Hallo, hab da ein Problem mit dem Programm My Security Shield.

Ich hab jetzt erstmal alles das gemacht was in dem Beitrag steht.
http://www.trojaner-board.de/89160-m...entfernen.html
Malwarebyts hat zwar was gefunden allerdings nicht von My Security shield.

Antivir und Spybot haben auch etwas gefunden allerdings auch nichts von my security shield.

Seitdem ich rkill.com gestartet hatte ist das Programm auch nicht mehr aufgetaucht, bin mir allerdings nicht sicher ob es nicht doch noch auf meinem system ist weil ich ja eigentlich nichts gelöscht habe.

OTL habe ich durchlaufen lassen, hier die 2 dateien:
OTL.txtOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 28.06.2012 13:38:05 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 69,71% Memory free
7,73 Gb Paging File | 6,27 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 257,17 Gb Total Space | 155,31 Gb Free Space | 60,39% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 185,36 Gb Free Space | 94,91% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 13:36:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.10 12:56:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.08 22:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.04.08 22:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.04.08 22:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.05.21 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.01.22 19:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.18 08:21:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.10 12:56:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.04.23 10:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.08 22:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.10 12:56:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.10 12:56:10 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.03 09:46:45 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.02 02:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.22 19:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 18:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.12.02 04:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.30 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2006.09.03 01:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361210i906l0448z1j5t4671o818
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361210i906l0448z1j5t4671o818
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361210i906l0448z1j5t4671o818
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361210i906l0448z1j5t4671o818
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361210i906l0448z1j5t4671o818
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290312_bexdll&babsrc=SP_ss&mntrId=84300e67000000000000c44619918ff3
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 08:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.07 13:30:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 08:21:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.07 13:30:58 | 000,000,000 | ---D | M]
 
[2012.03.04 12:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.05.02 08:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\jxqixom5.default\extensions
[2012.04.25 16:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.18 08:21:36 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.04 09:31:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.09 19:22:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.06 13:22:03 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.09 19:22:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.09 19:22:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.06.09 19:22:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.09 19:22:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.09 19:22:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.28 11:55:42 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19DBDE95-4449-4A57-9B6C-2F0E0EED34E8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 12:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.28 12:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.28 12:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.06.28 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\HostsXpert
[2012.06.28 10:39:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.06.28 10:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.28 10:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.28 10:38:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.28 10:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 13:10:24 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 13:10:24 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 13:02:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 13:01:42 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 12:02:48 | 000,001,262 | ---- | M] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk
[2012.06.28 10:38:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.28 10:37:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.28 10:37:38 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.28 10:37:38 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.28 10:37:38 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.28 10:37:38 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 11:14:51 | 000,570,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.28 12:02:48 | 000,001,262 | ---- | C] () -- C:\Users\xxx\Desktop\Spybot - Search & Destroy.lnk
[2012.06.28 10:38:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.06 17:33:59 | 000,003,351 | ---- | C] () -- C:\Users\xxx\.recently-used.xbel
[2011.12.22 19:54:57 | 000,000,214 | ---- | C] () -- C:\Windows\msacc30.ini
[2011.06.01 10:52:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.19 13:03:04 | 000,003,584 | ---- | C] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.19 12:57:01 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.11 12:50:00 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.09 11:40:32 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.09 11:40:32 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.12.09 11:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.21 22:04:09 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.21 22:03:08 | 000,001,604 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.07.21 12:38:00 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.07.21 12:29:34 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.07.21 12:29:34 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.07.21 12:29:34 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010.07.21 12:25:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.07 01:57:54 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2011.02.22 11:30:16 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\abgx360
[2011.06.14 08:31:45 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.11.29 12:29:00 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\DAEMON Tools Lite
[2011.02.24 10:15:47 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Downloaded Installations
[2011.12.09 21:37:40 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\DVDVideoSoft
[2011.02.19 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.24 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Expert PDF 7
[2011.11.29 12:28:59 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\FileZilla
[2011.12.23 08:10:24 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\GetRightToGo
[2012.04.06 17:33:59 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\gtk-2.0
[2011.06.21 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Itsth
[2011.06.14 08:58:48 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\KompoZer
[2011.01.04 14:21:04 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Lexware
[2011.06.08 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\MAGIX
[2011.06.22 09:15:46 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Nvu
[2011.06.25 08:13:47 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\PhotoScape
[2012.01.12 09:22:02 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Serif
[2011.02.10 12:06:45 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\SmartTools
[2012.01.28 10:34:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:2EC4AB90C1BCBB99
 
< End of report >
         

--- --- ---

Extras.txtOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 28.06.2012 13:38:05 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 69,71% Memory free
7,73 Gb Paging File | 6,27 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 257,17 Gb Total Space | 155,31 Gb Free Space | 60,39% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 185,36 Gb Free Space | 94,91% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65A9B1E7-8ED6-4EAC-BB3E-43DB215D8B0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B3D3644E-4A7C-4585-985A-5EB96CF94F1D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E28EE6F6-03B4-49A5-A20C-310D1F8B0507}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BBF7245-1D13-4F33-98AA-1CCA8D4201DD}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{374D5FC2-A504-439B-9F5E-F6889B57CB3C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{46DAEF70-49C0-4F86-AD80-379AF76A3FEE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{721FDCF7-EF17-4399-AB92-5D84EE09F3C3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{93CA7EF4-EFED-4FF3-84D5-FE6B2C24A902}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{99DDCAF3-37B9-4A11-9FF6-032CBA0B40C8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{B04CEDB8-C284-4BA9-B250-722BD97C8891}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C74E7E11-31A6-4CE0-8828-55978CCAAA09}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{CB027569-7EED-43C6-9C98-657B13DF78FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D30BAAFF-3AE0-41EF-84D0-23A256743C31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F287AB64-741F-4345-A81D-0FB865C1919B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F67B8E35-CBE1-463F-A3CC-C2AFBD2F57BF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"TCP Query User{23569B8B-CD32-491B-A449-FC269A2B25A6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{A7B8B8E1-0880-4953-A1FD-8098055D5A80}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0A9BD8CD-BCC3-44A3-9114-4DC3139C4721}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{2855FE90-25C7-40FB-ABEA-8B7E306C50BB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista
"{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian
"{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech
"{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German
"{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English
"{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French
"{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish
"{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light
"{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional
"{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New
"{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish
"{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.184.610
"{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian
"{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ahnenblatt_is1" = Ahnenblatt 2.70
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.0
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2012 07:13:22 | Computer Name = Nico2-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.05.2012 07:57:36 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.05.2012 08:48:46 | Computer Name = xxx| Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 14.05.2012 04:33:14 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.05.2012 15:31:46 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 15.05.2012 12:00:24 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.05.2012 07:55:24 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.05.2012 08:23:37 | Computer Name = xxx | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 17.05.2012 06:39:48 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.05.2012 03:13:20 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.05.2012 04:38:09 | Computer Name = xxx | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 06.06.2012 11:52:41 | Computer Name = xxx| Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error - 06.06.2012 11:52:41 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error - 06.06.2012 11:52:41 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error - 06.06.2012 11:52:41 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error - 06.06.2012 11:52:41 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error - 06.06.2012 11:52:41 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error - 06.06.2012 11:52:41 | Computer Name = xxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
 
Error - 06.06.2012 12:58:44 | Computer Name = xxx | Source = DCOM | ID = 10010
Description = 
 
Error - 09.06.2012 13:18:45 | Computer Name = xxx | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2012 um 19:17:39 unerwartet heruntergefahren.
 
Error - 25.06.2012 06:36:24 | Computer Name = xxx | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         

--- --- ---

Danke vorab
MfG

hi
und wo sind die avira, malwarebytes und spybot logs?
bitte posten

Hi,
die hab ich dummerweise alle gleich gelöscht.
Wenn ich die Programe erneut suchen lasse finden sie jetzt nichts mehr.

Würdet ihr sagen das My security shield somit von meinem system entfernt ist oder könnte es sein das trotzdem noch teile des Programms drauf sind?

Weil ich ja eigentlich auch nichts was mit dem Programm zu tun hat gelöscht habe und nur durch ausführen des rkill.com tools kann ich mir ja fast nicht vorstellen das ich my security nun los bin.

Danke
MfG

wieso löschst du logs...?
öffne die programme, gehe zur jeweiligen quarantäne und schreibe auf, was drinn ist, mit pfadangaben bitte

Wiegesagt war dumm von mir hab nicht weiter drüber nachgedacht.
Hab grad nochmal nachgeschaut und gesehen das die logs doch noch gespeichert waren.
Malewarebyts log:
Datenbank Version: v2012.06.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
[Administrator]

Schutz: Aktiviert

28.06.2012 10:40:58
mbam-log-2012-06-28 (10-40-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344881
Laufzeit: 51 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\xxx\AppData\Local\iooxhvykim.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxx\Downloads\SoftonicDownloader_fuer_wondershare-photo-collage-studio.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Spybot hat folgendes gefunden:
Babylon.Toolbar und Toolbar.Facemood

Antivir log:
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Donnerstag, 28. Juni 2012 11:50

Es wird nach 3877751 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : xxx

Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 10.07.2011 10:56:10
AVSCAN.DLL : 10.0.5.0 57192 Bytes 10.07.2011 10:56:10
LUKE.DLL : 10.3.0.5 45416 Bytes 10.07.2011 10:56:10
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 12:22:40
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 10.07.2011 10:56:10
AVREG.DLL : 10.3.0.9 88833 Bytes 18.07.2011 08:26:02
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:52:59
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:08:14
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:43:24
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 18:24:26
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 13:27:04
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 13:27:04
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 13:27:04
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 13:27:04
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 13:27:04
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 13:27:04
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 13:27:04
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 13:27:04
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 13:27:04
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 12:16:30
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 12:12:52
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 14:40:07
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 15:54:48
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 14:25:27
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 10:29:01
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 10:29:01
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 10:29:02
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 11:57:25
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 11:55:48
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 17:18:53
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 07:41:11
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 09:14:43
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 09:14:41
VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 09:24:02
VBASE029.VDF : 7.11.34.57 187904 Bytes 27.06.2012 09:14:49
VBASE030.VDF : 7.11.34.58 2048 Bytes 27.06.2012 09:14:49
VBASE031.VDF : 7.11.34.78 48640 Bytes 28.06.2012 09:14:50
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 04.06.2012 10:29:09
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 14:20:29
AESCN.DLL : 8.1.8.2 131444 Bytes 29.01.2012 12:19:20
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 09:14:53
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 13:41:02
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 14:20:28
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 21.06.2012 14:20:28
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 21.06.2012 14:20:27
AEHELP.DLL : 8.1.21.0 254326 Bytes 12.05.2012 05:37:38
AEGEN.DLL : 8.1.5.30 422261 Bytes 15.06.2012 09:14:45
AEEXP.DLL : 8.1.0.54 82293 Bytes 21.06.2012 14:20:29
AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:52:17
AECORE.DLL : 8.1.25.10 201080 Bytes 04.06.2012 10:29:03
AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:52:16
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:52:39
AVPREF.DLL : 10.0.3.2 44904 Bytes 10.07.2011 10:56:10
AVREP.DLL : 10.0.0.10 174120 Bytes 10.07.2011 10:56:10
AVARKT.DLL : 10.0.26.1 255336 Bytes 10.07.2011 10:56:09
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 10.07.2011 10:56:09
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:59:50
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:52:38
NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:52:50
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 10.07.2011 10:56:09
RCTEXT.DLL : 10.0.64.0 98664 Bytes 10.07.2011 10:56:09

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 28. Juni 2012 11:50

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '189' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\Users\xxx\AppData\Local\Mozilla\Firefox\Profiles\jxqixom5.default\Cache\6\53\72F07d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.P
C:\Users\xxx\AppData\Local\Mozilla\Firefox\Profiles\jxqixom5.default\Cache\D\BD\44572d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.P
Beginne mit der Suche in 'E:\' <Daten>

Beginne mit der Desinfektion:
C:\Users\xxx\AppData\Local\Mozilla\Firefox\Profiles\jxqixom5.default\Cache\D\BD\44572d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.P
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '576a9947.qua' verschoben!
C:\Users\xxx\AppData\Local\Mozilla\Firefox\Profiles\jxqixom5.default\Cache\6\53\72F07d01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.P
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4feeb6ee.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 28. Juni 2012 12:53
Benötigte Zeit: 1:01:46 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

28181 Verzeichnisse wurden überprüft
483456 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
483454 Dateien ohne Befall
3900 Archive wurden durchsucht
0 Warnungen
2 Hinweise
508515 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden


Hab auch noch vergessen zu schreiben das my security shield nach einem java update da war und ich eigentlich nichts anderes gedownloadet habe und auch nicht auf mir unbekannten und unsicheren seiten war.

Könnte es sein das ich mir das Teil über das java update eingefangen habe, ist doch aber eigentlich eher unwahrscheinlich oder?

Danke Gruß

hi
verzichte auf Softonic!
waren das jetzt alle Malwarebytes logs mit funden?

Jo das waren alle funde!
Wenn ich malewarebyts erneut durchlaufen lasse findet es nichts mehr.
Denkst du das sich das My security shield Problem erledigt hat oder kann es sein das noch Teile des Programms auf meinem Rechner sind?
Würdest du mir eine Neuinstallation von Windows empfehlen oder kann ich mir die Arbeit sparen?
Danke Gruß

wir gucken mal weiter.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

So hier der Combofix-Log

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-06-30.01 - xxx 01.07.2012   9:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3957.2753 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-01 bis 2012-07-01  ))))))))))))))))))))))))))))))
.
.
2012-07-01 07:57 . 2012-07-01 07:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-30 12:29 . 2012-06-30 12:29	--------	d-----w-	c:\users\xxx\AppData\Local\Macromedia
2012-06-30 12:28 . 2012-06-30 12:28	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 07:27 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0837A5D9-7AFA-46DD-81BA-C3781B254D47}\mpengine.dll
2012-06-28 10:02 . 2012-06-29 08:17	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-06-28 10:02 . 2012-06-28 10:05	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-06-28 08:39 . 2012-06-28 08:39	--------	d-----w-	c:\users\xxx\AppData\Roaming\Malwarebytes
2012-06-28 08:38 . 2012-06-28 08:38	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-28 08:38 . 2012-06-28 08:38	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-28 08:38 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-19 08:35 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 08:35 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 08:35 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 08:35 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 08:34 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 08:34 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 08:34 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 08:34 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 08:34 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 16:47 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 16:47 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 16:47 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 16:47 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 16:47 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-13 16:47 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 16:47 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 16:47 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 16:47 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:46 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-13 16:46 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-13 16:46 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 16:46 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-13 16:46 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 16:46 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 16:46 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-13 16:46 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-09 17:22 . 2012-06-09 17:22	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 17:22 . 2012-06-09 17:22	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 12:28 . 2011-06-30 05:26	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 09:08 . 2012-05-20 09:08	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-04-04 07:31 . 2010-12-11 10:09	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-03 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361210i906l0448z1j5t4671o818
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\jxqixom5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109958&tt=290312_bexdll&babsrc=adbartrp&mntrId=84300e67000000000000c44619918ff3&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 84300e67000000000000c44619918ff3
FF - user.js: extensions.BabylonToolbar_i.hardId - 84300e67000000000000c44619918ff3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15436
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
ShellIconOverlayIdentifiers-29 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-01  10:03:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-01 08:03
.
Vor Suchlauf: 11 Verzeichnis(se), 213.925.122.048 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 214.199.066.624 Bytes frei
.
- - End Of File - - 83F2A0DF93D39DB2D961DA0B9A67F90C
         

--- --- ---

download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

so hier der tdss killer log:

13:11:00.0240 3996 Product type: Workstation
13:11:00.0240 3996 ComputerName: xxx
13:11:00.0240 3996 UserName: xxx
13:11:00.0240 3996 Windows directory: C:\Windows
13:11:00.0240 3996 System windows directory: C:\Windows
13:11:00.0240 3996 Running under WOW64
13:11:00.0240 3996 Processor architecture: Intel x64
13:11:00.0240 3996 Number of processors: 4
13:11:00.0240 3996 Page size: 0x1000
13:11:00.0240 3996 Boot type: Normal boot
13:11:00.0240 3996 ============================================================
13:11:00.0646 3996 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:11:00.0661 3996 ============================================================
13:11:00.0661 3996 \Device\Harddisk0\DR0:
13:11:00.0661 3996 MBR partitions:
13:11:00.0661 3996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A5E800, BlocksNum 0x32000
13:11:00.0661 3996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A90800, BlocksNum 0x20255030
13:11:00.0677 3996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x21CE6800, BlocksNum 0x1869F000
13:11:00.0677 3996 ============================================================
13:11:00.0708 3996 C: <-> \Device\Harddisk0\DR0\Partition1
13:11:00.0755 3996 E: <-> \Device\Harddisk0\DR0\Partition2
13:11:00.0755 3996 ============================================================
13:11:00.0755 3996 Initialize success
13:11:00.0755 3996 ============================================================
13:11:32.0563 3604 ============================================================
13:11:32.0563 3604 Scan started
13:11:32.0563 3604 Mode: Manual; SigCheck; TDLFS;
13:11:32.0563 3604 ============================================================
13:11:32.0938 3604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:11:33.0078 3604 1394ohci - ok
13:11:33.0141 3604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:11:33.0172 3604 ACPI - ok
13:11:33.0250 3604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:11:33.0343 3604 AcpiPmi - ok
13:11:33.0421 3604 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:11:33.0453 3604 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:11:33.0453 3604 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:11:33.0562 3604 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:11:33.0577 3604 AdobeARMservice - ok
13:11:33.0655 3604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:11:33.0687 3604 adp94xx - ok
13:11:33.0733 3604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:11:33.0765 3604 adpahci - ok
13:11:33.0796 3604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:11:33.0827 3604 adpu320 - ok
13:11:33.0858 3604 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:11:34.0014 3604 AeLookupSvc - ok
13:11:34.0123 3604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:11:34.0186 3604 AFD - ok
13:11:34.0248 3604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:11:34.0264 3604 agp440 - ok
13:11:34.0311 3604 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:11:34.0373 3604 ALG - ok
13:11:34.0404 3604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:11:34.0420 3604 aliide - ok
13:11:34.0467 3604 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
13:11:34.0560 3604 AMD External Events Utility - ok
13:11:34.0607 3604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:11:34.0623 3604 amdide - ok
13:11:34.0685 3604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:11:34.0747 3604 AmdK8 - ok
13:11:35.0215 3604 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
13:11:35.0434 3604 amdkmdag - ok
13:11:35.0590 3604 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
13:11:35.0621 3604 amdkmdap - ok
13:11:35.0668 3604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:11:35.0715 3604 AmdPPM - ok
13:11:35.0761 3604 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:11:35.0777 3604 amdsata - ok
13:11:35.0824 3604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:11:35.0839 3604 amdsbs - ok
13:11:35.0855 3604 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:11:35.0871 3604 amdxata - ok
13:11:35.0917 3604 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
13:11:35.0964 3604 AmUStor - ok
13:11:36.0183 3604 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:11:36.0229 3604 AntiVirSchedulerService - ok
13:11:36.0292 3604 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:11:36.0307 3604 AntiVirService - ok
13:11:36.0354 3604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:11:36.0557 3604 AppID - ok
13:11:36.0588 3604 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:11:36.0666 3604 AppIDSvc - ok
13:11:36.0729 3604 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:11:36.0822 3604 Appinfo - ok
13:11:36.0869 3604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:11:36.0900 3604 arc - ok
13:11:36.0916 3604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:11:36.0916 3604 arcsas - ok
13:11:36.0963 3604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:11:37.0041 3604 AsyncMac - ok
13:11:37.0087 3604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:11:37.0103 3604 atapi - ok
13:11:37.0165 3604 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:11:37.0197 3604 AtiHdmiService - ok
13:11:37.0290 3604 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:11:37.0384 3604 AudioEndpointBuilder - ok
13:11:37.0384 3604 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:11:37.0431 3604 AudioSrv - ok
13:11:37.0524 3604 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
13:11:37.0540 3604 avgntflt - ok
13:11:37.0571 3604 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
13:11:37.0587 3604 avipbb - ok
13:11:37.0618 3604 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:11:37.0633 3604 avkmgr - ok
13:11:37.0696 3604 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:11:37.0805 3604 AxInstSV - ok
13:11:37.0867 3604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:11:37.0945 3604 b06bdrv - ok
13:11:38.0008 3604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:11:38.0039 3604 b57nd60a - ok
13:11:38.0289 3604 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:11:38.0429 3604 BCM43XX - ok
13:11:38.0554 3604 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:11:38.0616 3604 BDESVC - ok
13:11:38.0694 3604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:11:38.0772 3604 Beep - ok
13:11:38.0881 3604 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:11:38.0959 3604 BFE - ok
13:11:39.0069 3604 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:11:39.0178 3604 BITS - ok
13:11:39.0240 3604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:11:39.0271 3604 blbdrive - ok
13:11:39.0334 3604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:11:39.0365 3604 bowser - ok
13:11:39.0396 3604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:11:39.0474 3604 BrFiltLo - ok
13:11:39.0490 3604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:11:39.0537 3604 BrFiltUp - ok
13:11:39.0583 3604 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:11:39.0646 3604 BridgeMP - ok
13:11:39.0708 3604 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:11:39.0786 3604 Browser - ok
13:11:39.0833 3604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:11:39.0958 3604 Brserid - ok
13:11:40.0020 3604 BrSerIf (80e52ef092f3dad03e0ee15e64f97245) C:\Windows\system32\DRIVERS\BrSerIf.sys
13:11:40.0067 3604 BrSerIf - ok
13:11:40.0098 3604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:11:40.0161 3604 BrSerWdm - ok
13:11:40.0192 3604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:11:40.0239 3604 BrUsbMdm - ok
13:11:40.0286 3604 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys
13:11:40.0317 3604 BrUsbSer - ok
13:11:40.0364 3604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:11:40.0395 3604 BTHMODEM - ok
13:11:40.0457 3604 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:11:40.0535 3604 bthserv - ok
13:11:40.0582 3604 catchme - ok
13:11:40.0629 3604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:11:40.0722 3604 cdfs - ok
13:11:40.0785 3604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:11:40.0816 3604 cdrom - ok
13:11:40.0878 3604 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:11:40.0956 3604 CertPropSvc - ok
13:11:40.0988 3604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:11:41.0034 3604 circlass - ok
13:11:41.0112 3604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:11:41.0144 3604 CLFS - ok
13:11:41.0222 3604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:11:41.0237 3604 clr_optimization_v2.0.50727_32 - ok
13:11:41.0284 3604 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:11:41.0300 3604 clr_optimization_v2.0.50727_64 - ok
13:11:41.0378 3604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:11:41.0409 3604 clr_optimization_v4.0.30319_32 - ok
13:11:41.0471 3604 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:11:41.0487 3604 clr_optimization_v4.0.30319_64 - ok
13:11:41.0518 3604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:11:41.0549 3604 CmBatt - ok
13:11:41.0580 3604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:11:41.0596 3604 cmdide - ok
13:11:41.0674 3604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:11:41.0736 3604 CNG - ok
13:11:41.0783 3604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:11:41.0814 3604 Compbatt - ok
13:11:41.0861 3604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:11:41.0908 3604 CompositeBus - ok
13:11:41.0924 3604 COMSysApp - ok
13:11:41.0939 3604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:11:41.0955 3604 crcdisk - ok
13:11:42.0017 3604 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:11:42.0095 3604 CryptSvc - ok
13:11:42.0173 3604 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:11:42.0251 3604 DcomLaunch - ok
13:11:42.0298 3604 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:11:42.0376 3604 defragsvc - ok
13:11:42.0423 3604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:11:42.0485 3604 DfsC - ok
13:11:42.0579 3604 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:11:42.0672 3604 Dhcp - ok
13:11:42.0704 3604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:11:42.0750 3604 discache - ok
13:11:42.0782 3604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:11:42.0797 3604 Disk - ok
13:11:42.0844 3604 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:11:42.0906 3604 Dnscache - ok
13:11:42.0953 3604 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:11:43.0031 3604 dot3svc - ok
13:11:43.0062 3604 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:11:43.0125 3604 DPS - ok
13:11:43.0156 3604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:11:43.0187 3604 drmkaud - ok
13:11:43.0281 3604 DsiWMIService (e2b2853a0210d6edab2261870bd80c1a) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
13:11:43.0312 3604 DsiWMIService - ok
13:11:43.0421 3604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:11:43.0499 3604 DXGKrnl - ok
13:11:43.0530 3604 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:11:43.0608 3604 EapHost - ok
13:11:43.0874 3604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:11:44.0030 3604 ebdrv - ok
13:11:44.0170 3604 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:11:44.0217 3604 EFS - ok
13:11:44.0310 3604 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:11:44.0388 3604 ehRecvr - ok
13:11:44.0420 3604 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:11:44.0466 3604 ehSched - ok
13:11:44.0576 3604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:11:44.0607 3604 elxstor - ok
13:11:44.0778 3604 ePowerSvc (09ddc2d4724a4ff844f738b60e63d872) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
13:11:44.0841 3604 ePowerSvc - ok
13:11:44.0966 3604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:11:45.0012 3604 ErrDev - ok
13:11:45.0090 3604 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:11:45.0137 3604 EventSystem - ok
13:11:45.0168 3604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:11:45.0231 3604 exfat - ok
13:11:45.0278 3604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:11:45.0340 3604 fastfat - ok
13:11:45.0449 3604 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:11:45.0527 3604 Fax - ok
13:11:45.0574 3604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:11:45.0590 3604 fdc - ok
13:11:45.0605 3604 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:11:45.0668 3604 fdPHost - ok
13:11:45.0683 3604 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:11:45.0761 3604 FDResPub - ok
13:11:45.0792 3604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:11:45.0808 3604 FileInfo - ok
13:11:45.0839 3604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:11:45.0886 3604 Filetrace - ok
13:11:45.0917 3604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:11:45.0948 3604 flpydisk - ok
13:11:45.0995 3604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:11:46.0011 3604 FltMgr - ok
13:11:46.0136 3604 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:11:46.0260 3604 FontCache - ok
13:11:46.0338 3604 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:11:46.0354 3604 FontCache3.0.0.0 - ok
13:11:46.0416 3604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:11:46.0448 3604 FsDepends - ok
13:11:46.0494 3604 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:11:46.0526 3604 Fs_Rec - ok
13:11:46.0604 3604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:11:46.0635 3604 fvevol - ok
13:11:46.0666 3604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:11:46.0682 3604 gagp30kx - ok
13:11:46.0775 3604 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:11:46.0853 3604 gpsvc - ok
13:11:46.0931 3604 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
13:11:46.0962 3604 GREGService - ok
13:11:46.0978 3604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:11:47.0009 3604 hcw85cir - ok
13:11:47.0087 3604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:11:47.0150 3604 HdAudAddService - ok
13:11:47.0196 3604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:11:47.0243 3604 HDAudBus - ok
13:11:47.0290 3604 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:11:47.0306 3604 HECIx64 - ok
13:11:47.0337 3604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:11:47.0384 3604 HidBatt - ok
13:11:47.0415 3604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:11:47.0446 3604 HidBth - ok
13:11:47.0477 3604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:11:47.0524 3604 HidIr - ok
13:11:47.0571 3604 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:11:47.0649 3604 hidserv - ok
13:11:47.0696 3604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:11:47.0711 3604 HidUsb - ok
13:11:47.0758 3604 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:11:47.0836 3604 hkmsvc - ok
13:11:47.0883 3604 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:11:47.0930 3604 HomeGroupListener - ok
13:11:47.0976 3604 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:11:48.0008 3604 HomeGroupProvider - ok
13:11:48.0070 3604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:11:48.0086 3604 HpSAMD - ok
13:11:48.0195 3604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:11:48.0273 3604 HTTP - ok
13:11:48.0320 3604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:11:48.0335 3604 hwpolicy - ok
13:11:48.0398 3604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:11:48.0429 3604 i8042prt - ok
13:11:48.0491 3604 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
13:11:48.0538 3604 iaStor - ok
13:11:48.0600 3604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:11:48.0647 3604 iaStorV - ok
13:11:48.0772 3604 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:11:48.0803 3604 idsvc - ok
13:11:49.0256 3604 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:11:49.0474 3604 igfx - ok
13:11:49.0646 3604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:11:49.0661 3604 iirsp - ok
13:11:49.0755 3604 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:11:49.0833 3604 IKEEXT - ok
13:11:50.0067 3604 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
13:11:50.0254 3604 IntcAzAudAddService - ok
13:11:50.0426 3604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:11:50.0457 3604 intelide - ok
13:11:50.0488 3604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:11:50.0535 3604 intelppm - ok
13:11:50.0566 3604 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:11:50.0613 3604 IPBusEnum - ok
13:11:50.0644 3604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:11:50.0691 3604 IpFilterDriver - ok
13:11:50.0816 3604 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:11:50.0894 3604 iphlpsvc - ok
13:11:50.0925 3604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:11:50.0956 3604 IPMIDRV - ok
13:11:50.0987 3604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:11:51.0065 3604 IPNAT - ok
13:11:51.0096 3604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:11:51.0174 3604 IRENUM - ok
13:11:51.0206 3604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:11:51.0221 3604 isapnp - ok
13:11:51.0284 3604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:11:51.0315 3604 iScsiPrt - ok
13:11:51.0393 3604 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:11:51.0424 3604 k57nd60a - ok
13:11:51.0455 3604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:11:51.0455 3604 kbdclass - ok
13:11:51.0502 3604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:11:51.0549 3604 kbdhid - ok
13:11:51.0596 3604 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:11:51.0611 3604 KeyIso - ok
13:11:51.0642 3604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:11:51.0642 3604 KSecDD - ok
13:11:51.0674 3604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:11:51.0689 3604 KSecPkg - ok
13:11:51.0720 3604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:11:51.0783 3604 ksthunk - ok
13:11:51.0845 3604 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:11:51.0939 3604 KtmRm - ok
13:11:51.0986 3604 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
13:11:52.0017 3604 L1E - ok
13:11:52.0079 3604 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:11:52.0188 3604 LanmanServer - ok
13:11:52.0220 3604 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:11:52.0282 3604 LanmanWorkstation - ok
13:11:52.0329 3604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:11:52.0407 3604 lltdio - ok
13:11:52.0454 3604 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:11:52.0516 3604 lltdsvc - ok
13:11:52.0547 3604 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:11:52.0594 3604 lmhosts - ok
13:11:52.0703 3604 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:11:52.0734 3604 LMS - ok
13:11:52.0766 3604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:11:52.0797 3604 LSI_FC - ok
13:11:52.0797 3604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:11:52.0812 3604 LSI_SAS - ok
13:11:52.0844 3604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:11:52.0844 3604 LSI_SAS2 - ok
13:11:52.0859 3604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:11:52.0875 3604 LSI_SCSI - ok
13:11:52.0890 3604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:11:52.0953 3604 luafv - ok
13:11:53.0031 3604 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:11:53.0062 3604 MBAMProtector - ok
13:11:53.0171 3604 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:11:53.0218 3604 MBAMService - ok
13:11:53.0265 3604 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:11:53.0280 3604 Mcx2Svc - ok
13:11:53.0327 3604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:11:53.0343 3604 megasas - ok
13:11:53.0390 3604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:11:53.0421 3604 MegaSR - ok
13:11:53.0483 3604 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:11:53.0514 3604 Microsoft Office Groove Audit Service - ok
13:11:53.0546 3604 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:11:53.0608 3604 MMCSS - ok
13:11:53.0639 3604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:11:53.0686 3604 Modem - ok
13:11:53.0733 3604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:11:53.0780 3604 monitor - ok
13:11:53.0842 3604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:11:53.0858 3604 mouclass - ok
13:11:53.0904 3604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:11:53.0920 3604 mouhid - ok
13:11:53.0967 3604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:11:53.0998 3604 mountmgr - ok
13:11:54.0076 3604 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:11:54.0092 3604 MozillaMaintenance - ok
13:11:54.0138 3604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:11:54.0170 3604 mpio - ok
13:11:54.0201 3604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:11:54.0248 3604 mpsdrv - ok
13:11:54.0341 3604 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:11:54.0419 3604 MpsSvc - ok
13:11:54.0466 3604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:11:54.0513 3604 MRxDAV - ok
13:11:54.0560 3604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:11:54.0622 3604 mrxsmb - ok
13:11:54.0684 3604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:11:54.0731 3604 mrxsmb10 - ok
13:11:54.0778 3604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:11:54.0809 3604 mrxsmb20 - ok
13:11:54.0840 3604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:11:54.0856 3604 msahci - ok
13:11:54.0903 3604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:11:54.0918 3604 msdsm - ok
13:11:54.0965 3604 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:11:55.0012 3604 MSDTC - ok
13:11:55.0043 3604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:11:55.0106 3604 Msfs - ok
13:11:55.0121 3604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:11:55.0168 3604 mshidkmdf - ok
13:11:55.0184 3604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:11:55.0199 3604 msisadrv - ok
13:11:55.0246 3604 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:11:55.0293 3604 MSiSCSI - ok
13:11:55.0308 3604 msiserver - ok
13:11:55.0324 3604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:11:55.0371 3604 MSKSSRV - ok
13:11:55.0386 3604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:11:55.0433 3604 MSPCLOCK - ok
13:11:55.0449 3604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:11:55.0496 3604 MSPQM - ok
13:11:55.0558 3604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:11:55.0605 3604 MsRPC - ok
13:11:55.0636 3604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:11:55.0652 3604 mssmbios - ok
13:11:55.0683 3604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:11:55.0745 3604 MSTEE - ok
13:11:55.0761 3604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:11:55.0776 3604 MTConfig - ok
13:11:55.0808 3604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:11:55.0823 3604 Mup - ok
13:11:55.0901 3604 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:11:55.0979 3604 napagent - ok
13:11:56.0042 3604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:11:56.0104 3604 NativeWifiP - ok
13:11:56.0213 3604 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:11:56.0244 3604 NDIS - ok
13:11:56.0291 3604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:11:56.0322 3604 NdisCap - ok
13:11:56.0354 3604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:11:56.0400 3604 NdisTapi - ok
13:11:56.0478 3604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:11:56.0556 3604 Ndisuio - ok
13:11:56.0603 3604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:11:56.0697 3604 NdisWan - ok
13:11:56.0728 3604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:11:56.0806 3604 NDProxy - ok
13:11:56.0837 3604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:11:56.0931 3604 NetBIOS - ok
13:11:56.0978 3604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:11:57.0040 3604 NetBT - ok
13:11:57.0071 3604 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:11:57.0102 3604 Netlogon - ok
13:11:57.0165 3604 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:11:57.0243 3604 Netman - ok
13:11:57.0290 3604 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:11:57.0368 3604 netprofm - ok
13:11:57.0446 3604 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:11:57.0461 3604 NetTcpPortSharing - ok
13:11:57.0508 3604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:11:57.0524 3604 nfrd960 - ok
13:11:57.0586 3604 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:11:57.0648 3604 NlaSvc - ok
13:11:57.0664 3604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:11:57.0711 3604 Npfs - ok
13:11:57.0742 3604 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:11:57.0789 3604 nsi - ok
13:11:57.0820 3604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:11:57.0882 3604 nsiproxy - ok
13:11:58.0038 3604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:11:58.0116 3604 Ntfs - ok
13:11:58.0241 3604 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
13:11:58.0272 3604 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
13:11:58.0272 3604 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
13:11:58.0335 3604 NTIBackupSvc (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
13:11:58.0350 3604 NTIBackupSvc - ok
13:11:58.0491 3604 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
13:11:58.0506 3604 NTIDrvr - ok
13:11:58.0538 3604 NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
13:11:58.0553 3604 NTISchedulerSvc - ok
13:11:58.0569 3604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:11:58.0647 3604 Null - ok
13:11:58.0725 3604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:11:58.0740 3604 nvraid - ok
13:11:58.0803 3604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:11:58.0834 3604 nvstor - ok
13:11:58.0865 3604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:11:58.0881 3604 nv_agp - ok
13:11:59.0021 3604 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:11:59.0052 3604 odserv - ok
13:11:59.0099 3604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:11:59.0146 3604 ohci1394 - ok
13:11:59.0193 3604 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:11:59.0208 3604 ose - ok
13:11:59.0271 3604 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:11:59.0318 3604 p2pimsvc - ok
13:11:59.0380 3604 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:11:59.0411 3604 p2psvc - ok
13:11:59.0442 3604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:11:59.0474 3604 Parport - ok
13:11:59.0520 3604 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:11:59.0536 3604 partmgr - ok
13:11:59.0567 3604 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:11:59.0598 3604 PcaSvc - ok
13:11:59.0645 3604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:11:59.0661 3604 pci - ok
13:11:59.0676 3604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:11:59.0708 3604 pciide - ok
13:11:59.0754 3604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:11:59.0786 3604 pcmcia - ok
13:11:59.0801 3604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:11:59.0817 3604 pcw - ok
13:11:59.0879 3604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:11:59.0957 3604 PEAUTH - ok
13:12:00.0066 3604 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:12:00.0098 3604 PerfHost - ok
13:12:00.0254 3604 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:12:00.0363 3604 pla - ok
13:12:00.0441 3604 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:12:00.0503 3604 PlugPlay - ok
13:12:00.0534 3604 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:12:00.0581 3604 PNRPAutoReg - ok
13:12:00.0644 3604 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:12:00.0659 3604 PNRPsvc - ok
13:12:00.0737 3604 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:12:00.0831 3604 PolicyAgent - ok
13:12:00.0893 3604 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:12:00.0971 3604 Power - ok
13:12:01.0049 3604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:12:01.0096 3604 PptpMiniport - ok
13:12:01.0143 3604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:12:01.0158 3604 Processor - ok
13:12:01.0221 3604 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:12:01.0268 3604 ProfSvc - ok
13:12:01.0314 3604 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:01.0330 3604 ProtectedStorage - ok
13:12:01.0392 3604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:12:01.0486 3604 Psched - ok
13:12:01.0626 3604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:12:01.0720 3604 ql2300 - ok
13:12:01.0876 3604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:12:01.0907 3604 ql40xx - ok
13:12:01.0954 3604 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:12:02.0001 3604 QWAVE - ok
13:12:02.0016 3604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:12:02.0063 3604 QWAVEdrv - ok
13:12:02.0079 3604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:12:02.0157 3604 RasAcd - ok
13:12:02.0204 3604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:12:02.0250 3604 RasAgileVpn - ok
13:12:02.0297 3604 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:12:02.0344 3604 RasAuto - ok
13:12:02.0375 3604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:02.0438 3604 Rasl2tp - ok
13:12:02.0516 3604 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:12:02.0578 3604 RasMan - ok
13:12:02.0609 3604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:02.0672 3604 RasPppoe - ok
13:12:02.0703 3604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:12:02.0765 3604 RasSstp - ok
13:12:02.0828 3604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:12:02.0890 3604 rdbss - ok
13:12:02.0921 3604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:12:02.0952 3604 rdpbus - ok
13:12:02.0968 3604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:03.0030 3604 RDPCDD - ok
13:12:03.0046 3604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:12:03.0093 3604 RDPENCDD - ok
13:12:03.0108 3604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:12:03.0140 3604 RDPREFMP - ok
13:12:03.0186 3604 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:12:03.0249 3604 RDPWD - ok
13:12:03.0296 3604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:12:03.0327 3604 rdyboost - ok
13:12:03.0358 3604 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:12:03.0420 3604 RemoteAccess - ok
13:12:03.0483 3604 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:12:03.0545 3604 RemoteRegistry - ok
13:12:03.0561 3604 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:12:03.0623 3604 RpcEptMapper - ok
13:12:03.0654 3604 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:12:03.0686 3604 RpcLocator - ok
13:12:03.0748 3604 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:12:03.0826 3604 RpcSs - ok
13:12:03.0873 3604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:12:03.0920 3604 rspndr - ok
13:12:03.0966 3604 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:03.0982 3604 SamSs - ok
13:12:04.0029 3604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:12:04.0044 3604 sbp2port - ok
13:12:04.0200 3604 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:12:04.0232 3604 SBSDWSCService - ok
13:12:04.0278 3604 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:12:04.0356 3604 SCardSvr - ok
13:12:04.0403 3604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:12:04.0481 3604 scfilter - ok
13:12:04.0606 3604 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:12:04.0731 3604 Schedule - ok
13:12:04.0762 3604 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:12:04.0809 3604 SCPolicySvc - ok
13:12:04.0856 3604 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:12:04.0902 3604 SDRSVC - ok
13:12:04.0980 3604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:12:05.0043 3604 secdrv - ok
13:12:05.0074 3604 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:12:05.0136 3604 seclogon - ok
13:12:05.0183 3604 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:12:05.0261 3604 SENS - ok
13:12:05.0277 3604 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:12:05.0324 3604 SensrSvc - ok
13:12:05.0339 3604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:12:05.0355 3604 Serenum - ok
13:12:05.0386 3604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:12:05.0417 3604 Serial - ok
13:12:05.0464 3604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:12:05.0495 3604 sermouse - ok
13:12:05.0542 3604 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:12:05.0604 3604 SessionEnv - ok
13:12:05.0636 3604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:12:05.0682 3604 sffdisk - ok
13:12:05.0698 3604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:12:05.0745 3604 sffp_mmc - ok
13:12:05.0760 3604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:12:05.0792 3604 sffp_sd - ok
13:12:05.0838 3604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:12:05.0885 3604 sfloppy - ok
13:12:05.0963 3604 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:12:06.0041 3604 SharedAccess - ok
13:12:06.0104 3604 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:12:06.0182 3604 ShellHWDetection - ok
13:12:06.0228 3604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:12:06.0244 3604 SiSRaid2 - ok
13:12:06.0291 3604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:12:06.0306 3604 SiSRaid4 - ok
13:12:06.0338 3604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:12:06.0400 3604 Smb - ok
13:12:06.0462 3604 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:12:06.0509 3604 SNMPTRAP - ok
13:12:06.0540 3604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:12:06.0556 3604 spldr - ok
13:12:06.0634 3604 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:12:06.0681 3604 Spooler - ok
13:12:06.0930 3604 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:12:07.0102 3604 sppsvc - ok
13:12:07.0242 3604 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:12:07.0336 3604 sppuinotify - ok
13:12:07.0632 3604 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
13:12:07.0632 3604 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
13:12:07.0648 3604 sptd ( LockedFile.Multi.Generic ) - warning
13:12:07.0648 3604 sptd - detected LockedFile.Multi.Generic (1)
13:12:07.0726 3604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:12:07.0804 3604 srv - ok
13:12:07.0882 3604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:12:07.0929 3604 srv2 - ok
13:12:07.0976 3604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:12:08.0007 3604 srvnet - ok
13:12:08.0085 3604 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:12:08.0178 3604 SSDPSRV - ok
13:12:08.0210 3604 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:12:08.0256 3604 SstpSvc - ok
13:12:08.0288 3604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:12:08.0303 3604 stexstor - ok
13:12:08.0397 3604 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:12:08.0428 3604 stisvc - ok
13:12:08.0459 3604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:12:08.0475 3604 swenum - ok
13:12:08.0537 3604 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:12:08.0615 3604 swprv - ok
13:12:08.0678 3604 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
13:12:08.0724 3604 SynTP - ok
13:12:08.0880 3604 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:12:08.0990 3604 SysMain - ok
13:12:09.0146 3604 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:12:09.0208 3604 TabletInputService - ok
13:12:09.0255 3604 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:12:09.0302 3604 TapiSrv - ok
13:12:09.0348 3604 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:12:09.0411 3604 TBS - ok
13:12:09.0629 3604 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:12:09.0723 3604 Tcpip - ok
13:12:10.0050 3604 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:12:10.0097 3604 TCPIP6 - ok
13:12:10.0206 3604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:12:10.0284 3604 tcpipreg - ok
13:12:10.0331 3604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:12:10.0394 3604 TDPIPE - ok
13:12:10.0425 3604 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:12:10.0472 3604 TDTCP - ok
13:12:10.0518 3604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:12:10.0596 3604 tdx - ok
13:12:10.0659 3604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:12:10.0690 3604 TermDD - ok
13:12:10.0784 3604 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:12:10.0862 3604 TermService - ok
13:12:10.0893 3604 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:12:10.0924 3604 Themes - ok
13:12:10.0955 3604 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:12:11.0018 3604 THREADORDER - ok
13:12:11.0064 3604 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:12:11.0158 3604 TrkWks - ok
13:12:11.0236 3604 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:12:11.0314 3604 TrustedInstaller - ok
13:12:11.0345 3604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:11.0376 3604 tssecsrv - ok
13:12:11.0439 3604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:12:11.0486 3604 TsUsbFlt - ok
13:12:11.0532 3604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:12:11.0610 3604 tunnel - ok
13:12:11.0642 3604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:12:11.0657 3604 uagp35 - ok
13:12:11.0688 3604 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
13:12:11.0704 3604 UBHelper - ok
13:12:11.0766 3604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:12:11.0844 3604 udfs - ok
13:12:11.0891 3604 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:12:11.0907 3604 UI0Detect - ok
13:12:11.0969 3604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:12:12.0000 3604 uliagpkx - ok
13:12:12.0032 3604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:12:12.0078 3604 umbus - ok
13:12:12.0125 3604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:12:12.0156 3604 UmPass - ok
13:12:12.0453 3604 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:12:12.0578 3604 UNS - ok
13:12:12.0656 3604 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
13:12:12.0687 3604 Updater Service - ok
13:12:12.0858 3604 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:12:12.0921 3604 upnphost - ok
13:12:12.0999 3604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:13.0061 3604 usbccgp - ok
13:12:13.0124 3604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:12:13.0155 3604 usbcir - ok
13:12:13.0170 3604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:12:13.0202 3604 usbehci - ok
13:12:13.0280 3604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:12:13.0326 3604 usbhub - ok
13:12:13.0358 3604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:12:13.0389 3604 usbohci - ok
13:12:13.0436 3604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:12:13.0482 3604 usbprint - ok
13:12:13.0529 3604 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:12:13.0560 3604 usbscan - ok
13:12:13.0592 3604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:13.0654 3604 USBSTOR - ok
13:12:13.0701 3604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:12:13.0748 3604 usbuhci - ok
13:12:13.0810 3604 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:12:13.0872 3604 usbvideo - ok
13:12:13.0904 3604 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:12:13.0982 3604 UxSms - ok
13:12:14.0028 3604 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:14.0044 3604 VaultSvc - ok
13:12:14.0106 3604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:12:14.0122 3604 vdrvroot - ok
13:12:14.0200 3604 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:12:14.0309 3604 vds - ok
13:12:14.0340 3604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:14.0387 3604 vga - ok
13:12:14.0403 3604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:12:14.0481 3604 VgaSave - ok
13:12:14.0528 3604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:12:14.0574 3604 vhdmp - ok
13:12:14.0621 3604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:12:14.0652 3604 viaide - ok
13:12:14.0684 3604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:12:14.0699 3604 volmgr - ok
13:12:14.0762 3604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:12:14.0777 3604 volmgrx - ok
13:12:14.0824 3604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:12:14.0840 3604 volsnap - ok
13:12:14.0886 3604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:12:14.0902 3604 vsmraid - ok
13:12:15.0074 3604 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:12:15.0183 3604 VSS - ok
13:12:15.0323 3604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:12:15.0354 3604 vwifibus - ok
13:12:15.0386 3604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:12:15.0417 3604 vwififlt - ok
13:12:15.0464 3604 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:12:15.0510 3604 W32Time - ok
13:12:15.0542 3604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:12:15.0573 3604 WacomPen - ok
13:12:15.0635 3604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:15.0744 3604 WANARP - ok
13:12:15.0760 3604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:15.0807 3604 Wanarpv6 - ok
13:12:15.0978 3604 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:12:16.0072 3604 wbengine - ok
13:12:16.0212 3604 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:12:16.0259 3604 WbioSrvc - ok
13:12:16.0322 3604 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:12:16.0384 3604 wcncsvc - ok
13:12:16.0415 3604 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:12:16.0431 3604 WcsPlugInService - ok
13:12:16.0478 3604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:12:16.0493 3604 Wd - ok
13:12:16.0556 3604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:12:16.0587 3604 Wdf01000 - ok
13:12:16.0602 3604 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:12:16.0696 3604 WdiServiceHost - ok
13:12:16.0696 3604 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:12:16.0727 3604 WdiSystemHost - ok
13:12:16.0774 3604 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:12:16.0821 3604 WebClient - ok
13:12:16.0883 3604 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:12:16.0961 3604 Wecsvc - ok
13:12:16.0992 3604 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:12:17.0055 3604 wercplsupport - ok
13:12:17.0086 3604 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:12:17.0148 3604 WerSvc - ok
13:12:17.0195 3604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:12:17.0258 3604 WfpLwf - ok
13:12:17.0273 3604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:12:17.0289 3604 WIMMount - ok
13:12:17.0304 3604 WinDefend - ok
13:12:17.0320 3604 WinHttpAutoProxySvc - ok
13:12:17.0382 3604 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:12:17.0460 3604 Winmgmt - ok
13:12:17.0648 3604 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:12:17.0772 3604 WinRM - ok
13:12:17.0944 3604 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:12:17.0975 3604 WinUsb - ok
13:12:18.0069 3604 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:12:18.0147 3604 Wlansvc - ok
13:12:18.0162 3604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:12:18.0178 3604 WmiAcpi - ok
13:12:18.0256 3604 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:12:18.0303 3604 wmiApSrv - ok
13:12:18.0334 3604 WMPNetworkSvc - ok
13:12:18.0365 3604 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:12:18.0396 3604 WPCSvc - ok
13:12:18.0443 3604 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:12:18.0474 3604 WPDBusEnum - ok
13:12:18.0490 3604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:12:18.0552 3604 ws2ifsl - ok
13:12:18.0615 3604 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:12:18.0677 3604 wscsvc - ok
13:12:18.0677 3604 WSearch - ok
13:12:18.0911 3604 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:12:19.0036 3604 wuauserv - ok
13:12:19.0223 3604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:12:19.0301 3604 WudfPf - ok
13:12:19.0332 3604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:19.0379 3604 WUDFRd - ok
13:12:19.0426 3604 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:12:19.0473 3604 wudfsvc - ok
13:12:19.0520 3604 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:12:19.0582 3604 WwanSvc - ok
13:12:19.0629 3604 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:12:20.0081 3604 \Device\Harddisk0\DR0 - ok
13:12:20.0081 3604 Boot (0x1200) (e9b75e49b72ecdb1077d1986502dbeb2) \Device\Harddisk0\DR0\Partition0
13:12:20.0097 3604 \Device\Harddisk0\DR0\Partition0 - ok
13:12:20.0112 3604 Boot (0x1200) (5ea9ac270f3130f5d584016ffa67017a) \Device\Harddisk0\DR0\Partition1
13:12:20.0112 3604 \Device\Harddisk0\DR0\Partition1 - ok
13:12:20.0144 3604 Boot (0x1200) (656dd6aad63bd0102c3dd4e86ffec0c3) \Device\Harddisk0\DR0\Partition2
13:12:20.0144 3604 \Device\Harddisk0\DR0\Partition2 - ok
13:12:20.0144 3604 ============================================================
13:12:20.0144 3604 Scan finished
13:12:20.0144 3604 ============================================================
13:12:20.0159 5040 Detected object count: 3
13:12:20.0159 5040 Actual detected object count: 3
13:12:43.0013 5040 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:12:43.0013 5040 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:12:43.0013 5040 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:12:43.0013 5040 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:12:43.0029 5040 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:12:43.0029 5040 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Nochmals Danke vorab!
Gruß

sieht gut aus.
malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Malewarebytes-log

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [Administrator]

Schutz: Deaktiviert

01.07.2012 14:20:09
mbam-log-2012-07-01 (14-20-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343158
Laufzeit: 47 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

sorry hat leider etwas länger gedauert

Acer eRecovery Management Acer Incorporated 05.05.2010 4.05.3011unbekannt
Acer Registration Acer Incorporated 20.07.2010 1.03.3003unbekannt
Acer ScreenSaver Acer Incorporated 20.07.2010 1.1.0423.2010unbekannt
Acer Updater Acer Incorporated 05.05.2010 1.02.3001unbekannt
Acrobat.com Adobe Systems Incorporated 05.05.2010 1,61MB 1.6.65
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 20.07.2010 10.0.45.2unbekannt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 29.06.2012 6,00MB 11.3.300.262unbekannt
Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 07.03.2012 167,9MB 10.1.2unbekannt
Ahnenblatt 2.70 Dirk Boettcher 11.04.2012 11,0MB 2.70.0.0 unnötig
Alcor Micro USB Card Reader Alcor Micro Corp. 05.05.2010 2,87MB 1.5.17.05094unbekannt
ATI Catalyst Install Manager ATI Technologies, Inc. 20.07.2010 22,1MB 3.0.758.0unbekannt
Avira Free Antivirus Avira 30.06.2012 125,2MB 12.0.0.1125 notwendig
Broadcom Gigabit NetLink Controller Broadcom Corporation 05.05.2010 0,37MB 12.52.03unbekannt
CCleaner Piriform2 8.11.20113.12 notwendig
CyberLink PowerDVD 9 CyberLink Corp.20.07.2010 113,8MB 9.0.2529.50 notwendig
eSobi v2 esobi Inc. 05.05.2010 20,4MB 2.0.4.000274unbekannt
FileZilla Client 3.5.0 03.07.2011 3.5.0 notwendig
GIMP 2.6.11 The GIMP Team 16.07.2011 107,7MB 2.6.11 unnötig
Identity Card Acer Incorporated 20.07.2010 1.00.3003unbekannt
Intel(R) Management Engine Components Intel Corporation 21.07.2010 6.0.0.1179unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 22.12.2011 9.6.0.1014unbekannt
Java(TM) 6 Update 31 Oracle 03.04.2012 95,1MB 6.0.310unbekannt
Launch Manager Acer Inc. 20.07.2010 4.0.8unbekannt
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 27.06.2012 18,0MB 1.61.0.1400notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.12.2010 38,8MB 4.0.30319unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 08.12.2010 2,94MB 4.0.30319unbekannt
Microsoft Office 2010 Microsoft Corporation 20.07.2010 6,31MB 14.0.4763.1000notwendig
Microsoft Office Enterprise 2007 Microsoft Corporation 28.11.2011 12.0.6612.1000notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 29.11.2011 7,95MB 14.0.5130.5003notwendig
Microsoft Silverlight Microsoft Corporation 11.05.2012 188,4MB 4.1.10329.0unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 20.07.2010 1,72MB 3.1.0000unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 08.12.2010 0,24MB 8.0.50727.4053unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.59193unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 10.12.2010 0,20MB 9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 20.07.2010 0,77MB 9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,77MB 9.0.30729.6161unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 03.01.2011 0,23MB 9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.05.2010 0,58MB 9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.12.2010 0,58MB 9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 20.10.2011 13,8MB 10.0.40219unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 20.10.2011 15,0MB 10.0.40219unbekannt
Mozilla Firefox 13.0.1 (x86 de) Mozilla 17.06.2012 36,5MB 13.0.1notwendig
Mozilla Maintenance Service Mozilla 17.06.2012 0,30MB 13.0.1unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 04.01.2011 1,28MB 4.20.9870.0unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 04.01.2011 1,33MB 4.20.9876.0unbekannt
MSXML 4.0 SP3 Parser Microsoft Corporation 07.06.2011 1,48MB 4.30.2100.0unbekannt
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 08.06.2011 1,53MB 4.30.2107.0unbekannt
NTI Backup Now 5 NewTech Infosystems 05.05.2010 466MB 5.1.2.628unbekannt
NTI Media Maker 8 NewTech Infosystems 05.05.2010 771MB 8.0.12.6630unbekannt
Nvu 1.0 Thorsten Fritz 19.06.2011 1.0notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 20.07.2010 6.0.1.6000unbekannt
RENESIS® Player Browser Plugins examotion® GmbH 03.01.2011 1,83MB 1.1.1unbekannt
Spybot - Search & Destroy Safer Networking Limited 27.06.2012 1.6.2 notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 20.07.2010 14.0.6.0unbekannt
Welcome Center Acer Incorporated 20.07.2010 1.01.3002unbekannt
Windows Live Anmelde-Assistent Microsoft Corporation 20.07.2010 1,94MB 5.000.818.5unbekannt
Windows Live Essentials Microsoft Corporation 20.07.2010 14.0.8089.0726unbekannt
Windows Live Sync Microsoft Corporation 20.07.2010 2,79MB 14.0.8089.726unbekannt
Windows Live-Uploadtool Microsoft Corporation 20.07.2010 0,22MB 14.0.8014.1029unbekannt
WinRAR 02.01.2011 notwendig

Gruß