 5992	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:47:45.0243 5992	AmdK8 - ok
16:47:45.0470 5992	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:47:45.0627 5992	amdkmdag - ok
16:47:45.0657 5992	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:47:45.0674 5992	amdkmdap - ok
16:47:45.0683 5992	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:47:45.0696 5992	AmdPPM - ok
16:47:45.0706 5992	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:47:45.0717 5992	amdsata - ok
16:47:45.0726 5992	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:47:45.0739 5992	amdsbs - ok
16:47:45.0744 5992	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:47:45.0753 5992	amdxata - ok
16:47:45.0758 5992	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:47:45.0816 5992	AppID - ok
16:47:45.0819 5992	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:47:45.0850 5992	AppIDSvc - ok
16:47:45.0854 5992	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:47:45.0884 5992	Appinfo - ok
16:47:45.0894 5992	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:47:45.0905 5992	arc - ok
16:47:45.0913 5992	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:47:45.0924 5992	arcsas - ok
16:47:45.0930 5992	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
16:47:45.0939 5992	aswFsBlk - ok
16:47:45.0945 5992	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
16:47:45.0954 5992	aswMonFlt - ok
16:47:45.0963 5992	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
16:47:45.0972 5992	aswRdr - ok
16:47:45.0997 5992	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
16:47:46.0016 5992	aswSnx - ok
16:47:46.0030 5992	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
16:47:46.0043 5992	aswSP - ok
16:47:46.0049 5992	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
16:47:46.0059 5992	aswTdi - ok
16:47:46.0063 5992	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:46.0093 5992	AsyncMac - ok
16:47:46.0098 5992	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:47:46.0107 5992	atapi - ok
16:47:46.0120 5992	AtherosSvc      (fbbe79d7445aa4494e069a0b91f9417b) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:47:46.0127 5992	AtherosSvc - ok
16:47:46.0140 5992	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
16:47:46.0149 5992	AtiHDAudioService - ok
16:47:46.0165 5992	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:47:46.0203 5992	AudioEndpointBuilder - ok
16:47:46.0207 5992	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:47:46.0241 5992	AudioSrv - ok
16:47:46.0249 5992	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:47:46.0259 5992	avast! Antivirus - ok
16:47:46.0265 5992	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:47:46.0283 5992	AxInstSV - ok
16:47:46.0300 5992	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:47:46.0318 5992	b06bdrv - ok
16:47:46.0330 5992	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:47:46.0346 5992	b57nd60a - ok
16:47:46.0444 5992	BCM43XX         (85111026f1c5a1c4cce3697f0da7bc1a) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:47:46.0509 5992	BCM43XX - ok
16:47:46.0528 5992	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:47:46.0541 5992	BDESVC - ok
16:47:46.0546 5992	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:47:46.0575 5992	Beep - ok
16:47:46.0594 5992	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:47:46.0633 5992	BFE - ok
16:47:46.0653 5992	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:47:46.0696 5992	BITS - ok
16:47:46.0703 5992	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:47:46.0715 5992	blbdrive - ok
16:47:46.0719 5992	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:47:46.0732 5992	bowser - ok
16:47:46.0736 5992	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:47:46.0749 5992	BrFiltLo - ok
16:47:46.0752 5992	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:47:46.0765 5992	BrFiltUp - ok
16:47:46.0770 5992	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:47:46.0801 5992	Browser - ok
16:47:46.0810 5992	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:47:46.0827 5992	Brserid - ok
16:47:46.0834 5992	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:47:46.0849 5992	BrSerWdm - ok
16:47:46.0852 5992	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:47:46.0866 5992	BrUsbMdm - ok
16:47:46.0868 5992	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:47:46.0880 5992	BrUsbSer - ok
16:47:46.0884 5992	BTATH_BUS       (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
16:47:46.0891 5992	BTATH_BUS - ok
16:47:46.0898 5992	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:47:46.0910 5992	BthEnum - ok
16:47:46.0921 5992	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:47:46.0936 5992	BTHMODEM - ok
16:47:46.0943 5992	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:47:46.0959 5992	BthPan - ok
16:47:46.0973 5992	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:47:46.0991 5992	BTHPORT - ok
16:47:46.0996 5992	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:47:47.0027 5992	bthserv - ok
16:47:47.0032 5992	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:47:47.0044 5992	BTHUSB - ok
16:47:47.0055 5992	BTWAMPFL        (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
16:47:47.0069 5992	BTWAMPFL - ok
16:47:47.0081 5992	btwaudio        (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
16:47:47.0091 5992	btwaudio - ok
16:47:47.0104 5992	btwavdt         (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
16:47:47.0115 5992	btwavdt - ok
16:47:47.0139 5992	btwdins         (1ad3a2baf31c4327dcbb2b0eca4a23bb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:47:47.0162 5992	btwdins - ok
16:47:47.0168 5992	btwl2cap        (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:47:47.0177 5992	btwl2cap - ok
16:47:47.0181 5992	btwrchid        (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
16:47:47.0190 5992	btwrchid - ok
16:47:47.0200 5992	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:47:47.0231 5992	cdfs - ok
16:47:47.0237 5992	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:47:47.0251 5992	cdrom - ok
16:47:47.0257 5992	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:47:47.0288 5992	CertPropSvc - ok
16:47:47.0295 5992	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:47:47.0310 5992	circlass - ok
16:47:47.0320 5992	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:47:47.0335 5992	CLFS - ok
16:47:47.0345 5992	CLKMSVC10_34E30CCC (b870e20ff27b38aab31086e80c7da617) C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe
16:47:47.0358 5992	CLKMSVC10_34E30CCC - ok
16:47:47.0365 5992	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:47:47.0375 5992	clr_optimization_v2.0.50727_32 - ok
16:47:47.0386 5992	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:47:47.0397 5992	clr_optimization_v2.0.50727_64 - ok
16:47:47.0413 5992	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:47.0428 5992	clr_optimization_v4.0.30319_32 - ok
16:47:47.0443 5992	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:47:47.0454 5992	clr_optimization_v4.0.30319_64 - ok
16:47:47.0460 5992	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:47:47.0475 5992	CmBatt - ok
16:47:47.0478 5992	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:47:47.0488 5992	cmdide - ok
16:47:47.0505 5992	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:47:47.0528 5992	CNG - ok
16:47:47.0532 5992	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:47:47.0541 5992	Compbatt - ok
16:47:47.0546 5992	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:47:47.0560 5992	CompositeBus - ok
16:47:47.0562 5992	COMSysApp - ok
16:47:47.0594 5992	CPUCooLServer   (f4fd82f5d6617a45cc3c4b9d4e7df2c0) C:\Program Files (x86)\CPUCooL\CooLSrv.exe
16:47:47.0608 5992	CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
16:47:47.0608 5992	CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
16:47:47.0612 5992	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:47:47.0621 5992	crcdisk - ok
16:47:47.0633 5992	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:47:47.0648 5992	CryptSvc - ok
16:47:47.0662 5992	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:47:47.0700 5992	DcomLaunch - ok
16:47:47.0710 5992	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:47:47.0744 5992	defragsvc - ok
16:47:47.0750 5992	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:47:47.0780 5992	DfsC - ok
16:47:47.0789 5992	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:47:47.0823 5992	Dhcp - ok
16:47:47.0827 5992	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:47:47.0858 5992	discache - ok
16:47:47.0863 5992	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:47:47.0873 5992	Disk - ok
16:47:47.0880 5992	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:47:47.0894 5992	Dnscache - ok
16:47:47.0902 5992	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:47:47.0935 5992	dot3svc - ok
16:47:47.0941 5992	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:47:47.0973 5992	DPS - ok
16:47:47.0976 5992	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:47:47.0989 5992	drmkaud - ok
16:47:48.0001 5992	DsiWMIService   (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
16:47:48.0014 5992	DsiWMIService - ok
16:47:48.0036 5992	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:47:48.0057 5992	DXGKrnl - ok
16:47:48.0062 5992	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:47:48.0094 5992	EapHost - ok
16:47:48.0168 5992	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:47:48.0221 5992	ebdrv - ok
16:47:48.0238 5992	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:47:48.0253 5992	EFS - ok
16:47:48.0268 5992	EgisTec Ticket Service (18dd872dd46acb24e106dc2c9c270466) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
16:47:48.0279 5992	EgisTec Ticket Service - ok
16:47:48.0298 5992	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:47:48.0323 5992	ehRecvr - ok
16:47:48.0329 5992	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:47:48.0343 5992	ehSched - ok
16:47:48.0363 5992	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:47:48.0382 5992	elxstor - ok
16:47:48.0385 5992	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:47:48.0396 5992	ErrDev - ok
16:47:48.0403 5992	ETD             (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
16:47:48.0415 5992	ETD - ok
16:47:48.0427 5992	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:47:48.0463 5992	EventSystem - ok
16:47:48.0475 5992	ew_hwusbdev     (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:47:48.0489 5992	ew_hwusbdev - ok
16:47:48.0499 5992	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:47:48.0530 5992	exfat - ok
16:47:48.0540 5992	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:47:48.0573 5992	fastfat - ok
16:47:48.0592 5992	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:47:48.0615 5992	Fax - ok
16:47:48.0620 5992	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:47:48.0632 5992	fdc - ok
16:47:48.0635 5992	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:47:48.0665 5992	fdPHost - ok
16:47:48.0668 5992	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:47:48.0699 5992	FDResPub - ok
16:47:48.0703 5992	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:47:48.0713 5992	FileInfo - ok
16:47:48.0716 5992	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:47:48.0747 5992	Filetrace - ok
16:47:48.0767 5992	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:47:48.0787 5992	FLEXnet Licensing Service - ok
16:47:48.0791 5992	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:47:48.0803 5992	flpydisk - ok
16:47:48.0811 5992	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:47:48.0825 5992	FltMgr - ok
16:47:48.0849 5992	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:47:48.0877 5992	FontCache - ok
16:47:48.0886 5992	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:47:48.0893 5992	FontCache3.0.0.0 - ok
16:47:48.0900 5992	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:47:48.0910 5992	FsDepends - ok
16:47:48.0914 5992	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:47:48.0923 5992	Fs_Rec - ok
16:47:48.0931 5992	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:47:48.0946 5992	fvevol - ok
16:47:48.0950 5992	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:47:48.0960 5992	gagp30kx - ok
16:47:48.0965 5992	gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
16:47:48.0975 5992	gdrv - ok
16:47:48.0993 5992	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:47:49.0033 5992	gpsvc - ok
16:47:49.0039 5992	GREGService     (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
16:47:49.0043 5992	GREGService ( UnsignedFile.Multi.Generic ) - warning
16:47:49.0043 5992	GREGService - detected UnsignedFile.Multi.Generic (1)
16:47:49.0055 5992	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:47:49.0064 5992	gupdate - ok
16:47:49.0067 5992	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:47:49.0075 5992	gupdatem - ok
16:47:49.0081 5992	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:47:49.0093 5992	hcw85cir - ok
16:47:49.0107 5992	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:47:49.0125 5992	HdAudAddService - ok
16:47:49.0131 5992	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:47:49.0147 5992	HDAudBus - ok
16:47:49.0151 5992	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:47:49.0163 5992	HidBatt - ok
16:47:49.0174 5992	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:47:49.0189 5992	HidBth - ok
16:47:49.0196 5992	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:47:49.0210 5992	HidIr - ok
16:47:49.0214 5992	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:47:49.0245 5992	hidserv - ok
16:47:49.0249 5992	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:49.0261 5992	HidUsb - ok
16:47:49.0266 5992	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:47:49.0301 5992	hkmsvc - ok
16:47:49.0310 5992	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:47:49.0326 5992	HomeGroupListener - ok
16:47:49.0333 5992	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:47:49.0348 5992	HomeGroupProvider - ok
16:47:49.0357 5992	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:47:49.0368 5992	HpSAMD - ok
16:47:49.0384 5992	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:47:49.0424 5992	HTTP - ok
16:47:49.0436 5992	hwdatacard      (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:47:49.0451 5992	hwdatacard - ok
16:47:49.0454 5992	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:47:49.0463 5992	hwpolicy - ok
16:47:49.0470 5992	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:49.0482 5992	i8042prt - ok
16:47:49.0493 5992	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
16:47:49.0508 5992	iaStor - ok
16:47:49.0514 5992	IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:47:49.0522 5992	IAStorDataMgrSvc - ok
16:47:49.0533 5992	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:47:49.0550 5992	iaStorV - ok
16:47:49.0574 5992	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:47:49.0597 5992	idsvc - ok
16:47:49.0604 5992	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:47:49.0614 5992	iirsp - ok
16:47:49.0633 5992	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:47:49.0674 5992	IKEEXT - ok
16:47:49.0733 5992	IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
16:47:49.0776 5992	IntcAzAudAddService - ok
16:47:49.0794 5992	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:47:49.0804 5992	intelide - ok
16:47:49.0808 5992	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:49.0820 5992	intelppm - ok
16:47:49.0825 5992	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:47:49.0858 5992	IPBusEnum - ok
16:47:49.0867 5992	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:49.0897 5992	IpFilterDriver - ok
16:47:49.0911 5992	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:47:49.0953 5992	iphlpsvc - ok
16:47:49.0963 5992	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:47:49.0975 5992	IPMIDRV - ok
16:47:49.0985 5992	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:47:50.0017 5992	IPNAT - ok
16:47:50.0020 5992	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:47:50.0036 5992	IRENUM - ok
16:47:50.0039 5992	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:47:50.0048 5992	isapnp - ok
16:47:50.0060 5992	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:47:50.0074 5992	iScsiPrt - ok
16:47:50.0078 5992	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:50.0088 5992	kbdclass - ok
16:47:50.0090 5992	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:50.0102 5992	kbdhid - ok
16:47:50.0107 5992	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:47:50.0118 5992	KeyIso - ok
16:47:50.0130 5992	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:47:50.0141 5992	KSecDD - ok
16:47:50.0151 5992	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:47:50.0162 5992	KSecPkg - ok
16:47:50.0166 5992	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:47:50.0197 5992	ksthunk - ok
16:47:50.0207 5992	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:47:50.0244 5992	KtmRm - ok
16:47:50.0251 5992	L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:47:50.0259 5992	L1C - ok
16:47:50.0267 5992	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:47:50.0301 5992	LanmanServer - ok
16:47:50.0308 5992	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:47:50.0341 5992	LanmanWorkstation - ok
16:47:50.0363 5992	Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:47:50.0374 5992	Live Updater Service - ok
16:47:50.0378 5992	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:50.0409 5992	lltdio - ok
16:47:50.0423 5992	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:47:50.0459 5992	lltdsvc - ok
16:47:50.0462 5992	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:47:50.0493 5992	lmhosts - ok
16:47:50.0505 5992	LMS             (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:47:50.0516 5992	LMS - ok
16:47:50.0528 5992	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:47:50.0539 5992	LSI_FC - ok
16:47:50.0548 5992	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:47:50.0559 5992	LSI_SAS - ok
16:47:50.0569 5992	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:47:50.0580 5992	LSI_SAS2 - ok
16:47:50.0590 5992	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:50.0601 5992	LSI_SCSI - ok
16:47:50.0606 5992	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:47:50.0638 5992	luafv - ok
16:47:50.0642 5992	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:47:50.0651 5992	MBAMProtector - ok
16:47:50.0671 5992	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:47:50.0689 5992	MBAMService - ok
16:47:50.0700 5992	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:47:50.0714 5992	Mcx2Svc - ok
16:47:50.0719 5992	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:47:50.0729 5992	megasas - ok
16:47:50.0743 5992	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:47:50.0757 5992	MegaSR - ok
16:47:50.0762 5992	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:47:50.0770 5992	MEIx64 - ok
16:47:50.0775 5992	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:47:50.0808 5992	MMCSS - ok
16:47:50.0813 5992	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:47:50.0844 5992	Modem - ok
16:47:50.0849 5992	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:47:50.0863 5992	monitor - ok
16:47:50.0866 5992	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:50.0876 5992	mouclass - ok
16:47:50.0879 5992	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:50.0892 5992	mouhid - ok
16:47:50.0905 5992	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:47:50.0916 5992	mountmgr - ok
16:47:50.0927 5992	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:47:50.0937 5992	MozillaMaintenance - ok
16:47:50.0948 5992	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:47:50.0960 5992	mpio - ok
16:47:50.0964 5992	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:47:50.0995 5992	mpsdrv - ok
16:47:51.0014 5992	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:47:51.0055 5992	MpsSvc - ok
16:47:51.0067 5992	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:47:51.0085 5992	MRxDAV - ok
16:47:51.0097 5992	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:51.0111 5992	mrxsmb - ok
16:47:51.0123 5992	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:51.0138 5992	mrxsmb10 - ok
16:47:51.0148 5992	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:51.0161 5992	mrxsmb20 - ok
16:47:51.0165 5992	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:47:51.0175 5992	msahci - ok
16:47:51.0187 5992	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:47:51.0199 5992	msdsm - ok
16:47:51.0210 5992	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:47:51.0225 5992	MSDTC - ok
16:47:51.0230 5992	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:47:51.0260 5992	Msfs - ok
16:47:51.0263 5992	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:47:51.0294 5992	mshidkmdf - ok
16:47:51.0297 5992	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:47:51.0307 5992	msisadrv - ok
16:47:51.0320 5992	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:47:51.0353 5992	MSiSCSI - ok
16:47:51.0356 5992	msiserver - ok
16:47:51.0360 5992	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:51.0390 5992	MSKSSRV - ok
16:47:51.0393 5992	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:51.0422 5992	MSPCLOCK - ok
16:47:51.0425 5992	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:47:51.0455 5992	MSPQM - ok
16:47:51.0465 5992	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0480 5992	MsRPC - ok
16:47:51.0485 5992	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:47:51.0494 5992	mssmbios - ok
16:47:51.0497 5992	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:47:51.0527 5992	MSTEE - ok
16:47:51.0530 5992	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:47:51.0541 5992	MTConfig - ok
16:47:51.0546 5992	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:47:51.0555 5992	Mup - ok
16:47:51.0560 5992	mwlPSDFilter    (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:47:51.0568 5992	mwlPSDFilter - ok
16:47:51.0570 5992	mwlPSDNServ     (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:47:51.0578 5992	mwlPSDNServ - ok
16:47:51.0582 5992	mwlPSDVDisk     (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:47:51.0590 5992	mwlPSDVDisk - ok
16:47:51.0603 5992	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:47:51.0640 5992	napagent - ok
16:47:51.0650 5992	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:51.0670 5992	NativeWifiP - ok
16:47:51.0692 5992	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:47:51.0717 5992	NDIS - ok
16:47:51.0723 5992	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:47:51.0754 5992	NdisCap - ok
16:47:51.0759 5992	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:51.0788 5992	NdisTapi - ok
16:47:51.0792 5992	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:51.0821 5992	Ndisuio - ok
16:47:51.0827 5992	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:51.0859 5992	NdisWan - ok
16:47:51.0864 5992	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:47:51.0894 5992	NDProxy - ok
16:47:51.0897 5992	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:47:51.0933 5992	NetBIOS - ok
16:47:51.0940 5992	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:47:51.0972 5992	NetBT - ok
16:47:51.0978 5992	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:47:51.0989 5992	Netlogon - ok
16:47:51.0999 5992	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:47:52.0035 5992	Netman - ok
16:47:52.0048 5992	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:47:52.0085 5992	netprofm - ok
16:47:52.0097 5992	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:47:52.0107 5992	NetTcpPortSharing - ok
16:47:52.0114 5992	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:47:52.0124 5992	nfrd960 - ok
16:47:52.0133 5992	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:47:52.0167 5992	NlaSvc - ok
16:47:52.0225 5992	NOBU            (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
16:47:52.0278 5992	NOBU - ok
16:47:52.0297 5992	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:47:52.0327 5992	Npfs - ok
16:47:52.0331 5992	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:47:52.0362 5992	nsi - ok
16:47:52.0365 5992	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:47:52.0395 5992	nsiproxy - ok
16:47:52.0432 5992	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:47:52.0470 5992	Ntfs - ok
16:47:52.0481 5992	NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
16:47:52.0492 5992	NTI IScheduleSvc - ok
16:47:52.0510 5992	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
16:47:52.0519 5992	NTIDrvr - ok
16:47:52.0522 5992	ntiomin - ok
16:47:52.0527 5992	ntiopnp         (69e894c5a09c6a6e6372e35653bb05f3) C:\Windows\system32\drivers\ntiopnp.sys
16:47:52.0537 5992	ntiopnp - ok
16:47:52.0539 5992	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:47:52.0569 5992	Null - ok
16:47:52.0574 5992	nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:47:52.0585 5992	nusb3hub - ok
16:47:52.0592 5992	nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:47:52.0605 5992	nusb3xhc - ok
16:47:52.0616 5992	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:47:52.0628 5992	nvraid - ok
16:47:52.0634 5992	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:47:52.0646 5992	nvstor - ok
16:47:52.0659 5992	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:47:52.0670 5992	nv_agp - ok
16:47:52.0681 5992	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:47:52.0693 5992	ohci1394 - ok
16:47:52.0703 5992	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:47:52.0720 5992	p2pimsvc - ok
16:47:52.0732 5992	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:47:52.0751 5992	p2psvc - ok
16:47:52.0763 5992	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:47:52.0776 5992	Parport - ok
16:47:52.0787 5992	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:47:52.0797 5992	partmgr - ok
16:47:52.0804 5992	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:47:52.0823 5992	PcaSvc - ok
16:47:52.0830 5992	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:47:52.0842 5992	pci - ok
16:47:52.0845 5992	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:47:52.0854 5992	pciide - ok
16:47:52.0861 5992	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:47:52.0874 5992	pcmcia - ok
16:47:52.0879 5992	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:47:52.0888 5992	pcw - ok
16:47:52.0902 5992	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:47:52.0941 5992	PEAUTH - ok
16:47:52.0955 5992	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:47:52.0970 5992	PerfHost - ok
16:47:53.0003 5992	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:47:53.0052 5992	pla - ok
16:47:53.0069 5992	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:47:53.0089 5992	PlugPlay - ok
16:47:53.0095 5992	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:47:53.0109 5992	PNRPAutoReg - ok
16:47:53.0118 5992	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:47:53.0133 5992	PNRPsvc - ok
16:47:53.0150 5992	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:47:53.0189 5992	PolicyAgent - ok
16:47:53.0197 5992	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:47:53.0231 5992	Power - ok
16:47:53.0240 5992	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:47:53.0277 5992	PptpMiniport - ok
16:47:53.0287 5992	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:47:53.0299 5992	Processor - ok
16:47:53.0309 5992	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:47:53.0327 5992	ProfSvc - ok
16:47:53.0332 5992	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:47:53.0343 5992	ProtectedStorage - ok
16:47:53.0350 5992	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:47:53.0381 5992	Psched - ok
16:47:53.0416 5992	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:47:53.0451 5992	ql2300 - ok
16:47:53.0478 5992	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:47:53.0489 5992	ql40xx - ok
16:47:53.0497 5992	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:47:53.0518 5992	QWAVE - ok
16:47:53.0522 5992	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:47:53.0538 5992	QWAVEdrv - ok
16:47:53.0541 5992	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:47:53.0575 5992	RasAcd - ok
16:47:53.0581 5992	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:47:53.0611 5992	RasAgileVpn - ok
16:47:53.0616 5992	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:47:53.0649 5992	RasAuto - ok
16:47:53.0654 5992	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:53.0686 5992	Rasl2tp - ok
16:47:53.0696 5992	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:47:53.0732 5992	RasMan - ok
16:47:53.0738 5992	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:53.0770 5992	RasPppoe - ok
16:47:53.0774 5992	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:47:53.0805 5992	RasSstp - ok
16:47:53.0815 5992	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:47:53.0849 5992	rdbss - ok
16:47:53.0854 5992	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:47:53.0868 5992	rdpbus - ok
16:47:53.0871 5992	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:53.0900 5992	RDPCDD - ok
16:47:53.0905 5992	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:47:53.0935 5992	RDPENCDD - ok
16:47:53.0939 5992	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:47:53.0968 5992	RDPREFMP - ok
16:47:53.0980 5992	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:47:53.0994 5992	RDPWD - ok
16:47:54.0001 5992	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:47:54.0013 5992	rdyboost - ok
16:47:54.0018 5992	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:47:54.0051 5992	RemoteAccess - ok
16:47:54.0057 5992	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:47:54.0091 5992	RemoteRegistry - ok
16:47:54.0104 5992	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:47:54.0120 5992	RFCOMM - ok
16:47:54.0124 5992	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:47:54.0157 5992	RpcEptMapper - ok
16:47:54.0159 5992	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:47:54.0172 5992	RpcLocator - ok
16:47:54.0185 5992	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:47:54.0219 5992	RpcSs - ok
16:47:54.0224 5992	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:47:54.0254 5992	rspndr - ok
16:47:54.0266 5992	RSUSBSTOR       (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
16:47:54.0279 5992	RSUSBSTOR - ok
16:47:54.0284 5992	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:47:54.0295 5992	SamSs - ok
16:47:54.0307 5992	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:47:54.0318 5992	sbp2port - ok
16:47:54.0325 5992	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:47:54.0359 5992	SCardSvr - ok
16:47:54.0363 5992	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:47:54.0393 5992	scfilter - ok
16:47:54.0416 5992	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:47:54.0462 5992	Schedule - ok
16:47:54.0468 5992	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:47:54.0497 5992	SCPolicySvc - ok
16:47:54.0504 5992	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:47:54.0519 5992	SDRSVC - ok
16:47:54.0526 5992	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:47:54.0556 5992	secdrv - ok
16:47:54.0560 5992	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:47:54.0591 5992	seclogon - ok
16:47:54.0596 5992	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:47:54.0628 5992	SENS - ok
16:47:54.0632 5992	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:47:54.0646 5992	SensrSvc - ok
16:47:54.0650 5992	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:47:54.0662 5992	Serenum - ok
16:47:54.0669 5992	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:47:54.0682 5992	Serial - ok
16:47:54.0687 5992	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:47:54.0698 5992	sermouse - ok
16:47:54.0707 5992	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:47:54.0740 5992	SessionEnv - ok
16:47:54.0743 5992	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:47:54.0757 5992	sffdisk - ok
16:47:54.0760 5992	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:47:54.0773 5992	sffp_mmc - ok
16:47:54.0776 5992	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:47:54.0789 5992	sffp_sd - ok
16:47:54.0792 5992	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:47:54.0804 5992	sfloppy - ok
16:47:54.0814 5992	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:47:54.0849 5992	SharedAccess - ok
16:47:54.0866 5992	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:47:54.0902 5992	ShellHWDetection - ok
16:47:54.0908 5992	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:47:54.0918 5992	SiSRaid2 - ok
16:47:54.0929 5992	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:47:54.0940 5992	SiSRaid4 - ok
16:47:54.0951 5992	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:47:54.0983 5992	Smb - ok
16:47:54.0989 5992	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:47:55.0004 5992	SNMPTRAP - ok
16:47:55.0018 5992	speedfan        (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
16:47:55.0029 5992	speedfan - ok
16:47:55.0032 5992	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:47:55.0042 5992	spldr - ok
16:47:55.0056 5992	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:47:55.0094 5992	Spooler - ok
16:47:55.0167 5992	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:47:55.0243 5992	sppsvc - ok
16:47:55.0261 5992	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:47:55.0294 5992	sppuinotify - ok
16:47:55.0312 5992	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:47:55.0331 5992	srv - ok
16:47:55.0346 5992	srv2            (e10010ac9a4e8d7676ec89700bb6a24c) C:\Windows\system32\DRIVERS\srv2.sys
16:47:55.0362 5992	srv2 - ok
16:47:55.0373 5992	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:47:55.0387 5992	srvnet - ok
16:47:55.0394 5992	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:47:55.0429 5992	SSDPSRV - ok
16:47:55.0435 5992	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:47:55.0467 5992	SstpSvc - ok
16:47:55.0471 5992	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:47:55.0481 5992	stexstor - ok
16:47:55.0495 5992	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:47:55.0520 5992	stisvc - ok
16:47:55.0523 5992	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:47:55.0533 5992	swenum - ok
16:47:55.0546 5992	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:47:55.0585 5992	swprv - ok
16:47:55.0624 5992	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:47:55.0664 5992	SysMain - ok
16:47:55.0683 5992	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:47:55.0702 5992	TabletInputService - ok
16:47:55.0712 5992	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:47:55.0748 5992	TapiSrv - ok
16:47:55.0753 5992	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:47:55.0785 5992	TBS - ok
16:47:55.0834 5992	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:47:55.0876 5992	Tcpip - ok
16:47:55.0936 5992	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:47:55.0968 5992	TCPIP6 - ok
16:47:55.0990 5992	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:47:56.0020 5992	tcpipreg - ok
16:47:56.0025 5992	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:47:56.0036 5992	TDPIPE - ok
16:47:56.0040 5992	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:47:56.0051 5992	TDTCP - ok
16:47:56.0057 5992	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:47:56.0088 5992	tdx - ok
16:47:56.0092 5992	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:47:56.0102 5992	TermDD - ok
16:47:56.0120 5992	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:47:56.0161 5992	TermService - ok
16:47:56.0166 5992	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:47:56.0184 5992	Themes - ok
16:47:56.0189 5992	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:47:56.0220 5992	THREADORDER - ok
16:47:56.0227 5992	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:47:56.0260 5992	TrkWks - ok
16:47:56.0270 5992	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:47:56.0301 5992	TrustedInstaller - ok
16:47:56.0306 5992	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:56.0336 5992	tssecsrv - ok
16:47:56.0345 5992	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:47:56.0357 5992	TsUsbFlt - ok
16:47:56.0363 5992	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:47:56.0374 5992	TsUsbGD - ok
16:47:56.0380 5992	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:47:56.0411 5992	tunnel - ok
16:47:56.0414 5992	TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
16:47:56.0423 5992	TurboB - ok
16:47:56.0430 5992	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:47:56.0441 5992	TurboBoost - ok
16:47:56.0450 5992	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:47:56.0461 5992	uagp35 - ok
16:47:56.0466 5992	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
16:47:56.0474 5992	UBHelper - ok
16:47:56.0487 5992	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:47:56.0520 5992	udfs - ok
16:47:56.0527 5992	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:47:56.0541 5992	UI0Detect - ok
16:47:56.0550 5992	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:47:56.0560 5992	uliagpkx - ok
16:47:56.0568 5992	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:47:56.0581 5992	umbus - ok
16:47:56.0583 5992	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:47:56.0595 5992	UmPass - ok
16:47:56.0653 5992	UNS             (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:47:56.0694 5992	UNS - ok
16:47:56.0718 5992	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:47:56.0755 5992	upnphost - ok
16:47:56.0768 5992	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:56.0781 5992	usbccgp - ok
16:47:56.0796 5992	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:47:56.0810 5992	usbcir - ok
16:47:56.0815 5992	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:47:56.0827 5992	usbehci - ok
16:47:56.0838 5992	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:47:56.0854 5992	usbhub - ok
16:47:56.0859 5992	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:47:56.0870 5992	usbohci - ok
16:47:56.0875 5992	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:47:56.0889 5992	usbprint - ok
16:47:56.0901 5992	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:56.0913 5992	USBSTOR - ok
16:47:56.0919 5992	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:47:56.0930 5992	usbuhci - ok
16:47:56.0937 5992	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:47:56.0954 5992	usbvideo - ok
16:47:56.0958 5992	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:47:56.0991 5992	UxSms - ok
16:47:56.0996 5992	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:47:57.0007 5992	VaultSvc - ok
16:47:57.0011 5992	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:47:57.0021 5992	vdrvroot - ok
16:47:57.0035 5992	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:47:57.0073 5992	vds - ok
16:47:57.0079 5992	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:57.0092 5992	vga - ok
16:47:57.0097 5992	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:47:57.0127 5992	VgaSave - ok
16:47:57.0139 5992	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:47:57.0153 5992	vhdmp - ok
16:47:57.0157 5992	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:47:57.0166 5992	viaide - ok
16:47:57.0171 5992	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:47:57.0182 5992	volmgr - ok
16:47:57.0191 5992	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:47:57.0207 5992	volmgrx - ok
16:47:57.0216 5992	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:47:57.0230 5992	volsnap - ok
16:47:57.0243 5992	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:47:57.0256 5992	vsmraid - ok
16:47:57.0291 5992	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:47:57.0343 5992	VSS - ok
16:47:57.0362 5992	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:47:57.0377 5992	vwifibus - ok
16:47:57.0380 5992	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:47:57.0396 5992	vwififlt - ok
16:47:57.0407 5992	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:47:57.0444 5992	W32Time - ok
16:47:57.0451 5992	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:47:57.0464 5992	WacomPen - ok
16:47:57.0469 5992	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:47:57.0500 5992	WANARP - ok
16:47:57.0503 5992	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:47:57.0532 5992	Wanarpv6 - ok
16:47:57.0565 5992	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:47:57.0599 5992	wbengine - ok
16:47:57.0620 5992	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:47:57.0640 5992	WbioSrvc - ok
16:47:57.0651 5992	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:47:57.0674 5992	wcncsvc - ok
16:47:57.0678 5992	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:47:57.0693 5992	WcsPlugInService - ok
16:47:57.0699 5992	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:47:57.0709 5992	Wd - ok
16:47:57.0724 5992	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:47:57.0744 5992	Wdf01000 - ok
16:47:57.0750 5992	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:47:57.0784 5992	WdiServiceHost - ok
16:47:57.0786 5992	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:47:57.0804 5992	WdiSystemHost - ok
16:47:57.0814 5992	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:47:57.0835 5992	WebClient - ok
16:47:57.0843 5992	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:47:57.0879 5992	Wecsvc - ok
16:47:57.0885 5992	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:47:57.0918 5992	wercplsupport - ok
16:47:57.0923 5992	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:47:57.0956 5992	WerSvc - ok
16:47:57.0962 5992	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:47:57.0992 5992	WfpLwf - ok
16:47:57.0997 5992	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:47:58.0007 5992	WIMMount - ok
16:47:58.0010 5992	WinDefend - ok
16:47:58.0014 5992	WinHttpAutoProxySvc - ok
16:47:58.0025 5992	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:47:58.0058 5992	Winmgmt - ok
16:47:58.0102 5992	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:47:58.0159 5992	WinRM - ok
16:47:58.0195 5992	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:47:58.0224 5992	Wlansvc - ok
16:47:58.0230 5992	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:47:58.0239 5992	wlcrasvc - ok
16:47:58.0287 5992	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:47:58.0333 5992	wlidsvc - ok
16:47:58.0352 5992	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:47:58.0363 5992	WmiAcpi - ok
16:47:58.0374 5992	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:47:58.0389 5992	wmiApSrv - ok
16:47:58.0394 5992	WMPNetworkSvc - ok
16:47:58.0398 5992	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:47:58.0412 5992	WPCSvc - ok
16:47:58.0418 5992	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:47:58.0434 5992	WPDBusEnum - ok
16:47:58.0438 5992	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:47:58.0468 5992	ws2ifsl - ok
16:47:58.0474 5992	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:47:58.0494 5992	wscsvc - ok
16:47:58.0496 5992	WSearch - ok
16:47:58.0513 5992	WTGService      (a583f4bf607ebc5709578433207a76a8) C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
16:47:58.0525 5992	WTGService - ok
16:47:58.0579 5992	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:47:58.0630 5992	wuauserv - ok
16:47:58.0652 5992	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:47:58.0683 5992	WudfPf - ok
16:47:58.0698 5992	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:58.0730 5992	WUDFRd - ok
16:47:58.0736 5992	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:47:58.0768 5992	wudfsvc - ok
16:47:58.0775 5992	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:47:58.0796 5992	WwanSvc - ok
16:47:58.0803 5992	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:47:58.0877 5992	\Device\Harddisk0\DR0 - ok
16:48:02.0808 5992	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:48:02.0972 5992	\Device\Harddisk1\DR1 - ok
16:48:02.0975 5992	Boot (0x1200)   (93bca43c720035c6e03125438a795045) \Device\Harddisk0\DR0\Partition0
16:48:02.0976 5992	\Device\Harddisk0\DR0\Partition0 - ok
16:48:02.0977 5992	Boot (0x1200)   (f40adae605326740aafdfa26958075fa) \Device\Harddisk0\DR0\Partition1
16:48:02.0978 5992	\Device\Harddisk0\DR0\Partition1 - ok
16:48:02.0980 5992	Boot (0x1200)   (1ec1c1d45827fc7d2032b409be42fc64) \Device\Harddisk1\DR1\Partition0
16:48:02.0981 5992	\Device\Harddisk1\DR1\Partition0 - ok
16:48:02.0982 5992	============================================================
16:48:02.0982 5992	Scan finished
16:48:02.0982 5992	============================================================
16:48:02.0987 1128	Detected object count: 2
16:48:02.0987 1128	Actual detected object count: 2
16:48:16.0735 1128	CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:16.0735 1128	CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:16.0735 1128	GREGService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:16.0735 1128	GREGService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 25.06.2012, 19:14

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Kelderon · 25.06.2012, 21:08

Code:

ATTFilter

ComboFix 12-06-25.03 - Kelderon 25.06.2012  21:50:37.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6423 [GMT 2:00]
ausgeführt von:: c:\users\Kelderon\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-25 bis 2012-06-25  ))))))))))))))))))))))))))))))
.
.
2012-06-25 19:53 . 2012-06-25 19:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-25 13:40 . 2012-06-25 13:40	--------	d-----w-	C:\_OTL
2012-06-23 07:55 . 2012-06-23 07:55	--------	d-----w-	c:\program files (x86)\ESET
2012-06-23 07:24 . 2012-06-23 07:24	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\Malwarebytes
2012-06-23 07:24 . 2012-06-23 07:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-23 07:24 . 2012-06-23 07:24	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 07:24 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-22 06:07 . 2012-06-18 01:12	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F00253-2309-4546-91FE-C81839BA1B7F}\mpengine.dll
2012-06-20 20:12 . 2012-06-23 07:50	--------	d-----w-	c:\program files (x86)\CPUCooL
2012-06-20 07:15 . 2012-06-20 07:15	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 07:15 . 2012-06-20 07:15	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 16:53 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-19 16:53 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-06-19 16:53 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-06-19 16:53 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-06-19 16:53 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-06-19 16:53 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-06-19 16:53 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-06-19 16:53 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-06-19 16:53 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-06-19 16:53 . 2012-06-19 16:53	--------	d-----w-	c:\programdata\AVAST Software
2012-06-19 16:53 . 2012-06-19 16:53	--------	d-----w-	c:\program files\AVAST Software
2012-06-19 12:27 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 12:27 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 12:27 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 12:27 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 12:27 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 12:27 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 12:27 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 12:27 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 12:27 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-17 13:56 . 2012-06-17 13:56	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2012-06-17 13:17 . 2012-06-17 13:17	25640	----a-w-	c:\windows\gdrv.sys
2012-06-14 14:20 . 2012-05-18 02:02	887296	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-06-14 14:20 . 2012-05-18 02:01	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 14:20 . 2012-05-17 22:38	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 05:35 . 2012-06-13 07:23	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\Verbindungsassistent
2012-06-13 05:35 . 2012-06-13 05:35	121600	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2012-06-13 05:35 . 2012-06-13 05:35	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2012-06-13 05:35 . 2012-06-13 05:35	--------	d-----w-	c:\program files (x86)\Verbindungsassistent
2012-06-13 05:34 . 2012-06-12 07:18	363008	----a-w-	c:\windows\SysWow64\hwgpssensor.dll
2012-06-13 05:34 . 2012-06-12 07:18	363008	----a-w-	c:\windows\SysWow64\drivers\hwgpssensor.dll
2012-06-12 07:18 . 2012-06-21 11:55	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent
2012-06-12 07:17 . 2012-06-12 07:18	--------	d-----w-	c:\program files (x86)\ALDITALKVerbindungsassistent
2012-06-09 07:25 . 2012-06-09 07:25	--------	d-----w-	c:\users\Kelderon\AppData\Local\Macromedia
2012-06-05 06:39 . 2012-06-12 07:18	999936	----a-w-	c:\windows\SysWow64\drivers\mod7700.sys
2012-06-05 06:39 . 2012-06-12 07:18	256000	----a-w-	c:\windows\SysWow64\drivers\ewusbnet.sys
2012-06-05 06:39 . 2012-06-12 07:18	13952	----a-w-	c:\windows\SysWow64\drivers\ew_usbenumfilter.sys
2012-06-05 06:39 . 2012-06-12 07:18	121600	----a-w-	c:\windows\SysWow64\drivers\ewusbmdm.sys
2012-06-05 06:39 . 2012-06-12 07:18	117248	----a-w-	c:\windows\SysWow64\drivers\ew_hwusbdev.sys
2012-06-05 06:39 . 2012-06-12 07:17	32768	----a-w-	c:\windows\SysWow64\drivers\ewdcsc.sys
2012-05-31 20:37 . 2012-06-10 18:39	--------	d-----w-	c:\users\Kelderon\AppData\Local\Windows Live
2012-05-31 08:08 . 2012-06-11 14:59	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\DivX
2012-05-31 08:08 . 2012-05-31 08:08	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-05-31 08:08 . 2012-05-31 08:08	--------	d-----w-	c:\program files\DivX
2012-05-31 08:08 . 2012-05-31 08:08	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2012-05-31 08:06 . 2012-05-31 08:08	--------	d-----w-	c:\program files (x86)\DivX
2012-05-31 08:05 . 2012-05-31 08:08	--------	d-----w-	c:\programdata\DivX
2012-05-30 20:21 . 2012-05-30 20:21	--------	d-----w-	c:\programdata\DATA BECKER Downloads
2012-05-30 20:20 . 2012-05-30 20:20	335288	----a-w-	c:\windows\system32\drivers\acedrv11.sys
2012-05-30 20:20 . 2012-05-30 20:20	--------	d-----w-	c:\program files (x86)\ProtectDisc
2012-05-30 20:20 . 2012-05-30 20:20	--------	d-----w-	c:\program files (x86)\ProtectDisc Driver Installer
2012-05-30 20:20 . 2012-05-30 20:20	--------	d-----w-	c:\program files (x86)\Windows Media Components
2012-05-30 20:13 . 2012-05-30 20:13	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2012-05-29 17:04 . 2012-05-29 17:04	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\TuneUp Software
2012-05-29 17:04 . 2012-05-29 17:04	--------	d-----w-	c:\programdata\TuneUp Software
2012-05-29 17:03 . 2012-05-29 17:03	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-29 17:03 . 2012-05-29 17:03	--------	d--h--w-	c:\programdata\Common Files
2012-05-29 06:22 . 2012-06-22 23:59	--------	d-----w-	c:\users\Kelderon\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:56 . 2012-05-18 20:32	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 23:56 . 2012-05-18 20:32	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-30 20:13 . 2011-02-22 08:03	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-05-30 20:13 . 2011-02-22 08:03	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-05-19 12:34 . 2012-05-19 12:34	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-18 23:47 . 2012-05-18 23:47	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-05-18 23:47 . 2012-05-18 23:47	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-05-18 14:34 . 2010-06-24 18:33	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-18 14:16 . 2012-05-18 14:16	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-05-18 14:16 . 2012-05-18 14:16	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-05-18 14:16 . 2012-05-18 14:16	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-05-18 14:16 . 2012-05-18 14:16	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-05-18 14:16 . 2012-05-18 14:16	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-18 14:16 . 2012-05-18 14:16	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-05-18 14:16 . 2012-05-18 14:16	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-18 14:16 . 2012-05-18 14:16	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-05-18 14:16 . 2012-05-18 14:16	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-05-18 14:16 . 2012-05-18 14:16	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-05-18 14:16 . 2012-05-18 14:16	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-05-18 14:16 . 2012-05-18 14:16	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-05-18 14:16 . 2012-05-18 14:16	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-05-18 14:16 . 2012-05-18 14:16	448512	----a-w-	c:\windows\system32\html.iec
2012-05-18 14:16 . 2012-05-18 14:16	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-05-18 14:16 . 2012-05-18 14:16	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-05-18 14:16 . 2012-05-18 14:16	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-05-18 14:16 . 2012-05-18 14:16	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-18 14:16 . 2012-05-18 14:16	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-05-18 14:16 . 2012-05-18 14:16	222208	----a-w-	c:\windows\system32\msls31.dll
2012-05-18 14:16 . 2012-05-18 14:16	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-05-18 14:16 . 2012-05-18 14:16	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-05-18 14:16 . 2012-05-18 14:16	160256	----a-w-	c:\windows\system32\wextract.exe
2012-05-18 14:16 . 2012-05-18 14:16	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-05-18 14:16 . 2012-05-18 14:16	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-05-18 14:16 . 2012-05-18 14:16	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-05-18 14:16 . 2012-05-18 14:16	12288	----a-w-	c:\windows\system32\mshta.exe
2012-05-18 14:16 . 2012-05-18 14:16	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-05-18 14:16 . 2012-05-18 14:16	114176	----a-w-	c:\windows\system32\admparse.dll
2012-05-18 14:16 . 2012-05-18 14:16	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-05-18 14:16 . 2012-05-18 14:16	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-05-18 14:16 . 2012-05-18 14:16	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-06-01 04:52	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-06-01 04:52	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-06-01 04:52	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-06-01 04:52	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-06-01 04:52	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-03-30 11:35 . 2012-05-19 07:06	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Kelderon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CPUCooL.lnk - c:\program files (x86)\CPUCooL\CPUCooL.exe [2011-12-4 1725952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
Launcher.lnk - c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-6-12 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R1 ntiomin;ntiomin; [x]
R2 CLKMSVC10_34E30CCC;CyberLink Product - 2012/05/18 16:14;c:\program files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2011-02-18 238576]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-06-13 117248]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [2012-06-12 342984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-23 2656280]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2010-11-18 330696]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_34E30CCC
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 23:56]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 08:06]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-20 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
uSearchAssistant = 
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - da2b843a000000000000ccaf78095a58
FF - user.js: extensions.Softonic.instlDay - 15491
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.010:06
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-25  21:56:00
ComboFix-quarantined-files.txt  2012-06-25 19:56
.
Vor Suchlauf: 13 Verzeichnis(se), 31.858.368.512 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 31.725.158.400 Bytes frei
.
- - End Of File - - C3CB457EB4D1D88E2A0BB8FD1CCE51E2

cosinus · 26.06.2012, 09:27

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Firefox::
FF - ProfilePath - c:\users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - http://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - da2b843a000000000000ccaf78095a58
FF - user.js: extensions.Softonic.instlDay - 15491
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.010:06
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kelderon · 26.06.2012, 10:03

Hier der Log:

Code:

ATTFilter

ComboFix 12-06-25.05 - Kelderon 26.06.2012  10:57:38.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6401 [GMT 2:00]
ausgeführt von:: c:\users\Kelderon\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: D:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-26 bis 2012-06-26  ))))))))))))))))))))))))))))))
.
.
2012-06-26 09:00 . 2012-06-26 09:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-25 13:40 . 2012-06-25 13:40	--------	d-----w-	C:\_OTL
2012-06-23 07:55 . 2012-06-23 07:55	--------	d-----w-	c:\program files (x86)\ESET
2012-06-23 07:24 . 2012-06-23 07:24	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\Malwarebytes
2012-06-23 07:24 . 2012-06-23 07:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-23 07:24 . 2012-06-23 07:24	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 07:24 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-22 06:07 . 2012-06-18 01:12	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F00253-2309-4546-91FE-C81839BA1B7F}\mpengine.dll
2012-06-20 20:12 . 2012-06-23 07:50	--------	d-----w-	c:\program files (x86)\CPUCooL
2012-06-20 07:15 . 2012-06-20 07:15	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 07:15 . 2012-06-20 07:15	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 16:53 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-19 16:53 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-06-19 16:53 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-06-19 16:53 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-06-19 16:53 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-06-19 16:53 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-06-19 16:53 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-06-19 16:53 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-06-19 16:53 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-06-19 16:53 . 2012-06-19 16:53	--------	d-----w-	c:\programdata\AVAST Software
2012-06-19 16:53 . 2012-06-19 16:53	--------	d-----w-	c:\program files\AVAST Software
2012-06-19 12:27 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 12:27 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 12:27 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 12:27 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 12:27 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 12:27 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 12:27 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 12:27 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 12:27 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-17 13:56 . 2012-06-17 13:56	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2012-06-17 13:17 . 2012-06-17 13:17	25640	----a-w-	c:\windows\gdrv.sys
2012-06-14 14:20 . 2012-05-18 02:02	887296	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-06-14 14:20 . 2012-05-18 02:01	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 14:20 . 2012-05-17 22:38	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 05:35 . 2012-06-13 07:23	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\Verbindungsassistent
2012-06-13 05:35 . 2012-06-13 05:35	121600	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2012-06-13 05:35 . 2012-06-13 05:35	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2012-06-13 05:35 . 2012-06-13 05:35	--------	d-----w-	c:\program files (x86)\Verbindungsassistent
2012-06-13 05:34 . 2012-06-12 07:18	363008	----a-w-	c:\windows\SysWow64\hwgpssensor.dll
2012-06-13 05:34 . 2012-06-12 07:18	363008	----a-w-	c:\windows\SysWow64\drivers\hwgpssensor.dll
2012-06-12 07:18 . 2012-06-21 11:55	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\ALDITALKVerbindungsassistent
2012-06-12 07:17 . 2012-06-12 07:18	--------	d-----w-	c:\program files (x86)\ALDITALKVerbindungsassistent
2012-06-09 07:25 . 2012-06-09 07:25	--------	d-----w-	c:\users\Kelderon\AppData\Local\Macromedia
2012-06-05 06:39 . 2012-06-12 07:18	999936	----a-w-	c:\windows\SysWow64\drivers\mod7700.sys
2012-06-05 06:39 . 2012-06-12 07:18	256000	----a-w-	c:\windows\SysWow64\drivers\ewusbnet.sys
2012-06-05 06:39 . 2012-06-12 07:18	13952	----a-w-	c:\windows\SysWow64\drivers\ew_usbenumfilter.sys
2012-06-05 06:39 . 2012-06-12 07:18	121600	----a-w-	c:\windows\SysWow64\drivers\ewusbmdm.sys
2012-06-05 06:39 . 2012-06-12 07:18	117248	----a-w-	c:\windows\SysWow64\drivers\ew_hwusbdev.sys
2012-06-05 06:39 . 2012-06-12 07:17	32768	----a-w-	c:\windows\SysWow64\drivers\ewdcsc.sys
2012-05-31 20:37 . 2012-06-10 18:39	--------	d-----w-	c:\users\Kelderon\AppData\Local\Windows Live
2012-05-31 08:08 . 2012-06-11 14:59	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\DivX
2012-05-31 08:08 . 2012-05-31 08:08	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-05-31 08:08 . 2012-05-31 08:08	--------	d-----w-	c:\program files\DivX
2012-05-31 08:08 . 2012-05-31 08:08	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2012-05-31 08:06 . 2012-05-31 08:08	--------	d-----w-	c:\program files (x86)\DivX
2012-05-31 08:05 . 2012-05-31 08:08	--------	d-----w-	c:\programdata\DivX
2012-05-30 20:21 . 2012-05-30 20:21	--------	d-----w-	c:\programdata\DATA BECKER Downloads
2012-05-30 20:20 . 2012-05-30 20:20	335288	----a-w-	c:\windows\system32\drivers\acedrv11.sys
2012-05-30 20:20 . 2012-05-30 20:20	--------	d-----w-	c:\program files (x86)\ProtectDisc
2012-05-30 20:20 . 2012-05-30 20:20	--------	d-----w-	c:\program files (x86)\ProtectDisc Driver Installer
2012-05-30 20:20 . 2012-05-30 20:20	--------	d-----w-	c:\program files (x86)\Windows Media Components
2012-05-30 20:13 . 2012-05-30 20:13	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2012-05-29 17:04 . 2012-05-29 17:04	--------	d-----w-	c:\users\Kelderon\AppData\Roaming\TuneUp Software
2012-05-29 17:04 . 2012-05-29 17:04	--------	d-----w-	c:\programdata\TuneUp Software
2012-05-29 17:03 . 2012-05-29 17:03	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-29 17:03 . 2012-05-29 17:03	--------	d--h--w-	c:\programdata\Common Files
2012-05-29 06:22 . 2012-06-22 23:59	--------	d-----w-	c:\users\Kelderon\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:56 . 2012-05-18 20:32	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 23:56 . 2012-05-18 20:32	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-30 20:13 . 2011-02-22 08:03	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-05-30 20:13 . 2011-02-22 08:03	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-05-19 12:34 . 2012-05-19 12:34	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-18 23:47 . 2012-05-18 23:47	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-05-18 23:47 . 2012-05-18 23:47	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-05-18 23:47 . 2012-05-18 23:47	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-05-18 14:34 . 2010-06-24 18:33	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-18 14:16 . 2012-05-18 14:16	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-05-18 14:16 . 2012-05-18 14:16	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-05-18 14:16 . 2012-05-18 14:16	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-05-18 14:16 . 2012-05-18 14:16	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-05-18 14:16 . 2012-05-18 14:16	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-18 14:16 . 2012-05-18 14:16	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-05-18 14:16 . 2012-05-18 14:16	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-18 14:16 . 2012-05-18 14:16	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-05-18 14:16 . 2012-05-18 14:16	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-05-18 14:16 . 2012-05-18 14:16	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-05-18 14:16 . 2012-05-18 14:16	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-05-18 14:16 . 2012-05-18 14:16	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-05-18 14:16 . 2012-05-18 14:16	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-05-18 14:16 . 2012-05-18 14:16	448512	----a-w-	c:\windows\system32\html.iec
2012-05-18 14:16 . 2012-05-18 14:16	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-05-18 14:16 . 2012-05-18 14:16	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-05-18 14:16 . 2012-05-18 14:16	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-05-18 14:16 . 2012-05-18 14:16	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-18 14:16 . 2012-05-18 14:16	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-05-18 14:16 . 2012-05-18 14:16	222208	----a-w-	c:\windows\system32\msls31.dll
2012-05-18 14:16 . 2012-05-18 14:16	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-05-18 14:16 . 2012-05-18 14:16	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-05-18 14:16 . 2012-05-18 14:16	160256	----a-w-	c:\windows\system32\wextract.exe
2012-05-18 14:16 . 2012-05-18 14:16	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-05-18 14:16 . 2012-05-18 14:16	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-05-18 14:16 . 2012-05-18 14:16	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-05-18 14:16 . 2012-05-18 14:16	12288	----a-w-	c:\windows\system32\mshta.exe
2012-05-18 14:16 . 2012-05-18 14:16	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-05-18 14:16 . 2012-05-18 14:16	114176	----a-w-	c:\windows\system32\admparse.dll
2012-05-18 14:16 . 2012-05-18 14:16	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-05-18 14:16 . 2012-05-18 14:16	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-05-18 14:16 . 2012-05-18 14:16	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-06-01 04:52	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-06-01 04:52	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-06-01 04:52	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-06-01 04:52	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-06-01 04:52	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-03-30 11:35 . 2012-05-19 07:06	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-25_19.54.00   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-25 17:52	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-26 08:48	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-25 17:52	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-26 08:48	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 17:52	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-26 08:48	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-26 08:49	57450              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-26 08:49	37166              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-18 14:36 . 2012-06-26 08:49	6228              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1943691070-1327125964-2278805043-1001_UserData.bin
- 2012-06-25 13:41 . 2012-06-25 17:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-26 08:47 . 2012-06-26 08:47	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 13:41 . 2012-06-25 17:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-26 08:47 . 2012-06-26 08:47	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-22 19:12 . 2012-06-25 13:41	257072              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-05-22 19:12 . 2012-06-26 06:00	257072              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-25 13:41	243280              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-26 06:00	243280              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-18 14:43 . 2012-06-26 06:00	8026720              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1943691070-1327125964-2278805043-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Kelderon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CPUCooL.lnk - c:\program files (x86)\CPUCooL\CPUCooL.exe [2011-12-4 1725952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
Launcher.lnk - c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-6-12 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R1 ntiomin;ntiomin; [x]
R2 CLKMSVC10_34E30CCC;CyberLink Product - 2012/05/18 16:14;c:\program files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2011-02-18 238576]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-06-13 117248]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [2012-06-12 342984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-23 2656280]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2010-11-18 330696]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_34E30CCC
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 23:56]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 08:06]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-20 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
uSearchAssistant = 
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kelderon\AppData\Roaming\Mozilla\Firefox\Profiles\e2gckr8f.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-26  11:01:49
ComboFix-quarantined-files.txt  2012-06-26 09:01
ComboFix2.txt  2012-06-25 19:56
.
Vor Suchlauf: 18 Verzeichnis(se), 31.706.550.272 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 31.668.416.512 Bytes frei
.
- - End Of File - - 12941E9B250BCB07F4C11F495214B644

Rechner stürzt willkürlich ab und faehrt wieder runter

Plagegeister aller Art und deren Bekämpfung: Rechner stürzt willkürlich ab und faehrt wieder runter