Email Anhang mit TR/Matsnu.EB.132 geöffnet

trappy77 · 29.03.2013, 16:45

Hallo,
vor ein paar Tagen habe ich eine Email mit Anhang erhalten.
Ich habe den Anhang, glaube ich, nicht geöffnet... aber wohl gespeichert...

Nun befindet sich in meinem Download-Ordner ein ZIP-komprimierter Ordner: *** *** Letzte Mahnung.zip.
Mein Avira Anti Virus Programm heute bei der Systemprüfung einen Virus entdeckt (TR/Matsnu.EB.132), eben in dem Zip-Ordner.

Nun bin ich verunsichert. Kann ich den Ordner einfach löschen ???
(Tut mir leid, wenn das eine blöde Frage ist)

Vielen Dank für eure Hilfe !!! trappy77

Ergebnis Malwarebytes Anti-Malware: keine infizierten Objekte gefunden
Defogger (keine Fehlermeldung), OTL Logfile hab' ich, falls benötigt, GMER ist jedesmal abgestürzt/ Hängengeblieben (gmer_2.1.19155.exe funtioniert nicht mehr...)

cosinus · 30.03.2013, 16:50

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

trappy77 · 30.03.2013, 17:42

Hallo cosinus,
vielen Dank für deine Hilfe !

Habe OTL durchlaufen lassen und das kam raus:

Code:

ATTFilter

OTL logfile created on: 30.03.2013 17:36:19 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ATrapp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,31 Gb Available Physical Memory | 67,59% Memory free
15,71 Gb Paging File | 12,77 Gb Available in Paging File | 81,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,07 Gb Total Space | 507,39 Gb Free Space | 87,77% Space Free | Partition Type: NTFS
 
Computer Name: HECTOR | User Name: ATrapp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ATrapp\Downloads\OTL (3).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119586&tt=190313_wo3&babsrc=HP_ss&mntrId=AABEE4D53D97EDB2
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119586&tt=190313_wo3&babsrc=SP_ss&mntrId=AABEE4D53D97EDB2
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE498
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ATrapp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
[2013.03.28 14:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?affID=119586&tt=190313_wo3&babsrc=HP_ss&mntrId=AABEE4D53D97EDB2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\ATrapp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Beautiful landscape = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: TV = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Regen-Alarm Erweiterung = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd\1.2.10_0\
CHR - Extension: Google Mail = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B7F2F84-982A-49EA-9368-45FB5BC144D9}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{624FB92A-7788-462E-A2EF-F68E91815AD6}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.30 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1F432415-DF8D-4EF0-8B89-84598ED51642}
[2013.03.30 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{6B32A625-F331-4DCF-81A6-96E44B4781D3}
[2013.03.29 15:51:59 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{C09A33BC-3057-4920-A3AE-CAA89A21453C}
[2013.03.29 15:31:49 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\ElevatedDiagnostics
[2013.03.28 19:53:48 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\EgisTec
[2013.03.28 18:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.28 18:16:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.28 18:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.28 18:15:58 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\Programs
[2013.03.28 15:14:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.28 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2013.03.28 14:37:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.28 14:37:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.28 14:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.28 14:35:49 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Roaming\Babylon
[2013.03.28 14:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.03.28 14:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013.03.28 12:55:31 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{D4FEEE79-1748-44AA-9001-8F1D20D92049}
[2013.03.27 19:01:09 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{23FAB1F4-1530-4A56-8DD8-2E6F4B9FC846}
[2013.03.24 20:10:37 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{9EAED7B0-4AD4-4E5F-BC2C-2A124381E48B}
[2013.03.24 18:58:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.23 15:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer
[2013.03.23 13:13:54 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{B983DDA7-9B24-476E-9140-258616A95B0A}
[2013.03.22 09:48:26 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{03FD578E-5F4B-4F1E-83BB-5BFE3E377894}
[2013.03.21 18:47:34 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Roaming\Apple Computer
[2013.03.21 18:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.03.21 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\Apple
[2013.03.21 18:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.03.21 14:03:22 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.21 14:03:22 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.21 14:03:22 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.21 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{91A706EA-9C4F-4573-9E95-8856C730B38D}
[2013.03.20 08:32:06 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{FB74855F-ACD5-4EF9-A33E-C455CFBDCCBB}
[2013.03.19 10:53:20 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{DD82FC7C-C184-4515-B4ED-2AB9C499BBBD}
[2013.03.18 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{0799AAFE-9E36-46B1-AC82-812CAF82E773}
[2013.03.18 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{2A708C2D-E9C9-45D7-AEFA-6EAECA852110}
[2013.03.17 20:21:41 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{BD2D3ED3-4EAE-426D-A09B-76C3C4A8625E}
[2013.03.16 14:14:27 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{DE3CEEA9-4B23-4964-95EA-036FAD698DF9}
[2013.03.15 15:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
[2013.03.15 14:30:20 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{BAFA2932-CACB-4997-A003-E4D9F70D2631}
[2013.03.14 12:50:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 12:50:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 12:50:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 12:50:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 12:50:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 12:50:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 12:50:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 12:50:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 12:50:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 12:50:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 12:50:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 12:50:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 12:50:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 12:50:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 12:50:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.14 12:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.14 12:48:52 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{427996F8-1D73-4FFB-BF08-7546B4F8D23C}
[2013.03.13 09:04:08 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{85181650-6C8D-46F6-A917-8D535B90021F}
[2013.03.12 15:26:12 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{87223B63-9E99-43F7-AE6F-0E0F21E32CA3}
[2013.03.12 10:22:51 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{F9D5C751-2A67-4D1A-B33B-30301D34BC34}
[2013.03.11 13:51:42 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{49B3F5B5-CADF-4C09-AE05-FEDEB0600925}
[2013.03.10 14:23:38 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{509FF94D-9D1F-4E9E-A4E4-1947978BEDD5}
[2013.03.09 09:26:53 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{5E3403BC-6FF1-4293-AF68-26436CBA1245}
[2013.03.08 08:52:35 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.08 08:52:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.08 08:52:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.08 08:52:26 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.08 08:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.08 08:51:33 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1D05139B-62C3-4BC2-85C7-7CA32C30F1EF}
[2013.03.07 09:57:14 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{EFBDA019-D942-49A2-BE61-25A21E9F1E41}
[2013.03.06 09:28:57 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1417AF73-7669-40F3-8A99-4FD970DB4AE2}
[2013.03.05 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{E7EE95E4-BF3F-4401-A3FC-BEE3E28921C1}
[2013.03.05 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{CC129056-5278-4943-8808-D9051290592C}
[2013.03.04 09:10:33 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{023EB115-8547-4D21-9D6B-11A3056E0CC4}
[2013.03.03 14:33:14 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{DC2C11BB-5641-4FEC-B86E-0967762F0DEB}
[2013.03.02 10:33:35 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1BD17CE0-A832-4ADE-87B0-B1E130D9954F}
[2013.03.01 09:15:35 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{53721D83-D97D-4567-9FD5-4571E202FBD9}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.30 17:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 17:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.30 13:54:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.30 13:13:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.30 12:09:07 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 12:09:07 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 15:05:29 | 000,000,000 | ---- | M] () -- C:\Users\ATrapp\defogger_reenable
[2013.03.28 18:59:47 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.28 15:10:34 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.28 14:27:03 | 000,000,000 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9P.dll
[2013.03.28 14:00:41 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013.03.21 14:03:09 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.21 14:03:09 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.21 14:03:09 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.13 12:03:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 12:03:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.08 08:52:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.08 08:52:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.08 08:52:22 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.08 08:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.08 08:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.08 08:52:22 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.29 15:05:29 | 000,000,000 | ---- | C] () -- C:\Users\ATrapp\defogger_reenable
[2013.03.28 18:16:27 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.28 14:27:03 | 000,000,000 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9P.dll
[2013.03.28 14:00:41 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.09.19 10:55:51 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.09.10 18:31:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.07.29 16:09:16 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini
[2012.06.03 10:53:09 | 000,010,455 | ---- | C] () -- C:\Users\ATrapp\AnjaKurt_elster_2048.pfx
[2012.02.07 21:41:31 | 000,000,094 | ---- | C] () -- C:\Users\ATrapp\AppData\Local\fusioncache.dat
[2012.01.21 12:06:12 | 001,555,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.18 19:32:13 | 000,027,081 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.14 04:57:35 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.14 04:57:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.14 04:57:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.14 04:57:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.14 04:57:30 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:01690B01
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:80F63EC3
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:67310058
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:EB333CFC
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:957E9765
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:F7F6E6CB
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:159A493A
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:15752405
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:B6DD2C7E
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4c.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4b.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4a.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E265ED33
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:7BFFC6A9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D4B733E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:53BA2DF6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:244E4E3A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1CD511E5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:00D99749
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:952245B1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0EC7A545
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:834DD57E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:94A31742
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:5ECEFF17
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:164561C8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A798AA1A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:80253E8D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5FC043A8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:7D288858
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EAF3ADF5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4C71A42B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1224B4C3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EB68CA55
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B8EB1B99
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6DD124E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1E942FB9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E402E439
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D6D084A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DCA79AB3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:762408BA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:EE2DD6CC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:18E3BAF3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EE69D7DF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9C7A32BB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:32EA849C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:97AAB7F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6DDFD746
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5520ED93
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:927EC486
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C22674B6

< End of report >

Es ging nur 1 Fenster auf, hoffe das ist alles richtig...

cosinus · 30.03.2013, 17:44

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

trappy77 · 30.03.2013, 19:03

Sooo...

GMER funktioniert nach wie vor nicht im normalen Modus. Im abgesicherten Modus lief es durch, mit dem Ergebnis "hasn't found any modification". Das Logfile ist leer.

MBar ist auch durchgelaufen. Der Scan endet mit dem Ergebnis "Scan finished. No malware found". Ein Neustart wurde nicht gefordert.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.03.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ATrapp :: HECTOR [administrator]

30.03.2013 18:55:04
mbar-log-2013-03-30 (18-55-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29783
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Der Zip-Ordner "Letzte Mahnung" steht immer noch in meinen Downloads... kann ich den löschen?

cosinus · 30.03.2013, 19:10

Ja bitte löschen!

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

trappy77 · 30.03.2013, 19:56

Hier die beiden Logfiles:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-30 19:18:18
-----------------------------
19:18:18.028    OS Version: Windows x64 6.1.7601 Service Pack 1
19:18:18.028    Number of processors: 4 586 0x2A07
19:18:18.029    ComputerName: HECTOR  UserName: ATrapp
19:18:19.504    Initialize success
19:24:10.971    AVAST engine defs: 13033000
19:24:30.042    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:24:30.048    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
19:24:30.165    Disk 0 MBR read successfully
19:24:30.170    Disk 0 MBR scan
19:24:30.183    Disk 0 Windows 7 default MBR code
19:24:30.190    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18432 MB offset 2048
19:24:30.218    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 37750784
19:24:30.226    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       591946 MB offset 37955584
19:24:30.298    Disk 0 scanning C:\Windows\system32\drivers
19:24:39.616    Service scanning
19:25:03.303    Modules scanning
19:25:03.320    Disk 0 trace - called modules:
19:25:03.340    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
19:25:03.351    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a5fc060]
19:25:03.360    3 CLASSPNP.SYS[fffff88001c3e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007db3050]
19:25:05.088    AVAST engine scan C:\Windows
19:25:08.003    AVAST engine scan C:\Windows\system32
19:28:11.919    AVAST engine scan C:\Windows\system32\drivers
19:28:23.841    AVAST engine scan C:\Users\ATrapp
19:32:35.555    AVAST engine scan C:\ProgramData
19:34:04.152    Scan finished successfully
19:48:13.337    Disk 0 MBR has been saved successfully to "C:\Users\ATrapp\Desktop\MBR.dat"
19:48:13.341    The log file has been saved successfully to "C:\Users\ATrapp\Desktop\aswMBR.txt"

Code:

ATTFilter

19:51:44.0733 3316  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:51:44.0835 3316  ============================================================
19:51:44.0835 3316  Current date / time: 2013/03/30 19:51:44.0835
19:51:44.0835 3316  SystemInfo:
19:51:44.0835 3316  
19:51:44.0835 3316  OS Version: 6.1.7601 ServicePack: 1.0
19:51:44.0835 3316  Product type: Workstation
19:51:44.0835 3316  ComputerName: HECTOR
19:51:44.0835 3316  UserName: ATrapp
19:51:44.0835 3316  Windows directory: C:\Windows
19:51:44.0835 3316  System windows directory: C:\Windows
19:51:44.0836 3316  Running under WOW64
19:51:44.0836 3316  Processor architecture: Intel x64
19:51:44.0836 3316  Number of processors: 4
19:51:44.0836 3316  Page size: 0x1000
19:51:44.0836 3316  Boot type: Normal boot
19:51:44.0836 3316  ============================================================
19:51:45.0177 3316  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:51:45.0180 3316  ============================================================
19:51:45.0180 3316  \Device\Harddisk0\DR0:
19:51:45.0180 3316  MBR partitions:
19:51:45.0180 3316  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
19:51:45.0180 3316  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x48425000
19:51:45.0180 3316  ============================================================
19:51:45.0202 3316  C: <-> \Device\Harddisk0\DR0\Partition2
19:51:45.0202 3316  ============================================================
19:51:45.0202 3316  Initialize success
19:51:45.0202 3316  ============================================================
19:52:32.0843 3096  ============================================================
19:52:32.0843 3096  Scan started
19:52:32.0843 3096  Mode: Manual; SigCheck; TDLFS; 
19:52:32.0843 3096  ============================================================
19:52:33.0102 3096  ================ Scan system memory ========================
19:52:33.0102 3096  System memory - ok
19:52:33.0103 3096  ================ Scan services =============================
19:52:33.0345 3096  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:52:33.0459 3096  1394ohci - ok
19:52:33.0489 3096  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:52:33.0502 3096  ACPI - ok
19:52:33.0515 3096  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:52:33.0618 3096  AcpiPmi - ok
19:52:33.0697 3096  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:52:33.0725 3096  AdobeARMservice - ok
19:52:33.0898 3096  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:52:33.0925 3096  AdobeFlashPlayerUpdateSvc - ok
19:52:33.0972 3096  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:52:33.0997 3096  adp94xx - ok
19:52:34.0052 3096  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:52:34.0081 3096  adpahci - ok
19:52:34.0105 3096  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:52:34.0118 3096  adpu320 - ok
19:52:34.0146 3096  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:52:34.0334 3096  AeLookupSvc - ok
19:52:34.0373 3096  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:52:34.0424 3096  AFD - ok
19:52:34.0454 3096  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:52:34.0472 3096  agp440 - ok
19:52:34.0488 3096  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:52:34.0553 3096  ALG - ok
19:52:34.0596 3096  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:52:34.0614 3096  aliide - ok
19:52:34.0618 3096  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:52:34.0633 3096  amdide - ok
19:52:34.0648 3096  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:52:34.0659 3096  AmdK8 - ok
19:52:34.0662 3096  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:52:34.0713 3096  AmdPPM - ok
19:52:34.0756 3096  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:52:34.0780 3096  amdsata - ok
19:52:34.0803 3096  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:52:34.0814 3096  amdsbs - ok
19:52:34.0831 3096  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:52:34.0839 3096  amdxata - ok
19:52:34.0935 3096  [ 76544F01FA0D79CE6F525B6EB475BEF9 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
19:52:34.0966 3096  AntiVirMailService - ok
19:52:35.0003 3096  [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:52:35.0027 3096  AntiVirSchedulerService - ok
19:52:35.0075 3096  [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:52:35.0096 3096  AntiVirService - ok
19:52:35.0147 3096  [ 932B178CF3840CFC8B0051523F657A8A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:52:35.0195 3096  AntiVirWebService - ok
19:52:35.0220 3096  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:52:35.0442 3096  AppID - ok
19:52:35.0463 3096  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:52:35.0528 3096  AppIDSvc - ok
19:52:35.0552 3096  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:52:35.0626 3096  Appinfo - ok
19:52:35.0661 3096  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:52:35.0669 3096  arc - ok
19:52:35.0682 3096  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:52:35.0692 3096  arcsas - ok
19:52:35.0718 3096  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:52:35.0766 3096  AsyncMac - ok
19:52:35.0805 3096  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:52:35.0826 3096  atapi - ok
19:52:35.0928 3096  [ 956BC6EB96AA09478BD897AF8DF55A62 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:52:36.0077 3096  athr - ok
19:52:36.0134 3096  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:52:36.0179 3096  AudioEndpointBuilder - ok
19:52:36.0188 3096  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:52:36.0217 3096  AudioSrv - ok
19:52:36.0249 3096  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:52:36.0261 3096  avgntflt - ok
19:52:36.0306 3096  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:52:36.0314 3096  avipbb - ok
19:52:36.0343 3096  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:52:36.0357 3096  avkmgr - ok
19:52:36.0381 3096  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:52:36.0488 3096  AxInstSV - ok
19:52:36.0532 3096  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:52:36.0580 3096  b06bdrv - ok
19:52:36.0623 3096  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:52:36.0653 3096  b57nd60a - ok
19:52:36.0692 3096  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
19:52:36.0703 3096  b57xdbd - ok
19:52:36.0719 3096  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
19:52:36.0728 3096  b57xdmp - ok
19:52:36.0768 3096  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:52:36.0812 3096  BDESVC - ok
19:52:36.0867 3096  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:52:36.0968 3096  Beep - ok
19:52:37.0026 3096  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:52:37.0126 3096  BFE - ok
19:52:37.0177 3096  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:52:37.0289 3096  BITS - ok
19:52:37.0336 3096  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:52:37.0386 3096  blbdrive - ok
19:52:37.0410 3096  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:52:37.0467 3096  bowser - ok
19:52:37.0487 3096  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:52:37.0535 3096  BrFiltLo - ok
19:52:37.0561 3096  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:52:37.0574 3096  BrFiltUp - ok
19:52:37.0611 3096  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:52:37.0641 3096  Browser - ok
19:52:37.0658 3096  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:52:37.0712 3096  Brserid - ok
19:52:37.0744 3096  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:52:37.0796 3096  BrSerWdm - ok
19:52:37.0821 3096  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:52:37.0873 3096  BrUsbMdm - ok
19:52:37.0878 3096  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:52:37.0899 3096  BrUsbSer - ok
19:52:37.0938 3096  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
19:52:37.0960 3096  bScsiMSa - ok
19:52:37.0998 3096  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
19:52:38.0012 3096  bScsiSDa - ok
19:52:38.0030 3096  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:52:38.0075 3096  BTHMODEM - ok
19:52:38.0129 3096  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:52:38.0195 3096  bthserv - ok
19:52:38.0208 3096  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:52:38.0287 3096  cdfs - ok
19:52:38.0320 3096  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:52:38.0360 3096  cdrom - ok
19:52:38.0399 3096  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:52:38.0479 3096  CertPropSvc - ok
19:52:38.0511 3096  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:52:38.0566 3096  circlass - ok
19:52:38.0604 3096  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:52:38.0635 3096  CLFS - ok
19:52:38.0693 3096  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:52:38.0717 3096  clr_optimization_v2.0.50727_32 - ok
19:52:38.0752 3096  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:52:38.0764 3096  clr_optimization_v2.0.50727_64 - ok
19:52:38.0864 3096  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:52:38.0893 3096  clr_optimization_v4.0.30319_32 - ok
19:52:38.0937 3096  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:52:38.0961 3096  clr_optimization_v4.0.30319_64 - ok
19:52:38.0993 3096  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:52:39.0026 3096  CmBatt - ok
19:52:39.0047 3096  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:52:39.0062 3096  cmdide - ok
19:52:39.0121 3096  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:52:39.0160 3096  CNG - ok
19:52:39.0198 3096  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:52:39.0224 3096  Compbatt - ok
19:52:39.0235 3096  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:52:39.0267 3096  CompositeBus - ok
19:52:39.0288 3096  COMSysApp - ok
19:52:39.0292 3096  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:52:39.0303 3096  crcdisk - ok
19:52:39.0330 3096  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:52:39.0363 3096  CryptSvc - ok
19:52:39.0470 3096  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:52:39.0510 3096  cvhsvc - ok
19:52:39.0546 3096  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:52:39.0597 3096  DcomLaunch - ok
19:52:39.0636 3096  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:52:39.0681 3096  defragsvc - ok
19:52:39.0729 3096  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:52:39.0811 3096  DfsC - ok
19:52:39.0849 3096  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:52:39.0894 3096  Dhcp - ok
19:52:39.0922 3096  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:52:39.0955 3096  discache - ok
19:52:39.0985 3096  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:52:39.0992 3096  Disk - ok
19:52:40.0009 3096  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:52:40.0053 3096  Dnscache - ok
19:52:40.0081 3096  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:52:40.0160 3096  dot3svc - ok
19:52:40.0182 3096  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:52:40.0255 3096  DPS - ok
19:52:40.0311 3096  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:52:40.0367 3096  drmkaud - ok
19:52:40.0466 3096  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:52:40.0491 3096  DsiWMIService - ok
19:52:40.0515 3096  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:52:40.0549 3096  DXGKrnl - ok
19:52:40.0576 3096  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:52:40.0622 3096  EapHost - ok
19:52:40.0730 3096  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:52:40.0882 3096  ebdrv - ok
19:52:40.0918 3096  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:52:40.0966 3096  EFS - ok
19:52:41.0042 3096  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:52:41.0143 3096  ehRecvr - ok
19:52:41.0177 3096  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:52:41.0207 3096  ehSched - ok
19:52:41.0262 3096  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:52:41.0277 3096  elxstor - ok
19:52:41.0365 3096  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:52:41.0427 3096  ePowerSvc - ok
19:52:41.0445 3096  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:52:41.0477 3096  ErrDev - ok
19:52:41.0541 3096  [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
19:52:41.0568 3096  ETD - ok
19:52:41.0607 3096  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:52:41.0666 3096  EventSystem - ok
19:52:41.0706 3096  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:52:41.0735 3096  exfat - ok
19:52:41.0768 3096  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:52:41.0845 3096  fastfat - ok
19:52:41.0893 3096  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:52:41.0940 3096  Fax - ok
19:52:41.0975 3096  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:52:42.0012 3096  fdc - ok
19:52:42.0055 3096  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:52:42.0111 3096  fdPHost - ok
19:52:42.0118 3096  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:52:42.0145 3096  FDResPub - ok
19:52:42.0170 3096  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:52:42.0178 3096  FileInfo - ok
19:52:42.0187 3096  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:52:42.0233 3096  Filetrace - ok
19:52:42.0274 3096  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:52:42.0291 3096  FLEXnet Licensing Service - ok
19:52:42.0299 3096  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:52:42.0308 3096  flpydisk - ok
19:52:42.0323 3096  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:52:42.0334 3096  FltMgr - ok
19:52:42.0392 3096  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:52:42.0452 3096  FontCache - ok
19:52:42.0506 3096  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:52:42.0528 3096  FontCache3.0.0.0 - ok
19:52:42.0543 3096  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:52:42.0559 3096  FsDepends - ok
19:52:42.0588 3096  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:52:42.0600 3096  Fs_Rec - ok
19:52:42.0638 3096  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:52:42.0657 3096  fvevol - ok
19:52:42.0683 3096  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:52:42.0695 3096  gagp30kx - ok
19:52:42.0762 3096  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:52:42.0791 3096  GamesAppService - ok
19:52:42.0847 3096  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:52:42.0928 3096  gpsvc - ok
19:52:42.0962 3096  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:52:42.0969 3096  GREGService - ok
19:52:43.0031 3096  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:43.0052 3096  gupdate - ok
19:52:43.0064 3096  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:52:43.0073 3096  gupdatem - ok
19:52:43.0110 3096  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:52:43.0150 3096  hcw85cir - ok
19:52:43.0182 3096  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:52:43.0228 3096  HdAudAddService - ok
19:52:43.0267 3096  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:52:43.0310 3096  HDAudBus - ok
19:52:43.0332 3096  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:52:43.0364 3096  HidBatt - ok
19:52:43.0392 3096  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:52:43.0429 3096  HidBth - ok
19:52:43.0457 3096  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:52:43.0476 3096  HidIr - ok
19:52:43.0503 3096  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:52:43.0588 3096  hidserv - ok
19:52:43.0626 3096  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:52:43.0638 3096  HidUsb - ok
19:52:43.0663 3096  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:52:43.0757 3096  hkmsvc - ok
19:52:43.0783 3096  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:52:43.0814 3096  HomeGroupListener - ok
19:52:43.0844 3096  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:52:43.0896 3096  HomeGroupProvider - ok
19:52:43.0928 3096  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:52:43.0937 3096  HpSAMD - ok
19:52:43.0969 3096  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:52:44.0024 3096  HTTP - ok
19:52:44.0049 3096  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:52:44.0056 3096  hwpolicy - ok
19:52:44.0066 3096  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:52:44.0076 3096  i8042prt - ok
19:52:44.0104 3096  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
19:52:44.0116 3096  iaStor - ok
19:52:44.0165 3096  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:52:44.0172 3096  IAStorDataMgrSvc - ok
19:52:44.0198 3096  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:52:44.0213 3096  iaStorV - ok
19:52:44.0315 3096  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:52:44.0389 3096  idsvc - ok
19:52:44.0638 3096  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:52:44.0986 3096  igfx - ok
19:52:45.0025 3096  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:52:45.0041 3096  iirsp - ok
19:52:45.0092 3096  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:52:45.0215 3096  IKEEXT - ok
19:52:45.0334 3096  [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:52:45.0439 3096  IntcAzAudAddService - ok
19:52:45.0484 3096  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:52:45.0509 3096  IntcDAud - ok
19:52:45.0528 3096  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:52:45.0535 3096  intelide - ok
19:52:45.0577 3096  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:52:45.0618 3096  intelppm - ok
19:52:45.0677 3096  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:52:45.0757 3096  IPBusEnum - ok
19:52:45.0791 3096  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:52:45.0860 3096  IpFilterDriver - ok
19:52:45.0926 3096  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:52:45.0970 3096  iphlpsvc - ok
19:52:45.0974 3096  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:52:45.0988 3096  IPMIDRV - ok
19:52:46.0005 3096  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:52:46.0060 3096  IPNAT - ok
19:52:46.0089 3096  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:52:46.0102 3096  IRENUM - ok
19:52:46.0109 3096  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:52:46.0116 3096  isapnp - ok
19:52:46.0132 3096  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:52:46.0143 3096  iScsiPrt - ok
19:52:46.0175 3096  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
19:52:46.0188 3096  k57nd60a - ok
19:52:46.0205 3096  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:52:46.0213 3096  kbdclass - ok
19:52:46.0230 3096  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:52:46.0276 3096  kbdhid - ok
19:52:46.0330 3096  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:52:46.0356 3096  KeyIso - ok
19:52:46.0386 3096  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:52:46.0395 3096  KSecDD - ok
19:52:46.0406 3096  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:52:46.0416 3096  KSecPkg - ok
19:52:46.0425 3096  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:52:46.0495 3096  ksthunk - ok
19:52:46.0539 3096  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:52:46.0585 3096  KtmRm - ok
19:52:46.0640 3096  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:52:46.0735 3096  LanmanServer - ok
19:52:46.0792 3096  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:52:46.0883 3096  LanmanWorkstation - ok
19:52:46.0981 3096  [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:52:47.0004 3096  Live Updater Service - ok
19:52:47.0037 3096  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:52:47.0097 3096  lltdio - ok
19:52:47.0128 3096  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:52:47.0157 3096  lltdsvc - ok
19:52:47.0174 3096  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:52:47.0217 3096  lmhosts - ok
19:52:47.0281 3096  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:52:47.0307 3096  LMS - ok
19:52:47.0352 3096  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:52:47.0369 3096  LSI_FC - ok
19:52:47.0386 3096  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:52:47.0396 3096  LSI_SAS - ok
19:52:47.0400 3096  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:52:47.0410 3096  LSI_SAS2 - ok
19:52:47.0421 3096  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:52:47.0429 3096  LSI_SCSI - ok
19:52:47.0445 3096  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:52:47.0488 3096  luafv - ok
19:52:47.0601 3096  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
19:52:47.0630 3096  McComponentHostService - ok
19:52:47.0647 3096  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:52:47.0685 3096  Mcx2Svc - ok
19:52:47.0704 3096  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:52:47.0715 3096  megasas - ok
19:52:47.0750 3096  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:52:47.0783 3096  MegaSR - ok
19:52:47.0824 3096  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:52:47.0835 3096  MEIx64 - ok
19:52:47.0850 3096  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:52:47.0911 3096  MMCSS - ok
19:52:47.0936 3096  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:52:48.0015 3096  Modem - ok
19:52:48.0036 3096  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:52:48.0077 3096  monitor - ok
19:52:48.0105 3096  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:52:48.0124 3096  mouclass - ok
19:52:48.0138 3096  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:52:48.0184 3096  mouhid - ok
19:52:48.0218 3096  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:52:48.0230 3096  mountmgr - ok
19:52:48.0242 3096  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:52:48.0255 3096  mpio - ok
19:52:48.0269 3096  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:52:48.0295 3096  mpsdrv - ok
19:52:48.0327 3096  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:52:48.0381 3096  MpsSvc - ok
19:52:48.0402 3096  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:52:48.0431 3096  MRxDAV - ok
19:52:48.0450 3096  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:48.0524 3096  mrxsmb - ok
19:52:48.0551 3096  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:48.0573 3096  mrxsmb10 - ok
19:52:48.0587 3096  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:48.0596 3096  mrxsmb20 - ok
19:52:48.0611 3096  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:52:48.0619 3096  msahci - ok
19:52:48.0638 3096  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:52:48.0646 3096  msdsm - ok
19:52:48.0667 3096  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:52:48.0678 3096  MSDTC - ok
19:52:48.0704 3096  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:52:48.0729 3096  Msfs - ok
19:52:48.0745 3096  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:52:48.0819 3096  mshidkmdf - ok
19:52:48.0837 3096  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:52:48.0844 3096  msisadrv - ok
19:52:48.0874 3096  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:52:48.0944 3096  MSiSCSI - ok
19:52:48.0947 3096  msiserver - ok
19:52:48.0983 3096  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:52:49.0051 3096  MSKSSRV - ok
19:52:49.0069 3096  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:49.0114 3096  MSPCLOCK - ok
19:52:49.0117 3096  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:52:49.0152 3096  MSPQM - ok
19:52:49.0180 3096  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:52:49.0192 3096  MsRPC - ok
19:52:49.0210 3096  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:52:49.0217 3096  mssmbios - ok
19:52:49.0228 3096  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:52:49.0291 3096  MSTEE - ok
19:52:49.0317 3096  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:52:49.0326 3096  MTConfig - ok
19:52:49.0339 3096  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:52:49.0348 3096  Mup - ok
19:52:49.0372 3096  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:52:49.0423 3096  napagent - ok
19:52:49.0483 3096  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:52:49.0549 3096  NativeWifiP - ok
19:52:49.0599 3096  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:52:49.0628 3096  NDIS - ok
19:52:49.0650 3096  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:52:49.0677 3096  NdisCap - ok
19:52:49.0695 3096  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:49.0721 3096  NdisTapi - ok
19:52:49.0733 3096  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:49.0772 3096  Ndisuio - ok
19:52:49.0793 3096  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:49.0872 3096  NdisWan - ok
19:52:49.0909 3096  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:52:49.0990 3096  NDProxy - ok
19:52:50.0028 3096  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:52:50.0106 3096  NetBIOS - ok
19:52:50.0128 3096  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:52:50.0154 3096  NetBT - ok
19:52:50.0174 3096  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:52:50.0182 3096  Netlogon - ok
19:52:50.0224 3096  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:52:50.0278 3096  Netman - ok
19:52:50.0306 3096  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:52:50.0354 3096  netprofm - ok
19:52:50.0380 3096  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:52:50.0392 3096  NetTcpPortSharing - ok
19:52:50.0430 3096  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:52:50.0450 3096  nfrd960 - ok
19:52:50.0479 3096  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:52:50.0517 3096  NlaSvc - ok
19:52:50.0541 3096  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:52:50.0589 3096  Npfs - ok
19:52:50.0625 3096  npggsvc - ok
19:52:50.0657 3096  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:52:50.0705 3096  nsi - ok
19:52:50.0722 3096  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:52:50.0764 3096  nsiproxy - ok
19:52:50.0854 3096  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:52:50.0910 3096  Ntfs - ok
19:52:50.0965 3096  [ 1873214666F6F0A883742DF91FBC48C9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:52:50.0990 3096  NTI IScheduleSvc - ok
19:52:51.0017 3096  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
19:52:51.0027 3096  NTIDrvr - ok
19:52:51.0037 3096  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:52:51.0064 3096  Null - ok
19:52:51.0331 3096  [ E97E8C80793EF12C994607CA5645799A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:52:51.0666 3096  nvlddmkm - ok
19:52:51.0687 3096  [ 50612BD6943B9CB20008E9E241DC8B7D ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:52:51.0694 3096  nvpciflt - ok
19:52:51.0719 3096  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:52:51.0729 3096  nvraid - ok
19:52:51.0743 3096  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:52:51.0754 3096  nvstor - ok
19:52:51.0821 3096  [ F355C26FDE46EDB911E3E3D749E985AE ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:52:51.0904 3096  nvsvc - ok
19:52:51.0995 3096  [ 03AA7307C0D92D38D7AF90E181736B8D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:52:52.0071 3096  nvUpdatusService - ok
19:52:52.0094 3096  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:52:52.0101 3096  nv_agp - ok
19:52:52.0117 3096  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:52:52.0141 3096  ohci1394 - ok
19:52:52.0216 3096  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:52:52.0244 3096  ose - ok
19:52:52.0432 3096  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:52:52.0584 3096  osppsvc - ok
19:52:52.0621 3096  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:52:52.0659 3096  p2pimsvc - ok
19:52:52.0696 3096  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:52:52.0732 3096  p2psvc - ok
19:52:52.0755 3096  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:52:52.0770 3096  Parport - ok
19:52:52.0805 3096  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:52:52.0813 3096  partmgr - ok
19:52:52.0823 3096  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:52:52.0860 3096  PcaSvc - ok
19:52:52.0888 3096  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:52:52.0898 3096  pci - ok
19:52:52.0919 3096  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:52:52.0926 3096  pciide - ok
19:52:52.0944 3096  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:52:52.0954 3096  pcmcia - ok
19:52:52.0964 3096  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:52:52.0972 3096  pcw - ok
19:52:52.0994 3096  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:52:53.0044 3096  PEAUTH - ok
19:52:53.0154 3096  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:52:53.0205 3096  PerfHost - ok
19:52:53.0279 3096  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:52:53.0394 3096  pla - ok
19:52:53.0443 3096  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:52:53.0479 3096  PlugPlay - ok
19:52:53.0506 3096  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:52:53.0550 3096  PNRPAutoReg - ok
19:52:53.0578 3096  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:52:53.0600 3096  PNRPsvc - ok
19:52:53.0635 3096  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:52:53.0686 3096  PolicyAgent - ok
19:52:53.0722 3096  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:52:53.0813 3096  Power - ok
19:52:53.0863 3096  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:52:53.0942 3096  PptpMiniport - ok
19:52:53.0972 3096  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:52:54.0012 3096  Processor - ok
19:52:54.0044 3096  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:52:54.0063 3096  ProfSvc - ok
19:52:54.0074 3096  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:52:54.0084 3096  ProtectedStorage - ok
19:52:54.0102 3096  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:52:54.0147 3096  Psched - ok
19:52:54.0200 3096  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:52:54.0271 3096  ql2300 - ok
19:52:54.0281 3096  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:52:54.0291 3096  ql40xx - ok
19:52:54.0312 3096  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:52:54.0330 3096  QWAVE - ok
19:52:54.0343 3096  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:52:54.0379 3096  QWAVEdrv - ok
19:52:54.0404 3096  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:52:54.0434 3096  RasAcd - ok
19:52:54.0473 3096  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:52:54.0531 3096  RasAgileVpn - ok
19:52:54.0551 3096  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:52:54.0594 3096  RasAuto - ok
19:52:54.0615 3096  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:54.0660 3096  Rasl2tp - ok
19:52:54.0688 3096  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:52:54.0739 3096  RasMan - ok
19:52:54.0757 3096  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:54.0800 3096  RasPppoe - ok
19:52:54.0829 3096  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:52:54.0921 3096  RasSstp - ok
19:52:54.0948 3096  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:52:54.0997 3096  rdbss - ok
19:52:55.0014 3096  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:52:55.0068 3096  rdpbus - ok
19:52:55.0097 3096  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:55.0151 3096  RDPCDD - ok
19:52:55.0169 3096  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:52:55.0246 3096  RDPENCDD - ok
19:52:55.0276 3096  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:52:55.0330 3096  RDPREFMP - ok
19:52:55.0371 3096  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:52:55.0401 3096  RDPWD - ok
19:52:55.0431 3096  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:52:55.0446 3096  rdyboost - ok
19:52:55.0468 3096  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:52:55.0539 3096  RemoteAccess - ok
19:52:55.0568 3096  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:52:55.0618 3096  RemoteRegistry - ok
19:52:55.0639 3096  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:52:55.0682 3096  RpcEptMapper - ok
19:52:55.0730 3096  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:52:55.0784 3096  RpcLocator - ok
19:52:55.0814 3096  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:52:55.0857 3096  RpcSs - ok
19:52:55.0896 3096  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:52:55.0970 3096  rspndr - ok
19:52:55.0996 3096  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:52:56.0019 3096  SamSs - ok
19:52:56.0038 3096  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:52:56.0048 3096  sbp2port - ok
19:52:56.0061 3096  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:52:56.0093 3096  SCardSvr - ok
19:52:56.0111 3096  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:52:56.0152 3096  scfilter - ok
19:52:56.0188 3096  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:52:56.0249 3096  Schedule - ok
19:52:56.0276 3096  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:52:56.0301 3096  SCPolicySvc - ok
19:52:56.0319 3096  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:52:56.0351 3096  sdbus - ok
19:52:56.0380 3096  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:52:56.0399 3096  SDRSVC - ok
19:52:56.0430 3096  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:52:56.0508 3096  secdrv - ok
19:52:56.0525 3096  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:52:56.0551 3096  seclogon - ok
19:52:56.0584 3096  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:52:56.0631 3096  SENS - ok
19:52:56.0650 3096  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:52:56.0678 3096  SensrSvc - ok
19:52:56.0712 3096  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:52:56.0751 3096  Serenum - ok
19:52:56.0800 3096  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:52:56.0850 3096  Serial - ok
19:52:56.0880 3096  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:52:56.0922 3096  sermouse - ok
19:52:56.0950 3096  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:52:57.0009 3096  SessionEnv - ok
19:52:57.0035 3096  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:52:57.0087 3096  sffdisk - ok
19:52:57.0093 3096  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:52:57.0120 3096  sffp_mmc - ok
19:52:57.0147 3096  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:52:57.0202 3096  sffp_sd - ok
19:52:57.0222 3096  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:52:57.0270 3096  sfloppy - ok
19:52:57.0316 3096  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:52:57.0357 3096  Sftfs - ok
19:52:57.0407 3096  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:52:57.0440 3096  sftlist - ok
19:52:57.0454 3096  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:52:57.0466 3096  Sftplay - ok
19:52:57.0483 3096  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:52:57.0489 3096  Sftredir - ok
19:52:57.0496 3096  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:52:57.0503 3096  Sftvol - ok
19:52:57.0529 3096  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:52:57.0537 3096  sftvsa - ok
19:52:57.0559 3096  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:52:57.0605 3096  SharedAccess - ok
19:52:57.0638 3096  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:52:57.0688 3096  ShellHWDetection - ok
19:52:57.0735 3096  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:52:57.0759 3096  SiSRaid2 - ok
19:52:57.0776 3096  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:52:57.0787 3096  SiSRaid4 - ok
19:52:57.0817 3096  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:52:57.0866 3096  Smb - ok
19:52:57.0903 3096  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:52:57.0932 3096  SNMPTRAP - ok
19:52:57.0952 3096  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:52:57.0959 3096  spldr - ok
19:52:57.0992 3096  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:52:58.0010 3096  Spooler - ok
19:52:58.0105 3096  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:52:58.0257 3096  sppsvc - ok
19:52:58.0279 3096  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:52:58.0310 3096  sppuinotify - ok
19:52:58.0335 3096  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:52:58.0391 3096  srv - ok
19:52:58.0431 3096  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:52:58.0486 3096  srv2 - ok
19:52:58.0517 3096  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:52:58.0534 3096  srvnet - ok
19:52:58.0560 3096  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:52:58.0610 3096  SSDPSRV - ok
19:52:58.0630 3096  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:52:58.0658 3096  SstpSvc - ok
19:52:58.0672 3096  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:52:58.0679 3096  stexstor - ok
19:52:58.0710 3096  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:52:58.0748 3096  stisvc - ok
19:52:58.0771 3096  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:52:58.0778 3096  swenum - ok
19:52:58.0803 3096  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:52:58.0860 3096  swprv - ok
19:52:58.0937 3096  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:52:59.0039 3096  SysMain - ok
19:52:59.0066 3096  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:52:59.0089 3096  TabletInputService - ok
19:52:59.0110 3096  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:52:59.0153 3096  TapiSrv - ok
19:52:59.0164 3096  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:52:59.0212 3096  TBS - ok
19:52:59.0292 3096  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:52:59.0358 3096  Tcpip - ok
19:52:59.0399 3096  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:52:59.0426 3096  TCPIP6 - ok
19:52:59.0445 3096  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:52:59.0453 3096  tcpipreg - ok
19:52:59.0471 3096  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:52:59.0496 3096  TDPIPE - ok
19:52:59.0529 3096  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:52:59.0538 3096  TDTCP - ok
19:52:59.0547 3096  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:52:59.0598 3096  tdx - ok
19:52:59.0632 3096  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:52:59.0658 3096  TermDD - ok
19:52:59.0699 3096  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:52:59.0758 3096  TermService - ok
19:52:59.0785 3096  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:52:59.0799 3096  Themes - ok
19:52:59.0816 3096  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:52:59.0841 3096  THREADORDER - ok
19:52:59.0850 3096  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:52:59.0878 3096  TrkWks - ok
19:52:59.0935 3096  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:52:59.0989 3096  TrustedInstaller - ok
19:53:00.0000 3096  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:53:00.0041 3096  tssecsrv - ok
19:53:00.0078 3096  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:53:00.0115 3096  TsUsbFlt - ok
19:53:00.0159 3096  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:53:00.0172 3096  TsUsbGD - ok
19:53:00.0206 3096  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:53:00.0239 3096  tunnel - ok
19:53:00.0261 3096  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
19:53:00.0268 3096  TurboB - ok
19:53:00.0291 3096  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:53:00.0299 3096  TurboBoost - ok
19:53:00.0316 3096  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:53:00.0323 3096  uagp35 - ok
19:53:00.0333 3096  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
19:53:00.0339 3096  UBHelper - ok
19:53:00.0361 3096  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:53:00.0410 3096  udfs - ok
19:53:00.0436 3096  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:53:00.0447 3096  UI0Detect - ok
19:53:00.0466 3096  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:53:00.0473 3096  uliagpkx - ok
19:53:00.0491 3096  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:53:00.0522 3096  umbus - ok
19:53:00.0543 3096  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:53:00.0590 3096  UmPass - ok
19:53:00.0730 3096  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:53:00.0778 3096  UNS - ok
19:53:00.0823 3096  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:53:00.0911 3096  upnphost - ok
19:53:00.0936 3096  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:53:00.0947 3096  usbccgp - ok
19:53:00.0957 3096  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:53:00.0968 3096  usbcir - ok
19:53:00.0985 3096  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:53:01.0031 3096  usbehci - ok
19:53:01.0076 3096  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
19:53:01.0122 3096  usbhub - ok
19:53:01.0146 3096  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:53:01.0187 3096  usbohci - ok
19:53:01.0229 3096  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:53:01.0283 3096  usbprint - ok
19:53:01.0329 3096  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:53:01.0376 3096  usbscan - ok
19:53:01.0397 3096  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:53:01.0433 3096  USBSTOR - ok
19:53:01.0463 3096  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:53:01.0498 3096  usbuhci - ok
19:53:01.0532 3096  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:53:01.0560 3096  usbvideo - ok
19:53:01.0580 3096  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:53:01.0634 3096  UxSms - ok
19:53:01.0662 3096  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:53:01.0680 3096  VaultSvc - ok
19:53:01.0698 3096  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:53:01.0713 3096  vdrvroot - ok
19:53:01.0733 3096  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:53:01.0784 3096  vds - ok
19:53:01.0802 3096  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:53:01.0813 3096  vga - ok
19:53:01.0830 3096  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:53:01.0913 3096  VgaSave - ok
19:53:01.0940 3096  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:53:01.0951 3096  vhdmp - ok
19:53:01.0981 3096  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:53:01.0989 3096  viaide - ok
19:53:02.0003 3096  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:53:02.0012 3096  volmgr - ok
19:53:02.0032 3096  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:53:02.0047 3096  volmgrx - ok
19:53:02.0062 3096  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:53:02.0073 3096  volsnap - ok
19:53:02.0102 3096  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:53:02.0111 3096  vsmraid - ok
19:53:02.0157 3096  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:53:02.0275 3096  VSS - ok
19:53:02.0300 3096  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:53:02.0352 3096  vwifibus - ok
19:53:02.0379 3096  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:53:02.0419 3096  vwififlt - ok
19:53:02.0460 3096  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:53:02.0504 3096  W32Time - ok
19:53:02.0530 3096  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:53:02.0562 3096  WacomPen - ok
19:53:02.0603 3096  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:53:02.0678 3096  WANARP - ok
19:53:02.0706 3096  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:53:02.0731 3096  Wanarpv6 - ok
19:53:02.0777 3096  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:53:02.0863 3096  wbengine - ok
19:53:02.0893 3096  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:53:02.0928 3096  WbioSrvc - ok
19:53:02.0949 3096  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:53:03.0004 3096  wcncsvc - ok
19:53:03.0032 3096  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:53:03.0058 3096  WcsPlugInService - ok
19:53:03.0088 3096  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:53:03.0101 3096  Wd - ok
19:53:03.0139 3096  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:53:03.0190 3096  Wdf01000 - ok
19:53:03.0205 3096  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:53:03.0255 3096  WdiServiceHost - ok
19:53:03.0259 3096  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:53:03.0273 3096  WdiSystemHost - ok
19:53:03.0278 3096  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:53:03.0305 3096  WebClient - ok
19:53:03.0309 3096  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:53:03.0343 3096  Wecsvc - ok
19:53:03.0365 3096  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:53:03.0392 3096  wercplsupport - ok
19:53:03.0413 3096  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:53:03.0439 3096  WerSvc - ok
19:53:03.0481 3096  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:53:03.0505 3096  WfpLwf - ok
19:53:03.0520 3096  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:53:03.0527 3096  WIMMount - ok
19:53:03.0546 3096  WinDefend - ok
19:53:03.0548 3096  WinHttpAutoProxySvc - ok
19:53:03.0608 3096  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:53:03.0670 3096  Winmgmt - ok
19:53:03.0707 3096  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:53:03.0770 3096  WinRM - ok
19:53:03.0795 3096  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:53:03.0828 3096  WinUsb - ok
19:53:03.0869 3096  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:53:03.0944 3096  Wlansvc - ok
19:53:04.0011 3096  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:53:04.0035 3096  wlcrasvc - ok
19:53:04.0149 3096  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:53:04.0248 3096  wlidsvc - ok
19:53:04.0288 3096  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:53:04.0332 3096  WmiAcpi - ok
19:53:04.0383 3096  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:53:04.0440 3096  wmiApSrv - ok
19:53:04.0486 3096  WMPNetworkSvc - ok
19:53:04.0527 3096  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:53:04.0547 3096  WPCSvc - ok
19:53:04.0561 3096  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:53:04.0577 3096  WPDBusEnum - ok
19:53:04.0580 3096  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:53:04.0605 3096  ws2ifsl - ok
19:53:04.0623 3096  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:53:04.0655 3096  wscsvc - ok
19:53:04.0657 3096  WSearch - ok
19:53:04.0746 3096  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:53:04.0844 3096  wuauserv - ok
19:53:04.0873 3096  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:53:04.0901 3096  WudfPf - ok
19:53:04.0941 3096  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:53:04.0996 3096  WUDFRd - ok
19:53:05.0037 3096  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:53:05.0091 3096  wudfsvc - ok
19:53:05.0135 3096  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:53:05.0205 3096  WwanSvc - ok
19:53:05.0211 3096  ================ Scan global ===============================
19:53:05.0244 3096  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:53:05.0274 3096  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:53:05.0283 3096  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:53:05.0306 3096  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:53:05.0328 3096  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:53:05.0332 3096  [Global] - ok
19:53:05.0332 3096  ================ Scan MBR ==================================
19:53:05.0342 3096  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:53:05.0900 3096  \Device\Harddisk0\DR0 - ok
19:53:05.0901 3096  ================ Scan VBR ==================================
19:53:05.0906 3096  [ 9FE24E9185A43DF62A5DEE215CC6655E ] \Device\Harddisk0\DR0\Partition1
19:53:05.0909 3096  \Device\Harddisk0\DR0\Partition1 - ok
19:53:05.0941 3096  [ EEA21E0603EEEC95CCAB23132840C365 ] \Device\Harddisk0\DR0\Partition2
19:53:05.0944 3096  \Device\Harddisk0\DR0\Partition2 - ok
19:53:05.0944 3096  ============================================================
19:53:05.0944 3096  Scan finished
19:53:05.0944 3096  ============================================================
19:53:05.0958 3468  Detected object count: 0
19:53:05.0958 3468  Actual detected object count: 0
19:54:01.0816 3604  Deinitialize success

cosinus · 30.03.2013, 19:58

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

trappy77 · 30.03.2013, 20:23

und weiter geht's...

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.4 (03.29.2013:1)
OS: Windows 7 Home Premium x64
Ran by ATrapp on 30.03.2013 at 20:01:23,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2172244934-3394189705-2120371993-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2172244934-3394189705-2120371993-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\ATrapp\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\ATrapp\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\ATrapp\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2013 at 20:06:33,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 30/03/2013 um 20:09:08 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ATrapp - HECTOR
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ATrapp\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\ATrapp\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\ATrapp\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\a578c8ce039eb46
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2145] : homepage = "hxxp://www.delta-search.com/?affID=119586&tt=190313_wo3&babsrc=HP_ss&mntrId=AABEE4D5[...]

*************************

AdwCleaner[S1].txt - [3857 octets] - [30/03/2013 20:09:08]

########## EOF - C:\AdwCleaner[S1].txt - [3917 octets] ##########

OTL

Code:

ATTFilter

OTL logfile created on: 30.03.2013 20:12:44 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ATrapp\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 75,38% Memory free
15,71 Gb Paging File | 13,54 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,07 Gb Total Space | 506,56 Gb Free Space | 87,63% Space Free | Partition Type: NTFS
 
Computer Name: HECTOR | User Name: ATrapp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ATrapp\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE498
IE - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ATrapp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
[2013.03.28 14:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\ATrapp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Beautiful landscape = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: TV = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Regen-Alarm Erweiterung = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd\1.2.10_0\
CHR - Extension: Google Mail = C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2172244934-3394189705-2120371993-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B7F2F84-982A-49EA-9368-45FB5BC144D9}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{624FB92A-7788-462E-A2EF-F68E91815AD6}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.30 20:01:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.30 20:00:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.30 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\Desktop\mbar
[2013.03.30 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1F432415-DF8D-4EF0-8B89-84598ED51642}
[2013.03.30 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{6B32A625-F331-4DCF-81A6-96E44B4781D3}
[2013.03.29 15:51:59 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{C09A33BC-3057-4920-A3AE-CAA89A21453C}
[2013.03.29 15:31:49 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\ElevatedDiagnostics
[2013.03.28 19:53:48 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\EgisTec
[2013.03.28 18:15:58 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\Programs
[2013.03.28 15:14:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.28 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2013.03.28 14:37:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.28 14:37:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.28 14:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.28 14:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013.03.28 12:55:31 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{D4FEEE79-1748-44AA-9001-8F1D20D92049}
[2013.03.27 19:01:09 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{23FAB1F4-1530-4A56-8DD8-2E6F4B9FC846}
[2013.03.24 20:10:37 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{9EAED7B0-4AD4-4E5F-BC2C-2A124381E48B}
[2013.03.24 18:58:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.23 15:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer
[2013.03.23 13:13:54 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{B983DDA7-9B24-476E-9140-258616A95B0A}
[2013.03.22 09:48:26 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{03FD578E-5F4B-4F1E-83BB-5BFE3E377894}
[2013.03.21 18:47:34 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Roaming\Apple Computer
[2013.03.21 18:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.03.21 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\Apple
[2013.03.21 18:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.03.21 14:03:22 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.21 14:03:22 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.21 14:03:22 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.21 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{91A706EA-9C4F-4573-9E95-8856C730B38D}
[2013.03.20 08:32:06 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{FB74855F-ACD5-4EF9-A33E-C455CFBDCCBB}
[2013.03.19 10:53:20 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{DD82FC7C-C184-4515-B4ED-2AB9C499BBBD}
[2013.03.18 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{0799AAFE-9E36-46B1-AC82-812CAF82E773}
[2013.03.18 12:39:04 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{2A708C2D-E9C9-45D7-AEFA-6EAECA852110}
[2013.03.17 20:21:41 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{BD2D3ED3-4EAE-426D-A09B-76C3C4A8625E}
[2013.03.16 14:14:27 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{DE3CEEA9-4B23-4964-95EA-036FAD698DF9}
[2013.03.15 15:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
[2013.03.15 14:30:20 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{BAFA2932-CACB-4997-A003-E4D9F70D2631}
[2013.03.14 12:50:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 12:50:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 12:50:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 12:50:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 12:50:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 12:50:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 12:50:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 12:50:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 12:50:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 12:50:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 12:50:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 12:50:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 12:50:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 12:50:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 12:50:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.14 12:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.14 12:48:52 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{427996F8-1D73-4FFB-BF08-7546B4F8D23C}
[2013.03.13 09:04:08 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{85181650-6C8D-46F6-A917-8D535B90021F}
[2013.03.12 15:26:12 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{87223B63-9E99-43F7-AE6F-0E0F21E32CA3}
[2013.03.12 10:22:51 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{F9D5C751-2A67-4D1A-B33B-30301D34BC34}
[2013.03.11 13:51:42 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{49B3F5B5-CADF-4C09-AE05-FEDEB0600925}
[2013.03.10 14:23:38 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{509FF94D-9D1F-4E9E-A4E4-1947978BEDD5}
[2013.03.09 09:26:53 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{5E3403BC-6FF1-4293-AF68-26436CBA1245}
[2013.03.08 08:52:35 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.08 08:52:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.08 08:52:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.08 08:52:26 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.08 08:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.08 08:51:33 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1D05139B-62C3-4BC2-85C7-7CA32C30F1EF}
[2013.03.07 09:57:14 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{EFBDA019-D942-49A2-BE61-25A21E9F1E41}
[2013.03.06 09:28:57 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1417AF73-7669-40F3-8A99-4FD970DB4AE2}
[2013.03.05 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{E7EE95E4-BF3F-4401-A3FC-BEE3E28921C1}
[2013.03.05 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{CC129056-5278-4943-8808-D9051290592C}
[2013.03.04 09:10:33 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{023EB115-8547-4D21-9D6B-11A3056E0CC4}
[2013.03.03 14:33:14 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{DC2C11BB-5641-4FEC-B86E-0967762F0DEB}
[2013.03.02 10:33:35 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{1BD17CE0-A832-4ADE-87B0-B1E130D9954F}
[2013.03.01 09:15:35 | 000,000,000 | ---D | C] -- C:\Users\ATrapp\AppData\Local\{53721D83-D97D-4567-9FD5-4571E202FBD9}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.30 20:10:27 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.30 20:10:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.30 20:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 20:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.30 19:48:13 | 000,000,512 | ---- | M] () -- C:\Users\ATrapp\Desktop\MBR.dat
[2013.03.30 18:18:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 18:18:48 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 15:05:29 | 000,000,000 | ---- | M] () -- C:\Users\ATrapp\defogger_reenable
[2013.03.28 15:10:34 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.28 14:27:03 | 000,000,000 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9P.dll
[2013.03.28 14:00:41 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013.03.21 14:03:09 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.21 14:03:09 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.21 14:03:09 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.13 12:03:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 12:03:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.08 08:52:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.08 08:52:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.08 08:52:22 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.08 08:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.08 08:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.08 08:52:22 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.30 19:48:13 | 000,000,512 | ---- | C] () -- C:\Users\ATrapp\Desktop\MBR.dat
[2013.03.29 15:05:29 | 000,000,000 | ---- | C] () -- C:\Users\ATrapp\defogger_reenable
[2013.03.28 14:27:03 | 000,000,000 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9P.dll
[2013.03.28 14:00:41 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.09.19 10:55:51 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2012.09.10 18:31:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.07.29 16:09:16 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini
[2012.06.03 10:53:09 | 000,010,455 | ---- | C] () -- C:\Users\ATrapp\AnjaKurt_elster_2048.pfx
[2012.02.07 21:41:31 | 000,000,094 | ---- | C] () -- C:\Users\ATrapp\AppData\Local\fusioncache.dat
[2012.01.21 12:06:12 | 001,555,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.18 19:32:13 | 000,027,081 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.14 04:57:35 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.14 04:57:34 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.14 04:57:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.14 04:57:31 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.14 04:57:30 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:01690B01
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:80F63EC3
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:67310058
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:EB333CFC
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:957E9765
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:F7F6E6CB
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:159A493A
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:15752405
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:B6DD2C7E
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4c.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4b.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4a.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E265ED33
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:7BFFC6A9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D4B733E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:53BA2DF6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:244E4E3A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1CD511E5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:00D99749
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:952245B1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0EC7A545
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:834DD57E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:94A31742
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:5ECEFF17
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:164561C8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A798AA1A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:80253E8D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5FC043A8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:7D288858
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EAF3ADF5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4C71A42B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1224B4C3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EB68CA55
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B8EB1B99
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6DD124E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1E942FB9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E402E439
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D6D084A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DCA79AB3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:762408BA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:EE2DD6CC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:18E3BAF3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EE69D7DF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9C7A32BB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:32EA849C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:97AAB7F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6DDFD746
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5520ED93
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:927EC486
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C22674B6

< End of report >

cosinus · 30.03.2013, 21:45

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:01690B01
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:80F63EC3
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:67310058
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:EB333CFC
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:957E9765
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:F7F6E6CB
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:159A493A
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:15752405
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:B6DD2C7E
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4c.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4b.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\ATrapp\Documents\FR4a.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E265ED33
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:7BFFC6A9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D4B733E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:53BA2DF6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:244E4E3A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1CD511E5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:00D99749
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:952245B1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0EC7A545
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:834DD57E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:94A31742
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:5ECEFF17
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:164561C8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4D8FCBEF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A798AA1A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:80253E8D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5FC043A8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:7D288858
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EAF3ADF5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4C71A42B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:1224B4C3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:EB68CA55
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B8EB1B99
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6DD124E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1E942FB9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E402E439
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D6D084A5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DCA79AB3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:762408BA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:EE2DD6CC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:18E3BAF3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EE69D7DF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9C7A32BB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:32EA849C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:97AAB7F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6DDFD746
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5520ED93
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:927EC486
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C22674B6
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

trappy77 · 30.03.2013, 22:03

Hier das gewünschte Textdokument:

Code:

ATTFilter

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:01690B01 deleted successfully.
ADS C:\ProgramData\Temp:80F63EC3 deleted successfully.
ADS C:\ProgramData\Temp:67310058 deleted successfully.
ADS C:\ProgramData\Temp:EB333CFC deleted successfully.
ADS C:\ProgramData\Temp:206470A5 deleted successfully.
ADS C:\ProgramData\Temp:A1D3FEF0 deleted successfully.
ADS C:\ProgramData\Temp:957E9765 deleted successfully.
ADS C:\ProgramData\Temp:F7F6E6CB deleted successfully.
ADS C:\ProgramData\Temp:159A493A deleted successfully.
ADS C:\ProgramData\Temp:15752405 deleted successfully.
ADS C:\ProgramData\Temp:B6DD2C7E deleted successfully.
ADS C:\Users\ATrapp\Documents\FR4c.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\ATrapp\Documents\FR4b.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\ATrapp\Documents\FR4a.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\ProgramData\Temp:2CB9631F deleted successfully.
ADS C:\ProgramData\Temp:E265ED33 deleted successfully.
ADS C:\ProgramData\Temp:7BFFC6A9 deleted successfully.
ADS C:\ProgramData\Temp:3D4B733E deleted successfully.
ADS C:\ProgramData\Temp:E6B95E40 deleted successfully.
ADS C:\ProgramData\Temp:53BA2DF6 deleted successfully.
ADS C:\ProgramData\Temp:244E4E3A deleted successfully.
ADS C:\ProgramData\Temp:1CD511E5 deleted successfully.
ADS C:\ProgramData\Temp:00D99749 deleted successfully.
ADS C:\ProgramData\Temp:952245B1 deleted successfully.
ADS C:\ProgramData\Temp:0EC7A545 deleted successfully.
ADS C:\ProgramData\Temp:FD786DCA deleted successfully.
ADS C:\ProgramData\Temp:834DD57E deleted successfully.
ADS C:\ProgramData\Temp:F2327E82 deleted successfully.
ADS C:\ProgramData\Temp:D987CB43 deleted successfully.
ADS C:\ProgramData\Temp:884C7316 deleted successfully.
ADS C:\ProgramData\Temp:94A31742 deleted successfully.
ADS C:\ProgramData\Temp:5ECEFF17 deleted successfully.
ADS C:\ProgramData\Temp:164561C8 deleted successfully.
ADS C:\ProgramData\Temp:FD7DCDA6 deleted successfully.
ADS C:\ProgramData\Temp:4D8FCBEF deleted successfully.
ADS C:\ProgramData\Temp:D7D0B4AF deleted successfully.
ADS C:\ProgramData\Temp:CBAF0C30 deleted successfully.
ADS C:\ProgramData\Temp:A798AA1A deleted successfully.
ADS C:\ProgramData\Temp:80253E8D deleted successfully.
ADS C:\ProgramData\Temp:5FC043A8 deleted successfully.
ADS C:\ProgramData\Temp:5E73E1C2 deleted successfully.
ADS C:\ProgramData\Temp:7D288858 deleted successfully.
ADS C:\ProgramData\Temp:4E79C4F8 deleted successfully.
ADS C:\ProgramData\Temp:EAF3ADF5 deleted successfully.
ADS C:\ProgramData\Temp:AABECEFB deleted successfully.
ADS C:\ProgramData\Temp:4C71A42B deleted successfully.
ADS C:\ProgramData\Temp:E87AB4E3 deleted successfully.
ADS C:\ProgramData\Temp:1224B4C3 deleted successfully.
ADS C:\ProgramData\Temp:EB68CA55 deleted successfully.
ADS C:\ProgramData\Temp:E6537A16 deleted successfully.
ADS C:\ProgramData\Temp:B8EB1B99 deleted successfully.
ADS C:\ProgramData\Temp:8AC20936 deleted successfully.
ADS C:\ProgramData\Temp:363E775E deleted successfully.
ADS C:\ProgramData\Temp:F68CB1A4 deleted successfully.
ADS C:\ProgramData\Temp:6DD124E2 deleted successfully.
ADS C:\ProgramData\Temp:1E942FB9 deleted successfully.
ADS C:\ProgramData\Temp:120B3AFD deleted successfully.
ADS C:\ProgramData\Temp:E402E439 deleted successfully.
ADS C:\ProgramData\Temp:D6D084A5 deleted successfully.
ADS C:\ProgramData\Temp:71612023 deleted successfully.
ADS C:\ProgramData\Temp:DCA79AB3 deleted successfully.
ADS C:\ProgramData\Temp:BEE39E9B deleted successfully.
ADS C:\ProgramData\Temp:A9ABA3FF deleted successfully.
ADS C:\ProgramData\Temp:762408BA deleted successfully.
ADS C:\ProgramData\Temp:EE2DD6CC deleted successfully.
ADS C:\ProgramData\Temp:7E4E56EA deleted successfully.
ADS C:\ProgramData\Temp:18E3BAF3 deleted successfully.
ADS C:\ProgramData\Temp:EE69D7DF deleted successfully.
ADS C:\ProgramData\Temp:E8B61305 deleted successfully.
ADS C:\ProgramData\Temp:96372A73 deleted successfully.
ADS C:\ProgramData\Temp:9C7A32BB deleted successfully.
ADS C:\ProgramData\Temp:32EA849C deleted successfully.
ADS C:\ProgramData\Temp:11590865 deleted successfully.
ADS C:\ProgramData\Temp:6A9CA6CB deleted successfully.
ADS C:\ProgramData\Temp:97AAB7F2 deleted successfully.
ADS C:\ProgramData\Temp:6DDFD746 deleted successfully.
ADS C:\ProgramData\Temp:F98E6C67 deleted successfully.
ADS C:\ProgramData\Temp:F84B8DB5 deleted successfully.
ADS C:\ProgramData\Temp:5520ED93 deleted successfully.
ADS C:\ProgramData\Temp:927EC486 deleted successfully.
ADS C:\ProgramData\Temp:C22674B6 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\ATrapp\Downloads\cmd.bat deleted successfully.
C:\Users\ATrapp\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ATrapp
->Temp folder emptied: 119966040 bytes
->Temporary Internet Files folder emptied: 81886858 bytes
->Java cache emptied: 21175013 bytes
->Google Chrome cache emptied: 322802962 bytes
->Flash cache emptied: 506 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7168593 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 85510 bytes
 
Total Files Cleaned = 528,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03302013_215847

Files\Folders moved on Reboot...
C:\Users\ATrapp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ATrapp\AppData\Local\Temp\MMDUtl.log moved successfully.
C:\Users\ATrapp\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 30.03.2013, 22:17

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

trappy77 · 31.03.2013, 11:34

Hier das logfile von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0aa92e66f7059d42a6ff745d7652e726
# engine=13519
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-31 10:26:44
# local_time=2013-03-31 12:26:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 161909 116355454 0 0
# scanned=144892
# found=0
# cleaned=0
# scan_time=46605

Quickscan von Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ATrapp :: HECTOR [Administrator]

30.03.2013 22:23:51
mbam-log-2013-03-30 (22-23-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230838
Laufzeit: 3 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 01.04.2013, 13:56

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

trappy77 · 01.04.2013, 15:20

Vielen Dank cosinus,
alles funktioniert wieder einwandfrei !!!

Deinen Rat bezüglich der Cookies hab' ich auch gleich beherzigt, habe bei Google Chrome die Einstellung auf "Lokale Daten nach Beenden des Browsers löschen" geändert.
Wäre ein Haken bei "Drittanbieter-Cookies und Websitesdaten blockieren" auch sinnvoll ?

Wäre sehr nett von dir, wenn du mir diese letzte Frage noch beantworten könntest...

Und dann danke ich dir von Herzen für die viele Mühe und die viele Zeit die du mir gewidmet hast !!! Du hast mir wirklich sehr geholfen !!!