Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2012, 20:37   #1
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo,

auch ich habe mir den GVU-Trojaner mit Webcam eingefangen. Mein PC läuft unter Windows 7 64bit. Ich habe die beschriebenen Anweisungen durchgeführt. Die log-files sind im Anhang.

Vielen Dank für die Hilfe schon im Vorraus.

Geändert von Selior (04.07.2012 um 20:47 Uhr)

Alt 05.07.2012, 15:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 05.07.2012, 17:39   #3
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Vielen Dank für die Antwort,

In der Zwischenzeit habe ich mich an den anderen Thread hier im Forum orientiert, die das Selbe Problem mit dem GVU-Trojaner schildern.
Zugreifen konnte ich auf das Internet erst wieder als ich die roper0dun.exe Datei aus dem Ordner in dem sie drinnen war in einen anderen verschoben habe. Davor lief der PC zwar, aber sobald man das Internet anschloss startete diese Trojaner-Meldung, was danach nicht mehr der Fall war. Dann wurde mir nur noch beim Neustart eine Fehlermeldung angezeigt, dass diese exe-Datei nicht ausgeführt werden konnte.
Daraufhin habe ich wie hier oben auf der Seite beschrieben Malwarebytes ausgeführt , wobei mir ein Treffer angezeigt wurde. Desweiteren habe ich den OLT-Scan durchgeführt und die betroffenen Pfade herausgesucht, also, diejenigen, die
ctfmon und
roper0dun sowie
nud0repor enthielten und alle vom gestrigen Tag stammten und sie wie hier schon im Forum beschrieben versucht zu löschen:

:OTL
…………………………………………
:Files
:Commands
[Reboot]

Seitdem läuft alles wieder normal. Malwarebytes zeigt keinen Treffer an. Auch der ESET Scanner zeigt keinen Treffer an.

Hier gebe ich noch die aktuellen Logs an:

Log des ESET Scan:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
         
Log des Malwarebytes Scans:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lukas :: 4820TG-PC [Administrator]

05.07.2012 18:07:02
mbam-log-2012-07-05 (18-07-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354923
Laufzeit: 17 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
neues OLT.txt Log:

Code:
ATTFilter
OTL logfile created on: 05.07.2012 18:30:38 - Run 5
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Lukas\weiter Software
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,71% Memory free
7,35 Gb Paging File | 5,25 Gb Available in Paging File | 71,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135,95 Gb Total Space | 68,71 Gb Free Space | 50,54% Space Free | Partition Type: NTFS
 
Computer Name: 4820TG-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 21:11:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\weiter Software\OTL.exe
PRC - [2012.05.23 16:20:18 | 000,364,544 | ---- | M] (Secure Banking) -- C:\Program Files (x86)\Secure Banking\SecureBanking.exe
PRC - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:32:31 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe
PRC - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.05.25 02:21:56 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.04.23 18:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 10:41:32 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.13 10:41:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.13 10:41:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.22 15:10:52 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\funcs.dll
MOD - [2012.05.22 15:09:44 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\SecureBanking.dll
MOD - [2012.05.10 19:11:36 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5e8f8f2c9fc237166053716f39f5ea67\IAStorUtil.ni.dll
MOD - [2012.05.09 18:07:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 18:07:05 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.09 18:06:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.09 18:06:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.09 18:06:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.09 18:06:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe
MOD - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.09.15 23:21:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.15 23:21:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.05.25 02:16:18 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.25 13:46:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.01 12:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.09.22 22:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.06.11 14:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:32:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:32:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.08 19:18:56 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.04.08 19:18:56 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.04.08 19:18:56 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.04.08 19:18:56 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.04.08 19:18:56 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M]
 
[2011.10.01 17:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.05.02 20:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\mclysl1s.default\extensions
[2012.03.28 13:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.25 13:46:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.28 13:23:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.28 13:23:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.28 13:23:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.28 13:23:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.28 13:23:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.28 13:23:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB20C9E-6688-4474-9D8C-78ED8197511A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.05 15:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2012.07.05 15:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2012.07.05 15:45:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\weiter Software
[2012.07.05 15:21:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.05 15:00:17 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2012
[2012.07.05 15:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2012
[2012.07.05 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Auslogics
[2012.07.05 14:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012.07.05 14:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012.07.04 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 20:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.04 20:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.22 13:24:53 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 13:24:53 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 13:24:53 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 13:24:51 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 13:24:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 13:24:51 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 13:24:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 13:24:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.17 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.13 10:30:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.13 10:29:37 | 000,000,000 | ---D | C] -- C:\2194756f52c55284dcf5
[2012.06.13 10:25:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 10:25:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 10:25:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 10:25:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 10:25:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 10:25:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 10:25:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 10:25:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 10:25:53 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 10:25:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 10:25:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 10:25:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 10:25:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 10:25:37 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 10:25:36 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 10:25:36 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 10:25:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 10:25:36 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 10:25:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 10:25:35 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 10:25:25 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 10:25:25 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 17:57:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.05 17:40:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 17:40:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 17:37:39 | 002,128,978 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.05 17:37:39 | 001,133,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.05 17:37:39 | 000,611,718 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.05 17:37:39 | 000,541,200 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 17:37:39 | 000,006,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.05 17:33:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.05 17:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 17:33:05 | 2962,239,488 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys
[2012.06.17 14:19:15 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.06.13 10:31:49 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 20:14:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.12 20:14:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys
[2012.06.17 14:19:15 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.04 18:31:34 | 000,007,605 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2011.09.23 17:04:56 | 000,000,192 | ---- | C] () -- C:\Windows\bctester_de.INI
[2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.20 17:48:48 | 001,777,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.05 19:23:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.10.05 12:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.05 11:50:31 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010.09.15 13:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.15 13:26:12 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.07.05 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Auslogics
[2011.11.04 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Bioshock2
[2012.07.01 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ
[2011.09.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Liteon
[2010.10.20 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PowerCinema
[2010.10.06 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer
[2012.07.04 19:28:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885

< End of report >
         
neues extras.txt Log:

Code:
ATTFilter
OTL Extras logfile created on: 05.07.2012 18:30:38 - Run 5
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Lukas\weiter Software
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,71% Memory free
7,35 Gb Paging File | 5,25 Gb Available in Paging File | 71,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135,95 Gb Total Space | 68,71 Gb Free Space | 50,54% Space Free | Partition Type: NTFS
 
Computer Name: 4820TG-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC47B5F-F6EB-400F-BCA8-C4303276F170}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1252D88D-3D04-4239-BD1F-242A62591980}" = rport=137 | protocol=17 | dir=out | app=system | 
"{27A8E58A-76B5-4049-8ED9-596A5A37BE59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2DFC9105-69EC-461F-B53C-41EBA91D520A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{35D458A4-B046-46FE-BC89-EC704849A694}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4E89F4E9-B660-4429-A719-2AC6BA0E583E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53C0A185-6C43-4740-8531-56F5200844C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{65104ED6-CB01-4815-931A-4CC5064AB5D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E200F37-187D-4870-B4F4-DFBBF53D07B8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6F7196AE-6F80-4CA6-957F-6671B8752D4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{753CE041-B888-4B62-AD4A-11B071BE262A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BAEDF57-DFE4-4FF9-B081-311E8DE01BE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{86108E43-C2F5-4934-8E50-378BB85BB784}" = lport=445 | protocol=6 | dir=in | app=system | 
"{93FA91C7-B959-4AC8-BB00-2CD3D423D15F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9456CA59-04A1-4699-9FC5-847F68409EF4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A1D3B092-69EB-44FE-A661-5243FE730F4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A55E70F4-C074-4E13-83E6-8E3C71C35C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A67E6D88-38BC-482C-A21E-334A2A663019}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A6A48515-4402-4089-B5EC-EA9D866A1DFD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A7BE9C7A-053A-40B8-B438-F8A04E931174}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BC5F2020-5497-4966-BE8C-CA8CD6249C31}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BE8BCBE9-8505-408E-B4EB-E4BF49FF354D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C18F4084-456B-4870-9E4D-A568FAE8A3BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C194F669-39B2-42A9-A525-37447008C760}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C3CA2124-C6DE-48E6-9073-FAC9B0762952}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4C9A318-A91E-438A-BE3D-A5BC7F9B0EFD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CC6AD082-9B09-4A03-BCC3-FFA37914E799}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF3A567A-974C-4782-9390-A8391B2F77CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F18C7CD7-E307-4CF7-8969-A632CFCB7F3F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F4C34652-D826-4082-856F-D13682C40CB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F5882FAE-D234-42C1-9A62-5C9973525830}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA1C5D6E-6A8D-4EF2-B32E-1E45A74A6F14}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF4DE3C7-B527-4EBD-9E08-2D6628958F8A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FF7174AF-81AD-4BCF-BBD7-3DA456C58A49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0113B23A-C4E1-4E90-B6C1-53C8C5E10BF9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0D4F7E16-A7A0-41A8-8645-750879DA9923}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0E37CD5A-D0DC-45E1-B52C-3C4DDD72D93E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{120D5056-B2C7-495B-BCAA-698D1F3712EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{13353E84-E7FA-4A04-BCDF-9600435A2037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{19812D5D-1857-4ED4-B679-95E92652B96F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{211AE16E-7C16-4E46-A90B-38C090B1717E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{25D461E7-2281-4D8B-A9DA-575CC98E16A7}" = protocol=58 | dir=in | app=system | 
"{2B788F59-7C1E-4160-99DD-6B8225366F28}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{329DE4DA-4A18-481B-B8C4-F27BB6F2CBD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3374B8A2-1EC7-4418-B180-B08BF6D6610F}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{361F847B-66EC-4A06-B653-62F1294F5E4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A64905A-B265-4D8D-BF8A-A059E2072C5E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{3DF931C6-9273-451C-9411-324E1C0F41E9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{4971D8D5-9C8D-42D1-B81F-2E2ED382CE19}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{4B89BB70-194F-47C6-9906-16CE0D11344F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{50253F4A-FF7B-492F-8661-E90CB84F51FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{520EA6AE-32A4-4292-A222-1B20176A6A92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{53C79C67-9843-437D-AC11-2C260B98351D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{570633B2-EB34-46A5-B26F-51B203B06CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{5DD11A71-AFFF-4A58-B379-31EF8A1D4EBF}" = protocol=6 | dir=out | app=system | 
"{64868A19-7961-4A30-A7CA-7499AC0AE4FE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{64BEB564-3794-4902-BACE-CC10CA36EDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{6C2BADD3-A971-4500-B3D6-E866D40F536C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{735FCC98-F9A4-4A90-8843-2D31C231F7F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{76F66C44-7605-493F-8B8C-0B08495A0CE6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{80D9762C-9FEE-465D-9913-81DAAC670106}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{839D0C4A-BD7E-4E68-A315-8BB4607F6F83}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{86CA1006-CDB6-444D-9F17-D9E9FDF41433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8CD4D3DF-4C41-4A87-A561-F39AB2CD2326}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{93660832-4868-455A-9FA2-14D843EDFBA4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9C6CA746-D40C-4666-8052-ABC996D8178F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9EBF261E-4CD9-4D56-A7F4-E2F43190A5BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9FF3B066-5040-4AF9-B783-2B95606AF20A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A34B0014-F9C7-4B6B-A498-29E60B8388FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A44F0737-B9DE-45A5-9D3C-3D925EE6DD97}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{A6737B58-9871-4441-A8F7-E7DE23EADE20}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{BA522269-A9E8-4798-A626-98242923EDC8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{BD372510-DB8B-4C1E-9A97-E0C1E7B0C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{BE491F30-A31E-4F24-91B6-7A330D936D96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D12C34DF-1711-4E66-8E76-E5792E7B447B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D7E92FEC-C8E2-4912-A337-D75E1BDEE0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{D82C2FF4-FBCA-4F82-A4B1-2B5EC8E26EA9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DC8771D8-D7F4-4363-A9CD-2AA4F2149ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E37337CB-E3A7-496C-8D8F-747AF483659C}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{E480B816-3D56-4CBE-8655-3B3789E40315}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E7F7FC98-DC47-4936-A48C-B69AE887C695}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{E8800A77-4519-4D6F-86E6-90C1AAA27B2E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ECF7A4DF-76A4-4648-BB62-350C2154D78A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EFBA89E2-A199-4123-8D87-F0AFC1780280}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"TCP Query User{680D4B46-95AF-415A-9672-A04D24909D08}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{8D57D214-E1D0-4659-85F4-95BF23498A5E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{96306ACC-807B-43D2-B0D5-6E0089E413A3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{9C626739-D131-4022-8594-290C2CB08CED}C:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"TCP Query User{D5DC1D19-B4EE-418A-8672-ABACC711FF6D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{D8BCE3DA-748D-49C3-9161-CE42902706A3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{555E3842-7E03-4DE7-8D49-EBCB2E8B94C4}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{5561968B-78D0-478D-8DF9-F249A7E32A03}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{61279944-9B13-409D-936F-2BC9D48C77AF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{DCB0AC63-99DE-4B49-90D0-B4FA15973DE6}C:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"UDP Query User{F6D637EA-ED36-40B1-AEA5-2F41DDA832A6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{F93558BC-2766-4260-8B8C-0A324F11E622}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C6615A-A8FF-4175-8B25-9DADCE1D02B7}_is1" = Secure Banking Version 1.4.6
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5454085C-129F-416C-9C0B-8B1000048301}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000048302}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000048303}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038302}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038303}" = BioShock 2
"{568502E8-5167-11DE-A65F-B57B56D89593}" = Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010)
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Microsoft Outlook 2010
"ESET Online Scanner" = ESET Online Scanner v3
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"jv16 PowerTools 2011" = jv16 PowerTools 2012
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Sigma Data Center" = Sigma Data Center
"Steam App 72850" = The Elder Scrolls V: Skyrim
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2012 08:37:11 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 05.07.2012 08:51:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 05.07.2012 08:51:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 05.07.2012 08:51:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 05.07.2012 09:33:08 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 05.07.2012 09:33:08 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 05.07.2012 09:33:08 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 05.07.2012 11:37:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 05.07.2012 11:37:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 05.07.2012 11:37:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 15.06.2012 10:37:29 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 17.06.2012 08:00:50 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 13:58:26 unerwartet heruntergefahren.
 
Error - 17.06.2012 14:28:25 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 20:27:11 unerwartet heruntergefahren.
 
Error - 19.06.2012 14:39:45 | Computer Name = 4820TG-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.06.2012 03:45:51 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?06.?2012 um 09:44:52 unerwartet heruntergefahren.
 
Error - 20.06.2012 12:33:08 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 20.06.2012 12:33:08 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 30.06.2012 17:04:42 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?06.?2012 um 23:01:53 unerwartet heruntergefahren.
 
Error - 30.06.2012 17:04:55 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 03.07.2012 09:17:33 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
__________________

Alt 05.07.2012, 19:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Zitat:
wobei mir ein Treffer angezeigt wurde.
Schön und genau das Log postest du nicht!

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 20:40   #5
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



In diesem Log wurde genau die von mir beschriebene exe-Datei als Treffer angegeben.
Also C:\users\AppData\Local\Temp\roper0dun.exe.

Diese konnte ich wie beschrieben entfernen und wird nicht mehr angezeigt.

Hier nun nochmal der ESET-Scan log:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=da10a3a01108c746a59c77a2f499dd47
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 07:36:47
# local_time=2012-07-05 09:36:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 22733915 22733915 0 0
# compatibility_mode=5893 16776573 100 94 17686 93145555 0 0
# compatibility_mode=8192 67108863 100 0 13003 13003 0 0
# scanned=134436
# found=0
# cleaned=0
# scan_time=1302
         


Alt 05.07.2012, 21:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> GVU-Trojaner eingefangen

Alt 05.07.2012, 21:28   #7
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Ok, also hier die antworten:

1. Der normale Modus von Windows geht wieder uneingeschränkt. Der PC fährt ganz normal hoch und auch das Internet lässt sich ohne Probleme öffnen. Der Task-Manager, den man auch nicht öffnen konnte lässt sich ebenfalls wieder ganz normal öffnen.

2.Auch im Startmenu ist alles normal, da sind nur Ordner zu Programmen die ich auch kenne.

Alt 05.07.2012, 21:42   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 22:04   #9
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



So, ich habe nun den OTL-Scan gemacht:

Code:
ATTFilter
OTL logfile created on: 05.07.2012 22:51:43 - Run 6
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Lukas\weiter Software
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 63,24% Memory free
7,35 Gb Paging File | 5,80 Gb Available in Paging File | 78,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135,95 Gb Total Space | 70,28 Gb Free Space | 51,70% Space Free | Partition Type: NTFS
 
Computer Name: 4820TG-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 21:11:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\weiter Software\OTL.exe
PRC - [2012.05.23 16:20:18 | 000,364,544 | ---- | M] (Secure Banking) -- C:\Program Files (x86)\Secure Banking\SecureBanking.exe
PRC - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:32:31 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.05.25 02:21:56 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.04.23 18:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 10:41:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.13 10:41:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.22 15:10:52 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\funcs.dll
MOD - [2012.05.22 15:09:44 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\SecureBanking.dll
MOD - [2012.05.10 19:11:36 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5e8f8f2c9fc237166053716f39f5ea67\IAStorUtil.ni.dll
MOD - [2012.05.09 18:07:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 18:07:05 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.09 18:06:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.09 18:06:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.09 18:06:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.09 18:06:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe
MOD - [2010.09.15 23:21:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.15 23:21:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.05.25 02:16:18 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.25 13:46:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.01 12:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.09.22 22:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.06.11 14:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:32:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:32:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.08 19:18:56 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.04.08 19:18:56 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.04.08 19:18:56 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.04.08 19:18:56 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.04.08 19:18:56 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693
IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M]
 
[2011.10.01 17:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.05.02 20:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\mclysl1s.default\extensions
[2012.03.28 13:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.25 13:46:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.28 13:23:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.28 13:23:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.28 13:23:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.28 13:23:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.28 13:23:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.28 13:23:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB20C9E-6688-4474-9D8C-78ED8197511A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 19:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.05 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.05 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.05 15:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2012.07.05 15:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2012.07.05 15:45:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\weiter Software
[2012.07.05 15:21:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.05 15:00:17 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2012
[2012.07.05 15:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2012
[2012.07.05 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Auslogics
[2012.07.04 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 20:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.04 20:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.17 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.13 10:30:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.13 10:29:37 | 000,000,000 | ---D | C] -- C:\2194756f52c55284dcf5
[1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 22:53:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 22:53:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 22:51:15 | 002,173,354 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.05 22:51:15 | 001,146,586 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.05 22:51:15 | 000,625,926 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.05 22:51:15 | 000,554,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 22:51:15 | 000,006,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.05 22:46:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.05 22:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 22:46:35 | 2962,239,488 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 21:57:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys
[2012.06.17 14:19:15 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.06.13 10:31:49 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys
[2012.06.17 14:19:15 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.04 18:31:34 | 000,007,605 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
[2011.09.23 17:04:56 | 000,000,192 | ---- | C] () -- C:\Windows\bctester_de.INI
[2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.20 17:48:48 | 001,777,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.05 19:23:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.10.05 12:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.05 11:50:31 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010.09.15 13:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.15 13:26:12 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.07.05 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Auslogics
[2011.11.04 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Bioshock2
[2012.07.01 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ
[2011.09.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Liteon
[2010.10.20 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PowerCinema
[2010.10.06 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer
[2012.07.04 19:28:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.26 18:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Adobe
[2010.10.04 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ATI
[2012.07.05 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Auslogics
[2011.10.16 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Avira
[2011.11.04 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Bioshock2
[2010.10.20 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\CyberLink
[2012.05.07 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Google
[2012.07.01 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ
[2010.10.04 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Identities
[2010.10.04 11:55:05 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Intel Corporation
[2011.09.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Liteon
[2010.10.04 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Macromedia
[2012.07.04 20:49:57 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Media Center Programs
[2012.05.27 12:24:34 | 000,000,000 | --SD | M] -- C:\Users\Lukas\AppData\Roaming\Microsoft
[2011.11.24 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mozilla
[2010.10.20 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PowerCinema
[2010.10.13 19:17:17 | 000,000,000 | RH-D | M] -- C:\Users\Lukas\AppData\Roaming\SecuROM
[2010.10.06 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.06.26 18:33:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Lukas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885

< End of report >
         
Ich möchte mich auch für die Hilfe bedanken, denn ich weis eben nicht in wie weit der Trojaner nun entfernt ist

Alt 06.07.2012, 08:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.07.2012, 13:52   #11
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Ich habe den OTL-Fix nun durchgeführt und den Viranscanner dabei auch deaktiviert. Nach einem Neustart erschien folgendes log:

Code:
ATTFilter
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found!
C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Lukas\AppData\Local\Temp\OICE_FF9472BE-0AAF-4101-AF80-73F1808AD2E4.0\ABBE0378. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_E2829948-02DC-4F65-B30F-A866DED4C79D.0\B85D58A7. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found!
File C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.06 14:43:25 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
[2012.07.06 12:00:54 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...
         

Alt 06.07.2012, 14:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Log sieht irgendwie unvollständig aus
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.07.2012, 18:25   #13
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Ich habe es nochmal wiederholt und den Inhalt des Befehls getrennt:

Code:
ATTFilter
All processes killed
========== OTL ==========
Unable to delete ADS C:\ProgramData\Temp:CDFF58FE .
Unable to delete ADS C:\ProgramData\Temp:93EB7685 .
Unable to delete ADS C:\ProgramData\Temp:5D7E5A8F .
Unable to delete ADS C:\ProgramData\Temp:E36F5B57 .
Unable to delete ADS C:\ProgramData\Temp:1A60DE96 .
Unable to delete ADS C:\ProgramData\Temp:E1F04E8D .
Unable to delete ADS C:\ProgramData\Temp:0B9176C0 .
Unable to delete ADS C:\ProgramData\Temp:4D066AD2 .
Unable to delete ADS C:\ProgramData\Temp:798A3728 .
Unable to delete ADS C:\ProgramData\Temp:E3C56885 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lukas
->Temp folder emptied: 73532 bytes
->Temporary Internet Files folder emptied: 1241247 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6142341 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Lukas
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
         
Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
File C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin not found.
File C:\Windows\90C7D912BE2316.sys not found.
File C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin not found.
File C:\Windows\90C7D912BE2316.sys not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lukas
->Temp folder emptied: 4428 bytes
->Temporary Internet Files folder emptied: 33318 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Lukas
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_175915

Files\Folders moved on Reboot...
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_FF9472BE-0AAF-4101-AF80-73F1808AD2E4.0\ABBE0378. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_E2829948-02DC-4F65-B30F-A866DED4C79D.0\B85D58A7. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found!
File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found!
C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Lukas\AppData\Local\Temp\OICE_FF9472BE-0AAF-4101-AF80-73F1808AD2E4.0\ABBE0378. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_E2829948-02DC-4F65-B30F-A866DED4C79D.0\B85D58A7. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found!
File C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found!
File C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.06 17:59:54 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5

Registry entries deleted on Reboot...
         

Ich denke ich lasse es erst einmal so wie es ist, denn im Moment läuft alles wieder normal. Es scheint sich auch nichts mehr finden zu lassen.

Alt 09.07.2012, 08:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.07.2012, 17:05   #15
Selior
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hier ist das log:

Code:
ATTFilter
18:02:31.0271 3828	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
18:02:31.0334 3828	============================================================
18:02:31.0334 3828	Current date / time: 2012/07/09 18:02:31.0334
18:02:31.0334 3828	SystemInfo:
18:02:31.0334 3828	
18:02:31.0334 3828	OS Version: 6.1.7600 ServicePack: 0.0
18:02:31.0334 3828	Product type: Workstation
18:02:31.0334 3828	ComputerName: 4820TG-PC
18:02:31.0334 3828	UserName: Lukas
18:02:31.0334 3828	Windows directory: C:\Windows
18:02:31.0334 3828	System windows directory: C:\Windows
18:02:31.0334 3828	Running under WOW64
18:02:31.0334 3828	Processor architecture: Intel x64
18:02:31.0334 3828	Number of processors: 4
18:02:31.0334 3828	Page size: 0x1000
18:02:31.0334 3828	Boot type: Normal boot
18:02:31.0334 3828	============================================================
18:02:31.0521 3828	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:02:31.0552 3828	============================================================
18:02:31.0552 3828	\Device\Harddisk0\DR0:
18:02:31.0552 3828	MBR partitions:
18:02:31.0552 3828	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
18:02:31.0552 3828	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x10FE6800
18:02:31.0552 3828	============================================================
18:02:31.0552 3828	C: <-> \Device\Harddisk0\DR0\Partition1
18:02:31.0552 3828	============================================================
18:02:31.0552 3828	Initialize success
18:02:31.0552 3828	============================================================
18:02:36.0856 5888	============================================================
18:02:36.0856 5888	Scan started
18:02:36.0856 5888	Mode: Manual; SigCheck; TDLFS; 
18:02:36.0856 5888	============================================================
18:02:37.0043 5888	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:02:37.0106 5888	1394ohci - ok
18:02:37.0121 5888	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:02:37.0137 5888	ACPI - ok
18:02:37.0137 5888	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:02:37.0153 5888	AcpiPmi - ok
18:02:37.0168 5888	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:02:37.0168 5888	AdobeARMservice - ok
18:02:37.0184 5888	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:02:37.0199 5888	adp94xx - ok
18:02:37.0215 5888	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:02:37.0231 5888	adpahci - ok
18:02:37.0231 5888	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:02:37.0246 5888	adpu320 - ok
18:02:37.0246 5888	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:02:37.0277 5888	AeLookupSvc - ok
18:02:37.0293 5888	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:02:37.0309 5888	AFD - ok
18:02:37.0309 5888	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:02:37.0324 5888	agp440 - ok
18:02:37.0324 5888	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:02:37.0340 5888	ALG - ok
18:02:37.0340 5888	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:02:37.0340 5888	aliide - ok
18:02:37.0355 5888	AMD External Events Utility (671d9dca48da807780d8409c18ed0ae0) C:\Windows\system32\atiesrxx.exe
18:02:37.0371 5888	AMD External Events Utility - ok
18:02:37.0371 5888	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:02:37.0387 5888	amdide - ok
18:02:37.0387 5888	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:02:37.0387 5888	AmdK8 - ok
18:02:37.0621 5888	amdkmdag        (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys
18:02:37.0683 5888	amdkmdag - ok
18:02:37.0730 5888	amdkmdap        (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys
18:02:37.0745 5888	amdkmdap - ok
18:02:37.0745 5888	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:02:37.0761 5888	AmdPPM - ok
18:02:37.0777 5888	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:02:37.0777 5888	amdsata - ok
18:02:37.0792 5888	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:02:37.0808 5888	amdsbs - ok
18:02:37.0808 5888	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:02:37.0823 5888	amdxata - ok
18:02:37.0823 5888	AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
18:02:37.0823 5888	AmUStor - ok
18:02:37.0839 5888	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:02:37.0855 5888	AntiVirSchedulerService - ok
18:02:37.0855 5888	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:02:37.0870 5888	AntiVirService - ok
18:02:37.0870 5888	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:02:37.0886 5888	AppID - ok
18:02:37.0886 5888	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:02:37.0917 5888	AppIDSvc - ok
18:02:37.0933 5888	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:02:37.0933 5888	Appinfo - ok
18:02:37.0933 5888	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:02:37.0948 5888	arc - ok
18:02:37.0948 5888	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:02:37.0964 5888	arcsas - ok
18:02:37.0979 5888	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:02:37.0979 5888	aspnet_state - ok
18:02:37.0979 5888	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:02:38.0011 5888	AsyncMac - ok
18:02:38.0011 5888	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:02:38.0026 5888	atapi - ok
18:02:38.0089 5888	athr            (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
18:02:38.0135 5888	athr - ok
18:02:38.0182 5888	AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
18:02:38.0213 5888	AtiHdmiService - ok
18:02:38.0245 5888	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:02:38.0276 5888	AudioEndpointBuilder - ok
18:02:38.0276 5888	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:02:38.0323 5888	AudioSrv - ok
18:02:38.0323 5888	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:02:38.0338 5888	avgntflt - ok
18:02:38.0338 5888	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:02:38.0354 5888	avipbb - ok
18:02:38.0354 5888	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:02:38.0369 5888	avkmgr - ok
18:02:38.0369 5888	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:02:38.0385 5888	AxInstSV - ok
18:02:38.0401 5888	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:02:38.0401 5888	b06bdrv - ok
18:02:38.0416 5888	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:02:38.0432 5888	b57nd60a - ok
18:02:38.0557 5888	BCM43XX         (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:02:38.0603 5888	BCM43XX - ok
18:02:38.0603 5888	BcmSqlStartupSvc (2e552b658273b90251e0441631de2ca3) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:02:38.0619 5888	BcmSqlStartupSvc - ok
18:02:38.0650 5888	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:02:38.0650 5888	BDESVC - ok
18:02:38.0666 5888	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:02:38.0697 5888	Beep - ok
18:02:38.0728 5888	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:02:38.0759 5888	BFE - ok
18:02:38.0791 5888	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
18:02:38.0837 5888	BITS - ok
18:02:38.0837 5888	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:02:38.0853 5888	blbdrive - ok
18:02:38.0853 5888	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:02:38.0869 5888	bowser - ok
18:02:38.0869 5888	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:02:38.0869 5888	BrFiltLo - ok
18:02:38.0884 5888	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:02:38.0884 5888	BrFiltUp - ok
18:02:38.0900 5888	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:02:38.0931 5888	Browser - ok
18:02:38.0931 5888	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:02:38.0947 5888	Brserid - ok
18:02:38.0947 5888	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:02:38.0962 5888	BrSerWdm - ok
18:02:38.0962 5888	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:02:38.0978 5888	BrUsbMdm - ok
18:02:38.0978 5888	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:02:38.0993 5888	BrUsbSer - ok
18:02:38.0993 5888	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:02:38.0993 5888	BthEnum - ok
18:02:39.0009 5888	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:02:39.0009 5888	BTHMODEM - ok
18:02:39.0025 5888	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:02:39.0025 5888	BthPan - ok
18:02:39.0040 5888	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
18:02:39.0056 5888	BTHPORT - ok
18:02:39.0056 5888	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:02:39.0087 5888	bthserv - ok
18:02:39.0103 5888	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
18:02:39.0103 5888	BTHUSB - ok
18:02:39.0134 5888	btwampfl        (3aff6dc496b8a8d12c867e3fc7c86fac) C:\Windows\system32\drivers\btwampfl.sys
18:02:39.0149 5888	btwampfl - ok
18:02:39.0165 5888	btwaudio        (336bba0909b3636ab7d06a71d7b1c0dc) C:\Windows\system32\drivers\btwaudio.sys
18:02:39.0165 5888	btwaudio - ok
18:02:39.0181 5888	btwavdt         (9ff58f76024d25784755b01f926b00be) C:\Windows\system32\DRIVERS\btwavdt.sys
18:02:39.0181 5888	btwavdt - ok
18:02:39.0227 5888	btwdins         (26a80d7aca49e03a403806418b5fed46) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:02:39.0243 5888	btwdins - ok
18:02:39.0259 5888	btwl2cap        (b1acfd00cdd13b48d86f46bfec153bf9) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:02:39.0259 5888	btwl2cap - ok
18:02:39.0259 5888	btwrchid        (edd953d635f3aa89ef902e3f82d60d22) C:\Windows\system32\DRIVERS\btwrchid.sys
18:02:39.0274 5888	btwrchid - ok
18:02:39.0274 5888	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:02:39.0305 5888	cdfs - ok
18:02:39.0305 5888	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:02:39.0321 5888	cdrom - ok
18:02:39.0321 5888	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:02:39.0352 5888	CertPropSvc - ok
18:02:39.0352 5888	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:02:39.0368 5888	circlass - ok
18:02:39.0383 5888	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:02:39.0399 5888	CLFS - ok
18:02:39.0399 5888	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:39.0415 5888	clr_optimization_v2.0.50727_32 - ok
18:02:39.0415 5888	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:02:39.0430 5888	clr_optimization_v2.0.50727_64 - ok
18:02:39.0446 5888	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:39.0446 5888	clr_optimization_v4.0.30319_32 - ok
18:02:39.0461 5888	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:02:39.0461 5888	clr_optimization_v4.0.30319_64 - ok
18:02:39.0477 5888	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:02:39.0477 5888	CmBatt - ok
18:02:39.0477 5888	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:02:39.0493 5888	cmdide - ok
18:02:39.0508 5888	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:02:39.0524 5888	CNG - ok
18:02:39.0524 5888	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:02:39.0539 5888	Compbatt - ok
18:02:39.0539 5888	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:02:39.0555 5888	CompositeBus - ok
18:02:39.0555 5888	COMSysApp - ok
18:02:39.0555 5888	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:02:39.0571 5888	crcdisk - ok
18:02:39.0571 5888	CryptSvc        (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
18:02:39.0586 5888	CryptSvc - ok
18:02:39.0586 5888	dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
18:02:39.0602 5888	dc3d - ok
18:02:39.0617 5888	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:02:39.0649 5888	DcomLaunch - ok
18:02:39.0664 5888	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:02:39.0695 5888	defragsvc - ok
18:02:39.0711 5888	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:02:39.0711 5888	DfsC - ok
18:02:39.0727 5888	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:02:39.0742 5888	Dhcp - ok
18:02:39.0742 5888	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:02:39.0773 5888	discache - ok
18:02:39.0773 5888	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:02:39.0789 5888	Disk - ok
18:02:39.0805 5888	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:02:39.0805 5888	Dnscache - ok
18:02:39.0820 5888	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:02:39.0851 5888	dot3svc - ok
18:02:39.0851 5888	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:02:39.0883 5888	DPS - ok
18:02:39.0883 5888	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:02:39.0898 5888	drmkaud - ok
18:02:39.0914 5888	DsiWMIService   (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:02:39.0914 5888	DsiWMIService - ok
18:02:39.0961 5888	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:02:39.0992 5888	DXGKrnl - ok
18:02:39.0992 5888	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:02:40.0023 5888	EapHost - ok
18:02:40.0132 5888	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:02:40.0179 5888	ebdrv - ok
18:02:40.0210 5888	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:02:40.0226 5888	EFS - ok
18:02:40.0257 5888	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:02:40.0273 5888	ehRecvr - ok
18:02:40.0288 5888	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:02:40.0304 5888	ehSched - ok
18:02:40.0335 5888	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:02:40.0351 5888	elxstor - ok
18:02:40.0382 5888	ePowerSvc       (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
18:02:40.0397 5888	ePowerSvc - ok
18:02:40.0444 5888	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:02:40.0444 5888	ErrDev - ok
18:02:40.0475 5888	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:02:40.0507 5888	EventSystem - ok
18:02:40.0507 5888	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:02:40.0538 5888	exfat - ok
18:02:40.0553 5888	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:02:40.0585 5888	fastfat - ok
18:02:40.0600 5888	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:02:40.0616 5888	Fax - ok
18:02:40.0631 5888	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:02:40.0631 5888	fdc - ok
18:02:40.0631 5888	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:02:40.0663 5888	fdPHost - ok
18:02:40.0663 5888	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:02:40.0694 5888	FDResPub - ok
18:02:40.0709 5888	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:02:40.0709 5888	FileInfo - ok
18:02:40.0709 5888	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:02:40.0741 5888	Filetrace - ok
18:02:40.0741 5888	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:02:40.0756 5888	flpydisk - ok
18:02:40.0772 5888	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:02:40.0772 5888	FltMgr - ok
18:02:40.0803 5888	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:02:40.0819 5888	FontCache - ok
18:02:40.0819 5888	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:02:40.0834 5888	FontCache3.0.0.0 - ok
18:02:40.0834 5888	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:02:40.0850 5888	FsDepends - ok
18:02:40.0850 5888	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:02:40.0865 5888	Fs_Rec - ok
18:02:40.0865 5888	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:02:40.0881 5888	fvevol - ok
18:02:40.0881 5888	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:02:40.0897 5888	gagp30kx - ok
18:02:40.0928 5888	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:02:40.0943 5888	gpsvc - ok
18:02:40.0943 5888	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:02:40.0959 5888	GREGService - ok
18:02:40.0959 5888	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:02:40.0975 5888	gupdate - ok
18:02:40.0975 5888	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:02:40.0975 5888	gupdatem - ok
18:02:40.0990 5888	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:02:41.0006 5888	gusvc - ok
18:02:41.0006 5888	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:02:41.0006 5888	hcw85cir - ok
18:02:41.0037 5888	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:02:41.0037 5888	HdAudAddService - ok
18:02:41.0053 5888	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:02:41.0068 5888	HDAudBus - ok
18:02:41.0068 5888	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:02:41.0084 5888	HECIx64 - ok
18:02:41.0084 5888	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:02:41.0084 5888	HidBatt - ok
18:02:41.0099 5888	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:02:41.0099 5888	HidBth - ok
18:02:41.0115 5888	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:02:41.0131 5888	HidIr - ok
18:02:41.0131 5888	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:02:41.0162 5888	hidserv - ok
18:02:41.0162 5888	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:02:41.0162 5888	HidUsb - ok
18:02:41.0177 5888	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:02:41.0209 5888	hkmsvc - ok
18:02:41.0209 5888	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:02:41.0224 5888	HomeGroupListener - ok
18:02:41.0224 5888	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:02:41.0240 5888	HomeGroupProvider - ok
18:02:41.0240 5888	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:02:41.0255 5888	HpSAMD - ok
18:02:41.0287 5888	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:02:41.0318 5888	HTTP - ok
18:02:41.0318 5888	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:02:41.0318 5888	hwpolicy - ok
18:02:41.0333 5888	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:02:41.0333 5888	i8042prt - ok
18:02:41.0349 5888	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
18:02:41.0365 5888	iaStor - ok
18:02:41.0365 5888	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:02:41.0380 5888	IAStorDataMgrSvc - ok
18:02:41.0396 5888	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:02:41.0396 5888	iaStorV - ok
18:02:41.0427 5888	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:02:41.0443 5888	idsvc - ok
18:02:41.0458 5888	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:02:41.0458 5888	iirsp - ok
18:02:41.0489 5888	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:02:41.0536 5888	IKEEXT - ok
18:02:41.0536 5888	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
18:02:41.0552 5888	Impcd - ok
18:02:41.0630 5888	IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys
18:02:41.0677 5888	IntcAzAudAddService - ok
18:02:41.0723 5888	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:02:41.0739 5888	intelide - ok
18:02:42.0145 5888	intelkmd        (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdpmd64.sys
18:02:42.0238 5888	intelkmd - ok
18:02:42.0285 5888	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:02:42.0285 5888	intelppm - ok
18:02:42.0301 5888	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:02:42.0332 5888	IPBusEnum - ok
18:02:42.0332 5888	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:02:42.0363 5888	IpFilterDriver - ok
18:02:42.0379 5888	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:02:42.0410 5888	iphlpsvc - ok
18:02:42.0425 5888	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:02:42.0425 5888	IPMIDRV - ok
18:02:42.0425 5888	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:02:42.0457 5888	IPNAT - ok
18:02:42.0457 5888	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:02:42.0472 5888	IRENUM - ok
18:02:42.0472 5888	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:02:42.0488 5888	isapnp - ok
18:02:42.0503 5888	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:02:42.0503 5888	iScsiPrt - ok
18:02:42.0503 5888	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:02:42.0519 5888	kbdclass - ok
18:02:42.0519 5888	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:02:42.0535 5888	kbdhid - ok
18:02:42.0535 5888	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:02:42.0550 5888	KeyIso - ok
18:02:42.0550 5888	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:02:42.0550 5888	KSecDD - ok
18:02:42.0566 5888	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:02:42.0566 5888	KSecPkg - ok
18:02:42.0581 5888	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:02:42.0597 5888	ksthunk - ok
18:02:42.0613 5888	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:02:42.0644 5888	KtmRm - ok
18:02:42.0659 5888	L1C             (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:02:42.0659 5888	L1C - ok
18:02:42.0675 5888	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
18:02:42.0675 5888	LanmanServer - ok
18:02:42.0691 5888	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:02:42.0722 5888	LanmanWorkstation - ok
18:02:42.0722 5888	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:02:42.0753 5888	lltdio - ok
18:02:42.0769 5888	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:02:42.0800 5888	lltdsvc - ok
18:02:42.0800 5888	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:02:42.0831 5888	lmhosts - ok
18:02:42.0847 5888	LMS             (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:02:42.0847 5888	LMS ( UnsignedFile.Multi.Generic ) - warning
18:02:42.0847 5888	LMS - detected UnsignedFile.Multi.Generic (1)
18:02:42.0847 5888	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:02:42.0862 5888	LSI_FC - ok
18:02:42.0862 5888	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:02:42.0878 5888	LSI_SAS - ok
18:02:42.0878 5888	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:02:42.0893 5888	LSI_SAS2 - ok
18:02:42.0893 5888	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:02:42.0909 5888	LSI_SCSI - ok
18:02:42.0909 5888	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:02:42.0940 5888	luafv - ok
18:02:42.0940 5888	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:02:42.0956 5888	Mcx2Svc - ok
18:02:42.0956 5888	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:02:42.0971 5888	megasas - ok
18:02:42.0971 5888	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:02:42.0987 5888	MegaSR - ok
18:02:43.0003 5888	Microsoft SharePoint Workspace Audit Service - ok
18:02:43.0003 5888	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:02:43.0034 5888	MMCSS - ok
18:02:43.0034 5888	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:02:43.0065 5888	Modem - ok
18:02:43.0065 5888	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:02:43.0081 5888	monitor - ok
18:02:43.0081 5888	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:02:43.0081 5888	mouclass - ok
18:02:43.0096 5888	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:02:43.0096 5888	mouhid - ok
18:02:43.0096 5888	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:02:43.0112 5888	mountmgr - ok
18:02:43.0127 5888	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:02:43.0127 5888	MozillaMaintenance - ok
18:02:43.0143 5888	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:02:43.0143 5888	mpio - ok
18:02:43.0143 5888	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:02:43.0174 5888	mpsdrv - ok
18:02:43.0205 5888	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:02:43.0237 5888	MpsSvc - ok
18:02:43.0237 5888	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:02:43.0252 5888	MRxDAV - ok
18:02:43.0252 5888	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:02:43.0268 5888	mrxsmb - ok
18:02:43.0283 5888	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:02:43.0283 5888	mrxsmb10 - ok
18:02:43.0299 5888	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:02:43.0315 5888	mrxsmb20 - ok
18:02:43.0315 5888	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:02:43.0315 5888	msahci - ok
18:02:43.0330 5888	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:02:43.0330 5888	msdsm - ok
18:02:43.0346 5888	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:02:43.0346 5888	MSDTC - ok
18:02:43.0361 5888	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:02:43.0393 5888	Msfs - ok
18:02:43.0393 5888	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:02:43.0408 5888	mshidkmdf - ok
18:02:43.0424 5888	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:02:43.0424 5888	msisadrv - ok
18:02:43.0439 5888	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:02:43.0471 5888	MSiSCSI - ok
18:02:43.0471 5888	msiserver - ok
18:02:43.0471 5888	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:02:43.0502 5888	MSKSSRV - ok
18:02:43.0502 5888	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:43.0533 5888	MSPCLOCK - ok
18:02:43.0533 5888	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:02:43.0564 5888	MSPQM - ok
18:02:43.0580 5888	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:02:43.0580 5888	MsRPC - ok
18:02:43.0595 5888	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:02:43.0595 5888	mssmbios - ok
18:02:43.0611 5888	MSSQL$MSSMLBIZ - ok
18:02:43.0611 5888	MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:02:43.0611 5888	MSSQLServerADHelper100 - ok
18:02:43.0627 5888	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:02:43.0642 5888	MSTEE - ok
18:02:43.0658 5888	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:02:43.0658 5888	MTConfig - ok
18:02:43.0658 5888	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:02:43.0673 5888	Mup - ok
18:02:43.0673 5888	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:02:43.0673 5888	mwlPSDFilter - ok
18:02:43.0689 5888	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:02:43.0689 5888	mwlPSDNServ - ok
18:02:43.0689 5888	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:02:43.0705 5888	mwlPSDVDisk - ok
18:02:43.0705 5888	MWLService      (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
18:02:43.0720 5888	MWLService - ok
18:02:43.0736 5888	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:02:43.0767 5888	napagent - ok
18:02:43.0767 5888	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:02:43.0783 5888	NativeWifiP - ok
18:02:43.0814 5888	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:02:43.0829 5888	NDIS - ok
18:02:43.0829 5888	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:02:43.0861 5888	NdisCap - ok
18:02:43.0861 5888	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:43.0892 5888	NdisTapi - ok
18:02:43.0892 5888	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:43.0923 5888	Ndisuio - ok
18:02:43.0923 5888	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:43.0954 5888	NdisWan - ok
18:02:43.0954 5888	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:02:43.0985 5888	NDProxy - ok
18:02:43.0985 5888	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:02:44.0017 5888	NetBIOS - ok
18:02:44.0032 5888	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:02:44.0063 5888	NetBT - ok
18:02:44.0063 5888	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:02:44.0079 5888	Netlogon - ok
18:02:44.0095 5888	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:02:44.0126 5888	Netman - ok
18:02:44.0141 5888	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:44.0141 5888	NetMsmqActivator - ok
18:02:44.0141 5888	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:44.0157 5888	NetPipeActivator - ok
18:02:44.0173 5888	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:02:44.0204 5888	netprofm - ok
18:02:44.0204 5888	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:44.0219 5888	NetTcpActivator - ok
18:02:44.0219 5888	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:44.0219 5888	NetTcpPortSharing - ok
18:02:44.0235 5888	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:02:44.0235 5888	nfrd960 - ok
18:02:44.0251 5888	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:02:44.0282 5888	NlaSvc - ok
18:02:44.0297 5888	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:02:44.0313 5888	Npfs - ok
18:02:44.0329 5888	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:02:44.0344 5888	nsi - ok
18:02:44.0360 5888	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:02:44.0375 5888	nsiproxy - ok
18:02:44.0438 5888	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:02:44.0469 5888	Ntfs - ok
18:02:44.0485 5888	NTI IScheduleSvc (6fd534ede2905d3c3257cfdd881f9705) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
18:02:44.0500 5888	NTI IScheduleSvc - ok
18:02:44.0500 5888	NTIBackupSvc    (28c59f594044cbf8598b18c927097091) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
18:02:44.0500 5888	NTIBackupSvc - ok
18:02:44.0547 5888	NTIDrvr         (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
18:02:44.0547 5888	NTIDrvr - ok
18:02:44.0563 5888	NTISchedulerSvc (b8d903b2894ff9afbd99ca51c35590d7) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
18:02:44.0563 5888	NTISchedulerSvc - ok
18:02:44.0563 5888	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:02:44.0594 5888	Null - ok
18:02:44.0609 5888	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:02:44.0625 5888	nvraid - ok
18:02:44.0625 5888	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:02:44.0641 5888	nvstor - ok
18:02:44.0641 5888	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:02:44.0656 5888	nv_agp - ok
18:02:44.0656 5888	ODDPwrSvc       (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
18:02:44.0672 5888	ODDPwrSvc - ok
18:02:44.0672 5888	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:02:44.0687 5888	ohci1394 - ok
18:02:44.0687 5888	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:44.0703 5888	ose - ok
18:02:44.0906 5888	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:02:44.0968 5888	osppsvc - ok
18:02:45.0015 5888	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:02:45.0015 5888	p2pimsvc - ok
18:02:45.0031 5888	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:02:45.0046 5888	p2psvc - ok
18:02:45.0062 5888	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:02:45.0077 5888	Parport - ok
18:02:45.0077 5888	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:02:45.0093 5888	partmgr - ok
18:02:45.0093 5888	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:02:45.0109 5888	PcaSvc - ok
18:02:45.0109 5888	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:02:45.0124 5888	pci - ok
18:02:45.0124 5888	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:02:45.0140 5888	pciide - ok
18:02:45.0140 5888	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:02:45.0155 5888	pcmcia - ok
18:02:45.0155 5888	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:02:45.0171 5888	pcw - ok
18:02:45.0187 5888	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:02:45.0218 5888	PEAUTH - ok
18:02:45.0265 5888	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:02:45.0280 5888	PerfHost - ok
18:02:45.0374 5888	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:02:45.0436 5888	pla - ok
18:02:45.0467 5888	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:02:45.0467 5888	PlugPlay - ok
18:02:45.0483 5888	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:02:45.0483 5888	PNRPAutoReg - ok
18:02:45.0499 5888	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:02:45.0514 5888	PNRPsvc - ok
18:02:45.0530 5888	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:02:45.0561 5888	PolicyAgent - ok
18:02:45.0577 5888	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:02:45.0608 5888	Power - ok
18:02:45.0608 5888	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:02:45.0639 5888	PptpMiniport - ok
18:02:45.0655 5888	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:02:45.0655 5888	Processor - ok
18:02:45.0670 5888	ProfSvc         (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
18:02:45.0686 5888	ProfSvc - ok
18:02:45.0686 5888	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:02:45.0701 5888	ProtectedStorage - ok
18:02:45.0701 5888	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:02:45.0733 5888	Psched - ok
18:02:45.0795 5888	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:02:45.0826 5888	ql2300 - ok
18:02:45.0857 5888	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:02:45.0889 5888	ql40xx - ok
18:02:45.0889 5888	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:02:45.0920 5888	QWAVE - ok
18:02:45.0920 5888	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:02:45.0951 5888	QWAVEdrv - ok
18:02:45.0951 5888	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:02:45.0982 5888	RasAcd - ok
18:02:45.0982 5888	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:02:46.0013 5888	RasAgileVpn - ok
18:02:46.0013 5888	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:02:46.0045 5888	RasAuto - ok
18:02:46.0045 5888	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:46.0076 5888	Rasl2tp - ok
18:02:46.0091 5888	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:02:46.0123 5888	RasMan - ok
18:02:46.0138 5888	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:46.0154 5888	RasPppoe - ok
18:02:46.0169 5888	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:02:46.0201 5888	RasSstp - ok
18:02:46.0216 5888	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:02:46.0232 5888	rdbss - ok
18:02:46.0247 5888	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:02:46.0247 5888	rdpbus - ok
18:02:46.0247 5888	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:46.0279 5888	RDPCDD - ok
18:02:46.0294 5888	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:02:46.0310 5888	RDPENCDD - ok
18:02:46.0325 5888	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:02:46.0341 5888	RDPREFMP - ok
18:02:46.0357 5888	RDPWD           (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:02:46.0372 5888	RDPWD - ok
18:02:46.0372 5888	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:02:46.0388 5888	rdyboost - ok
18:02:46.0388 5888	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:02:46.0419 5888	RemoteAccess - ok
18:02:46.0435 5888	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:02:46.0466 5888	RemoteRegistry - ok
18:02:46.0481 5888	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:02:46.0481 5888	RFCOMM - ok
18:02:46.0497 5888	RichVideo       (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
18:02:46.0513 5888	RichVideo ( UnsignedFile.Multi.Generic ) - warning
18:02:46.0513 5888	RichVideo - detected UnsignedFile.Multi.Generic (1)
18:02:46.0513 5888	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:02:46.0544 5888	RpcEptMapper - ok
18:02:46.0544 5888	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:02:46.0559 5888	RpcLocator - ok
18:02:46.0575 5888	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:02:46.0606 5888	RpcSs - ok
18:02:46.0606 5888	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:02:46.0637 5888	rspndr - ok
18:02:46.0653 5888	RS_Service      (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
18:02:46.0653 5888	RS_Service - ok
18:02:46.0669 5888	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:02:46.0669 5888	SamSs - ok
18:02:46.0684 5888	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:02:46.0684 5888	sbp2port - ok
18:02:46.0731 5888	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:02:46.0762 5888	SBSDWSCService - ok
18:02:46.0778 5888	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:02:46.0809 5888	SCardSvr - ok
18:02:46.0809 5888	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:02:46.0840 5888	scfilter - ok
18:02:46.0887 5888	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:02:46.0918 5888	Schedule - ok
18:02:46.0918 5888	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:02:46.0949 5888	SCPolicySvc - ok
18:02:46.0965 5888	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:02:46.0965 5888	SDRSVC - ok
18:02:46.0981 5888	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:02:46.0996 5888	secdrv - ok
18:02:47.0012 5888	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:02:47.0043 5888	seclogon - ok
18:02:47.0043 5888	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:02:47.0074 5888	SENS - ok
18:02:47.0074 5888	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:02:47.0090 5888	SensrSvc - ok
18:02:47.0090 5888	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:02:47.0090 5888	Serenum - ok
18:02:47.0105 5888	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:02:47.0105 5888	Serial - ok
18:02:47.0121 5888	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:02:47.0121 5888	sermouse - ok
18:02:47.0137 5888	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:02:47.0168 5888	SessionEnv - ok
18:02:47.0168 5888	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:02:47.0168 5888	sffdisk - ok
18:02:47.0168 5888	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:02:47.0183 5888	sffp_mmc - ok
18:02:47.0183 5888	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:02:47.0199 5888	sffp_sd - ok
18:02:47.0199 5888	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:02:47.0199 5888	sfloppy - ok
18:02:47.0215 5888	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:02:47.0246 5888	SharedAccess - ok
18:02:47.0261 5888	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:02:47.0277 5888	ShellHWDetection - ok
18:02:47.0277 5888	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:02:47.0293 5888	SiSRaid2 - ok
18:02:47.0293 5888	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:02:47.0308 5888	SiSRaid4 - ok
18:02:47.0308 5888	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:02:47.0339 5888	Smb - ok
18:02:47.0339 5888	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:02:47.0355 5888	SNMPTRAP - ok
18:02:47.0355 5888	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:02:47.0355 5888	spldr - ok
18:02:47.0386 5888	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:02:47.0402 5888	Spooler - ok
18:02:47.0527 5888	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:02:47.0558 5888	sppsvc - ok
18:02:47.0605 5888	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:02:47.0651 5888	sppuinotify - ok
18:02:47.0667 5888	SQLAgent$MSSMLBIZ (a892134c28777978ecde8283dc57ac0f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
18:02:47.0683 5888	SQLAgent$MSSMLBIZ - ok
18:02:47.0698 5888	SQLBrowser      (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:02:47.0698 5888	SQLBrowser - ok
18:02:47.0714 5888	SQLWriter       (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:02:47.0714 5888	SQLWriter - ok
18:02:47.0745 5888	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:02:47.0745 5888	srv - ok
18:02:47.0761 5888	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:02:47.0776 5888	srv2 - ok
18:02:47.0792 5888	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:02:47.0792 5888	srvnet - ok
18:02:47.0807 5888	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:02:47.0839 5888	SSDPSRV - ok
18:02:47.0839 5888	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:02:47.0870 5888	SstpSvc - ok
18:02:47.0870 5888	Steam Client Service - ok
18:02:47.0885 5888	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:02:47.0885 5888	stexstor - ok
18:02:47.0901 5888	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:02:47.0932 5888	stisvc - ok
18:02:47.0932 5888	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:02:47.0932 5888	swenum - ok
18:02:47.0963 5888	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:02:47.0995 5888	swprv - ok
18:02:48.0026 5888	SynTP           (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
18:02:48.0026 5888	SynTP - ok
18:02:48.0088 5888	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:02:48.0135 5888	SysMain - ok
18:02:48.0166 5888	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:02:48.0182 5888	TabletInputService - ok
18:02:48.0197 5888	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:02:48.0229 5888	TapiSrv - ok
18:02:48.0229 5888	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:02:48.0260 5888	TBS - ok
18:02:48.0338 5888	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:02:48.0369 5888	Tcpip - ok
18:02:48.0494 5888	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:02:48.0556 5888	TCPIP6 - ok
18:02:48.0587 5888	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:02:48.0619 5888	tcpipreg - ok
18:02:48.0634 5888	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:02:48.0634 5888	TDPIPE - ok
18:02:48.0634 5888	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:02:48.0650 5888	TDTCP - ok
18:02:48.0665 5888	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:02:48.0681 5888	tdx - ok
18:02:48.0697 5888	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:02:48.0697 5888	TermDD - ok
18:02:48.0728 5888	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:02:48.0759 5888	TermService - ok
18:02:48.0759 5888	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:02:48.0775 5888	Themes - ok
18:02:48.0775 5888	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:02:48.0806 5888	THREADORDER - ok
18:02:48.0806 5888	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:02:48.0837 5888	TrkWks - ok
18:02:48.0853 5888	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:02:48.0868 5888	TrustedInstaller - ok
18:02:48.0868 5888	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:48.0899 5888	tssecsrv - ok
18:02:48.0899 5888	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:02:48.0931 5888	tunnel - ok
18:02:48.0946 5888	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:02:48.0946 5888	uagp35 - ok
18:02:48.0946 5888	UBHelper        (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
18:02:48.0962 5888	UBHelper - ok
18:02:48.0977 5888	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:02:48.0993 5888	udfs - ok
18:02:49.0009 5888	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:02:49.0024 5888	UI0Detect - ok
18:02:49.0024 5888	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:02:49.0040 5888	uliagpkx - ok
18:02:49.0040 5888	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:02:49.0040 5888	umbus - ok
18:02:49.0055 5888	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:02:49.0055 5888	UmPass - ok
18:02:49.0149 5888	UNS             (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:02:49.0180 5888	UNS ( UnsignedFile.Multi.Generic ) - warning
18:02:49.0180 5888	UNS - detected UnsignedFile.Multi.Generic (1)
18:02:49.0196 5888	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:02:49.0196 5888	Updater Service - ok
18:02:49.0243 5888	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:02:49.0289 5888	upnphost - ok
18:02:49.0305 5888	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:49.0305 5888	usbccgp - ok
18:02:49.0321 5888	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:02:49.0336 5888	usbcir - ok
18:02:49.0336 5888	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
18:02:49.0352 5888	usbehci - ok
18:02:49.0367 5888	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
18:02:49.0367 5888	usbhub - ok
18:02:49.0383 5888	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
18:02:49.0383 5888	usbohci - ok
18:02:49.0399 5888	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:02:49.0399 5888	usbprint - ok
18:02:49.0414 5888	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:02:49.0414 5888	usbscan - ok
18:02:49.0430 5888	usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\DRIVERS\usbser.sys
18:02:49.0430 5888	usbser - ok
18:02:49.0445 5888	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:49.0445 5888	USBSTOR - ok
18:02:49.0445 5888	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
18:02:49.0461 5888	usbuhci - ok
18:02:49.0461 5888	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:02:49.0477 5888	usbvideo - ok
18:02:49.0477 5888	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:02:49.0508 5888	UxSms - ok
18:02:49.0508 5888	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:02:49.0523 5888	VaultSvc - ok
18:02:49.0523 5888	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:02:49.0539 5888	vdrvroot - ok
18:02:49.0555 5888	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:02:49.0570 5888	vds - ok
18:02:49.0570 5888	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:49.0586 5888	vga - ok
18:02:49.0586 5888	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:02:49.0617 5888	VgaSave - ok
18:02:49.0617 5888	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:02:49.0633 5888	vhdmp - ok
18:02:49.0633 5888	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:02:49.0648 5888	viaide - ok
18:02:49.0648 5888	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:02:49.0664 5888	volmgr - ok
18:02:49.0679 5888	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:02:49.0679 5888	volmgrx - ok
18:02:49.0695 5888	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:02:49.0711 5888	volsnap - ok
18:02:49.0726 5888	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:02:49.0726 5888	vsmraid - ok
18:02:49.0789 5888	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:02:49.0820 5888	VSS - ok
18:02:49.0867 5888	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:02:49.0882 5888	vwifibus - ok
18:02:49.0882 5888	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:02:49.0898 5888	vwififlt - ok
18:02:49.0898 5888	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:02:49.0913 5888	vwifimp - ok
18:02:49.0929 5888	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:02:49.0960 5888	W32Time - ok
18:02:49.0960 5888	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:02:49.0976 5888	WacomPen - ok
18:02:49.0976 5888	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:50.0007 5888	WANARP - ok
18:02:50.0007 5888	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:50.0038 5888	Wanarpv6 - ok
18:02:50.0085 5888	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:02:50.0101 5888	WatAdminSvc - ok
18:02:50.0163 5888	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:02:50.0194 5888	wbengine - ok
18:02:50.0241 5888	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:02:50.0257 5888	WbioSrvc - ok
18:02:50.0272 5888	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:02:50.0303 5888	wcncsvc - ok
18:02:50.0303 5888	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:02:50.0319 5888	WcsPlugInService - ok
18:02:50.0335 5888	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:02:50.0335 5888	Wd - ok
18:02:50.0366 5888	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:02:50.0381 5888	Wdf01000 - ok
18:02:50.0381 5888	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:02:50.0397 5888	WdiServiceHost - ok
18:02:50.0397 5888	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:02:50.0413 5888	WdiSystemHost - ok
18:02:50.0428 5888	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:02:50.0444 5888	WebClient - ok
18:02:50.0444 5888	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:02:50.0475 5888	Wecsvc - ok
18:02:50.0491 5888	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:02:50.0522 5888	wercplsupport - ok
18:02:50.0522 5888	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:02:50.0553 5888	WerSvc - ok
18:02:50.0569 5888	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:02:50.0584 5888	WfpLwf - ok
18:02:50.0600 5888	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:02:50.0600 5888	WIMMount - ok
18:02:50.0600 5888	WinDefend - ok
18:02:50.0615 5888	WinHttpAutoProxySvc - ok
18:02:50.0631 5888	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:02:50.0662 5888	Winmgmt - ok
18:02:50.0740 5888	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:02:50.0787 5888	WinRM - ok
18:02:50.0818 5888	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:02:50.0834 5888	WinUsb - ok
18:02:50.0865 5888	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:02:50.0896 5888	Wlansvc - ok
18:02:50.0990 5888	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:02:51.0037 5888	wlidsvc - ok
18:02:51.0068 5888	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:02:51.0083 5888	WmiAcpi - ok
18:02:51.0099 5888	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:02:51.0130 5888	wmiApSrv - ok
18:02:51.0130 5888	WMPNetworkSvc - ok
18:02:51.0130 5888	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:02:51.0146 5888	WPCSvc - ok
18:02:51.0146 5888	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:02:51.0161 5888	WPDBusEnum - ok
18:02:51.0161 5888	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:02:51.0193 5888	ws2ifsl - ok
18:02:51.0193 5888	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
18:02:51.0208 5888	wscsvc - ok
18:02:51.0208 5888	WSearch - ok
18:02:51.0333 5888	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:02:51.0364 5888	wuauserv - ok
18:02:51.0411 5888	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:02:51.0442 5888	WudfPf - ok
18:02:51.0458 5888	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:51.0489 5888	WUDFRd - ok
18:02:51.0505 5888	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:02:51.0520 5888	wudfsvc - ok
18:02:51.0536 5888	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:02:51.0551 5888	WwanSvc - ok
18:02:51.0551 5888	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:02:51.0676 5888	\Device\Harddisk0\DR0 - ok
18:02:51.0676 5888	Boot (0x1200)   (b7279def7f602e6f24c92cc907cf8027) \Device\Harddisk0\DR0\Partition0
18:02:51.0676 5888	\Device\Harddisk0\DR0\Partition0 - ok
18:02:51.0692 5888	Boot (0x1200)   (8ab561b5fe6b058703760c94a903f827) \Device\Harddisk0\DR0\Partition1
18:02:51.0692 5888	\Device\Harddisk0\DR0\Partition1 - ok
18:02:51.0692 5888	============================================================
18:02:51.0692 5888	Scan finished
18:02:51.0692 5888	============================================================
18:02:51.0707 2520	Detected object count: 3
18:02:51.0707 2520	Actual detected object count: 3
18:02:55.0295 2520	LMS ( UnsignedFile.Multi.Generic ) - skipped by user
18:02:55.0295 2520	LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:02:55.0295 2520	RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
18:02:55.0295 2520	RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:02:55.0295 2520	UNS ( UnsignedFile.Multi.Generic ) - skipped by user
18:02:55.0295 2520	UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:02:58.0634 3464	Deinitialize success
         

Antwort

Themen zu GVU-Trojaner eingefangen
eingefangen, gefangen, gen, gvu-trojaner, gvu-trojaner mit webcam, log-files, pc läuft, webcam, windows, windows 7




Ähnliche Themen: GVU-Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema GVU-Trojaner eingefangen - Hallo, auch ich habe mir den GVU-Trojaner mit Webcam eingefangen. Mein PC läuft unter Windows 7 64bit. Ich habe die beschriebenen Anweisungen durchgeführt. Die log-files sind im Anhang. Vielen Dank - GVU-Trojaner eingefangen...
Archiv
Du betrachtest: GVU-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.