| |
| |||||||
Log-Analyse und Auswertung: System Care Antivirus kann nicht entfernt werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2013, 22:03
| #1 |
 |  System Care Antivirus kann nicht entfernt werden Hallo! Mein Mann hat sich auf seinem Laptop dieses Fake-Anti-Virenprogramm eingefangen, welches ständig Warnmeldungen aufblinken lässt. Des Weiteren funktioniert firefox nur langsam oder gar nicht mehr. Deswegen benutze ich den Internet Explorer, auf dem wohl sehr viele toolbars installiert sind. Ich habe auf dem trojaner-board schon einen Beitrag gelesen und die vorgelschlagenen Scans durchgeführt, die ich unten poste. Des Weiteren habe ich defogger durchlaufen lassen. Dies war unauffällig. Danach habe ich OTL durchlaufen lassen, dies stürzte leider ab, genau an der Stelle wo die firefox-Dateien gescannt wurden. Danach habe ich avira deaktiviert und GMER scannen lassen. Dieses stürzte auch ab. Danach wollte ich avira wieder aktivieren. Dies funktionierte nicht. Hier die Ergebnisse von malwarebytes: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.16.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Luce :: YT-1300 [administrator]
16.05.2013 19:34:58
mbar-log-2013-05-16 (19-34-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30730
Time elapsed: 1 hour(s), 6 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
c:\$Recycle.Bin\S-1-5-21-3221331733-3512096612-1023093492-1002\$RMUJ44S.exe (Trojan.Zbot.ED) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3221331733-3512096612-1023093492-1002\$R7G6CCM\EE08215D7633C2570000EE073359C5DA.exe (Trojan.Zbot.ED) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3221331733-3512096612-1023093492-1002\$RNR04WX\EE08215D7633C2570000EE073359C5DA.exe (Trojan.Zbot.ED) -> Delete on reboot.
c:\Users\Luce\AppData\Local\Temp\A1E.tmp (Trojan.Zbot.ED) -> Delete on reboot.
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-16 19:48:34
-----------------------------
19:48:34.189 OS Version: Windows x64 6.1.7601 Service Pack 1
19:48:34.189 Number of processors: 2 586 0x100
19:48:34.267 ComputerName: YT-1300 UserName: Luce
19:48:38.525 Initialize success
19:49:53.354 AVAST engine defs: 13051600
19:50:16.801 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:50:16.817 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
19:50:17.051 Disk 0 MBR read successfully
19:50:17.051 Disk 0 MBR scan
19:50:17.113 Disk 0 Windows 7 default MBR code
19:50:17.144 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
19:50:17.191 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
19:50:17.207 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
19:50:17.347 Disk 0 scanning C:\Windows\system32\drivers
19:50:44.554 Service scanning
19:51:52.975 Modules scanning
19:51:52.991 Disk 0 trace - called modules:
19:51:53.069 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:51:53.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800246b060]
19:51:53.100 3 CLASSPNP.SYS[fffff880018da43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001f92610]
19:51:54.910 AVAST engine scan C:\Windows
19:51:59.746 AVAST engine scan C:\Windows\system32
20:00:03.253 AVAST engine scan C:\Windows\system32\drivers
20:00:43.080 AVAST engine scan C:\Users\Luce
21:55:00.226 Disk 0 MBR has been saved successfully to "C:\Users\Luce\Desktop\MBR.dat"
21:55:00.257 The log file has been saved successfully to "C:\Users\Luce\Desktop\aswMBR.txt"
Code:
ATTFilter 21:59:13.0086 5960 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:59:13.0664 5960 ============================================================
21:59:13.0664 5960 Current date / time: 2013/05/16 21:59:13.0664
21:59:13.0664 5960 SystemInfo:
21:59:13.0664 5960
21:59:13.0664 5960 OS Version: 6.1.7601 ServicePack: 1.0
21:59:13.0664 5960 Product type: Workstation
21:59:13.0664 5960 ComputerName: YT-1300
21:59:13.0664 5960 UserName: Luce
21:59:13.0664 5960 Windows directory: C:\Windows
21:59:13.0664 5960 System windows directory: C:\Windows
21:59:13.0664 5960 Running under WOW64
21:59:13.0664 5960 Processor architecture: Intel x64
21:59:13.0664 5960 Number of processors: 2
21:59:13.0664 5960 Page size: 0x1000
21:59:13.0664 5960 Boot type: Normal boot
21:59:13.0664 5960 ============================================================
21:59:16.0425 5960 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:16.0440 5960 ============================================================
21:59:16.0440 5960 \Device\Harddisk0\DR0:
21:59:16.0440 5960 MBR partitions:
21:59:16.0440 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
21:59:16.0440 5960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
21:59:16.0440 5960 ============================================================
21:59:16.0503 5960 C: <-> \Device\Harddisk0\DR0\Partition2
21:59:16.0503 5960 ============================================================
21:59:16.0503 5960 Initialize success
21:59:16.0503 5960 ============================================================
21:59:32.0758 2908 ============================================================
21:59:32.0758 2908 Scan started
21:59:32.0758 2908 Mode: Manual; SigCheck; TDLFS;
21:59:32.0758 2908 ============================================================
21:59:33.0803 2908 ================ Scan system memory ========================
21:59:33.0803 2908 System memory - ok
21:59:33.0803 2908 ================ Scan services =============================
21:59:34.0178 2908 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:59:34.0412 2908 1394ohci - ok
21:59:34.0505 2908 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:59:34.0552 2908 ACPI - ok
21:59:34.0646 2908 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:59:34.0833 2908 AcpiPmi - ok
21:59:35.0036 2908 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:59:35.0067 2908 AdobeARMservice - ok
21:59:35.0332 2908 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:59:35.0363 2908 AdobeFlashPlayerUpdateSvc - ok
21:59:35.0472 2908 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:59:35.0519 2908 adp94xx - ok
21:59:35.0550 2908 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:59:35.0597 2908 adpahci - ok
21:59:35.0675 2908 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:59:35.0706 2908 adpu320 - ok
21:59:35.0769 2908 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:59:36.0252 2908 AeLookupSvc - ok
21:59:36.0315 2908 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:59:36.0455 2908 AFD - ok
21:59:36.0518 2908 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:59:36.0549 2908 agp440 - ok
21:59:36.0642 2908 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:59:36.0736 2908 ALG - ok
21:59:36.0798 2908 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:59:36.0814 2908 aliide - ok
21:59:36.0923 2908 [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:59:37.0032 2908 AMD External Events Utility - ok
21:59:37.0157 2908 AMD FUEL Service - ok
21:59:37.0235 2908 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
21:59:37.0251 2908 AMD Reservation Manager - ok
21:59:37.0313 2908 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:59:37.0344 2908 amdide - ok
21:59:37.0454 2908 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
21:59:37.0547 2908 amdiox64 - ok
21:59:37.0625 2908 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:59:37.0719 2908 AmdK8 - ok
21:59:38.0343 2908 [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:59:38.0702 2908 amdkmdag - ok
21:59:38.0780 2908 [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:59:38.0858 2908 amdkmdap - ok
21:59:38.0967 2908 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:59:39.0029 2908 AmdPPM - ok
21:59:39.0092 2908 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:59:39.0123 2908 amdsata - ok
21:59:39.0185 2908 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:59:39.0216 2908 amdsbs - ok
21:59:39.0248 2908 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:59:39.0279 2908 amdxata - ok
21:59:39.0497 2908 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:59:39.0528 2908 AntiVirSchedulerService - ok
21:59:39.0669 2908 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:59:39.0700 2908 AntiVirService - ok
21:59:39.0794 2908 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:59:40.0199 2908 AppID - ok
21:59:40.0277 2908 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:59:40.0355 2908 AppIDSvc - ok
21:59:40.0464 2908 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:59:40.0542 2908 Appinfo - ok
21:59:40.0620 2908 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:59:40.0636 2908 arc - ok
21:59:40.0683 2908 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:59:40.0698 2908 arcsas - ok
21:59:40.0730 2908 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:40.0839 2908 AsyncMac - ok
21:59:40.0917 2908 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:59:40.0948 2908 atapi - ok
21:59:41.0166 2908 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:59:41.0291 2908 athr - ok
21:59:41.0400 2908 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:59:41.0447 2908 AtiHDAudioService - ok
21:59:41.0588 2908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:59:41.0712 2908 AudioEndpointBuilder - ok
21:59:41.0775 2908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:59:41.0868 2908 AudioSrv - ok
21:59:42.0040 2908 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:59:42.0056 2908 avgntflt - ok
21:59:42.0180 2908 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:59:42.0227 2908 avipbb - ok
21:59:42.0336 2908 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:59:42.0399 2908 avkmgr - ok
21:59:42.0461 2908 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:59:42.0648 2908 AxInstSV - ok
21:59:42.0758 2908 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:59:42.0867 2908 b06bdrv - ok
21:59:42.0929 2908 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:43.0007 2908 b57nd60a - ok
21:59:43.0226 2908 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
21:59:43.0304 2908 BBSvc - ok
21:59:43.0366 2908 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
21:59:43.0397 2908 BBUpdate - ok
21:59:43.0491 2908 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:59:43.0631 2908 BDESVC - ok
21:59:43.0694 2908 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:59:43.0818 2908 Beep - ok
21:59:43.0943 2908 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:59:44.0068 2908 BFE - ok
21:59:44.0162 2908 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:59:44.0318 2908 BITS - ok
21:59:44.0411 2908 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:59:44.0489 2908 blbdrive - ok
21:59:44.0567 2908 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:59:44.0676 2908 bowser - ok
21:59:44.0723 2908 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:59:44.0864 2908 BrFiltLo - ok
21:59:44.0879 2908 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:59:44.0926 2908 BrFiltUp - ok
21:59:45.0004 2908 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:59:45.0098 2908 Browser - ok
21:59:45.0160 2908 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:59:45.0254 2908 Brserid - ok
21:59:45.0285 2908 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:45.0332 2908 BrSerWdm - ok
21:59:45.0363 2908 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:45.0425 2908 BrUsbMdm - ok
21:59:45.0472 2908 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:45.0519 2908 BrUsbSer - ok
21:59:45.0581 2908 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:59:45.0644 2908 BTHMODEM - ok
21:59:45.0753 2908 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:59:45.0846 2908 bthserv - ok
21:59:45.0893 2908 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:59:46.0018 2908 cdfs - ok
21:59:46.0080 2908 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:59:46.0127 2908 cdrom - ok
21:59:46.0221 2908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:59:46.0330 2908 CertPropSvc - ok
21:59:46.0377 2908 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:59:46.0470 2908 circlass - ok
21:59:46.0626 2908 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:59:46.0658 2908 CLFS - ok
21:59:46.0814 2908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:46.0876 2908 clr_optimization_v2.0.50727_32 - ok
21:59:46.0985 2908 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:47.0032 2908 clr_optimization_v2.0.50727_64 - ok
21:59:47.0172 2908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:47.0313 2908 clr_optimization_v4.0.30319_32 - ok
21:59:47.0422 2908 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:47.0453 2908 clr_optimization_v4.0.30319_64 - ok
21:59:47.0484 2908 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:47.0516 2908 CmBatt - ok
21:59:47.0531 2908 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:59:47.0562 2908 cmdide - ok
21:59:47.0594 2908 [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
21:59:47.0687 2908 cmnsusbser - ok
21:59:47.0781 2908 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:59:47.0859 2908 CNG - ok
21:59:48.0062 2908 [ 78AC76700D37A98B5BADB19D57301BD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:59:48.0124 2908 CnxtHdAudService - ok
21:59:48.0202 2908 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:59:48.0218 2908 Compbatt - ok
21:59:48.0280 2908 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:59:48.0358 2908 CompositeBus - ok
21:59:48.0374 2908 COMSysApp - ok
21:59:48.0436 2908 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:59:48.0452 2908 crcdisk - ok
21:59:48.0514 2908 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:59:48.0623 2908 CryptSvc - ok
21:59:48.0842 2908 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:59:48.0904 2908 cvhsvc - ok
21:59:48.0998 2908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:59:49.0091 2908 DcomLaunch - ok
21:59:49.0200 2908 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:59:49.0310 2908 defragsvc - ok
21:59:49.0388 2908 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:59:49.0497 2908 DfsC - ok
21:59:49.0575 2908 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:59:49.0700 2908 Dhcp - ok
21:59:49.0778 2908 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:59:49.0871 2908 discache - ok
21:59:49.0918 2908 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:59:49.0934 2908 Disk - ok
21:59:50.0027 2908 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:59:50.0105 2908 Dnscache - ok
21:59:50.0183 2908 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:59:50.0261 2908 dot3svc - ok
21:59:50.0292 2908 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:59:50.0386 2908 DPS - ok
21:59:50.0495 2908 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:59:50.0558 2908 drmkaud - ok
21:59:50.0714 2908 [ 53E4843E1CD3653E665DAA32241F8F8B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:59:50.0745 2908 DsiWMIService - ok
21:59:50.0870 2908 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:59:50.0932 2908 DXGKrnl - ok
21:59:51.0041 2908 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:59:51.0166 2908 EapHost - ok
21:59:51.0478 2908 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:59:51.0712 2908 ebdrv - ok
21:59:51.0774 2908 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:59:51.0915 2908 EFS - ok
21:59:52.0040 2908 [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
21:59:52.0118 2908 EgisTec Ticket Service - ok
21:59:52.0336 2908 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:59:52.0445 2908 ehRecvr - ok
21:59:52.0492 2908 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:59:52.0617 2908 ehSched - ok
21:59:52.0664 2908 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:59:52.0710 2908 elxstor - ok
21:59:52.0898 2908 [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:59:52.0944 2908 ePowerSvc - ok
21:59:53.0054 2908 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
21:59:53.0085 2908 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
21:59:53.0085 2908 EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
21:59:53.0147 2908 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:59:53.0178 2908 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
21:59:53.0178 2908 EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
21:59:53.0241 2908 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:59:53.0272 2908 ErrDev - ok
21:59:53.0412 2908 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:59:53.0522 2908 EventSystem - ok
21:59:53.0600 2908 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:59:53.0693 2908 exfat - ok
21:59:53.0787 2908 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:59:53.0880 2908 fastfat - ok
21:59:54.0052 2908 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:59:54.0239 2908 Fax - ok
21:59:54.0286 2908 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:59:54.0333 2908 fdc - ok
21:59:54.0395 2908 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:59:54.0489 2908 fdPHost - ok
21:59:54.0520 2908 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:59:54.0645 2908 FDResPub - ok
21:59:54.0723 2908 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:59:54.0754 2908 FileInfo - ok
21:59:54.0785 2908 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:59:54.0941 2908 Filetrace - ok
21:59:55.0066 2908 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:59:55.0222 2908 FLEXnet Licensing Service - ok
21:59:55.0284 2908 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:59:55.0331 2908 flpydisk - ok
21:59:55.0362 2908 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:59:55.0394 2908 FltMgr - ok
21:59:55.0581 2908 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:59:55.0737 2908 FontCache - ok
21:59:55.0893 2908 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:59:55.0908 2908 FontCache3.0.0.0 - ok
21:59:56.0002 2908 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:59:56.0018 2908 FsDepends - ok
21:59:56.0096 2908 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:59:56.0142 2908 Fs_Rec - ok
21:59:56.0220 2908 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:59:56.0267 2908 fvevol - ok
21:59:56.0298 2908 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:59:56.0345 2908 gagp30kx - ok
21:59:56.0470 2908 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:59:56.0595 2908 gpsvc - ok
21:59:56.0735 2908 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:59:56.0766 2908 GREGService - ok
21:59:56.0922 2908 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:56.0969 2908 gupdate - ok
21:59:57.0032 2908 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:57.0047 2908 gupdatem - ok
21:59:57.0094 2908 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:59:57.0266 2908 hcw85cir - ok
21:59:57.0375 2908 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:59:57.0453 2908 HdAudAddService - ok
21:59:57.0546 2908 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:59:57.0624 2908 HDAudBus - ok
21:59:57.0687 2908 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:59:57.0765 2908 HidBatt - ok
21:59:57.0796 2908 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:59:57.0858 2908 HidBth - ok
21:59:57.0952 2908 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:59:58.0014 2908 HidIr - ok
21:59:58.0061 2908 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:59:58.0155 2908 hidserv - ok
21:59:58.0248 2908 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:59:58.0280 2908 HidUsb - ok
21:59:58.0326 2908 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:59:58.0436 2908 hkmsvc - ok
21:59:58.0560 2908 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:59:58.0701 2908 HomeGroupListener - ok
21:59:58.0763 2908 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:59:58.0841 2908 HomeGroupProvider - ok
21:59:58.0888 2908 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:59:58.0935 2908 HpSAMD - ok
21:59:59.0028 2908 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:59:59.0138 2908 HTTP - ok
21:59:59.0184 2908 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:59:59.0216 2908 hwpolicy - ok
21:59:59.0294 2908 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:59:59.0340 2908 i8042prt - ok
21:59:59.0434 2908 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:59:59.0481 2908 iaStorV - ok
21:59:59.0574 2908 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:59:59.0684 2908 idsvc - ok
21:59:59.0730 2908 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:59:59.0746 2908 iirsp - ok
21:59:59.0824 2908 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:59:59.0949 2908 IKEEXT - ok
22:00:00.0011 2908 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:00:00.0027 2908 intelide - ok
22:00:00.0136 2908 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:00:00.0183 2908 intelppm - ok
22:00:00.0245 2908 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:00:00.0354 2908 IPBusEnum - ok
22:00:00.0464 2908 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:00.0542 2908 IpFilterDriver - ok
22:00:00.0713 2908 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:00:00.0869 2908 iphlpsvc - ok
22:00:00.0916 2908 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:00:00.0978 2908 IPMIDRV - ok
22:00:01.0056 2908 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:00:01.0150 2908 IPNAT - ok
22:00:01.0197 2908 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:00:01.0384 2908 IRENUM - ok
22:00:01.0478 2908 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:00:01.0509 2908 isapnp - ok
22:00:01.0556 2908 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:00:01.0602 2908 iScsiPrt - ok
22:00:01.0680 2908 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:00:01.0727 2908 kbdclass - ok
22:00:01.0821 2908 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:00:01.0868 2908 kbdhid - ok
22:00:01.0930 2908 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:00:01.0961 2908 KeyIso - ok
22:00:02.0024 2908 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:00:02.0055 2908 KSecDD - ok
22:00:02.0117 2908 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:00:02.0164 2908 KSecPkg - ok
22:00:02.0226 2908 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:00:02.0304 2908 ksthunk - ok
22:00:02.0367 2908 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:00:02.0460 2908 KtmRm - ok
22:00:02.0554 2908 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
22:00:02.0601 2908 L1C - ok
22:00:02.0694 2908 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:00:02.0788 2908 LanmanServer - ok
22:00:02.0850 2908 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:00:02.0960 2908 LanmanWorkstation - ok
22:00:03.0038 2908 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:00:03.0131 2908 lltdio - ok
22:00:03.0194 2908 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:00:03.0287 2908 lltdsvc - ok
22:00:03.0350 2908 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:00:03.0459 2908 lmhosts - ok
22:00:03.0506 2908 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:00:03.0537 2908 LSI_FC - ok
22:00:03.0584 2908 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:00:03.0615 2908 LSI_SAS - ok
22:00:03.0646 2908 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:00:03.0693 2908 LSI_SAS2 - ok
22:00:03.0802 2908 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:00:03.0849 2908 LSI_SCSI - ok
22:00:03.0880 2908 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:00:03.0974 2908 luafv - ok
22:00:04.0130 2908 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
22:00:04.0161 2908 McAfee SiteAdvisor Service - ok
22:00:04.0395 2908 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
22:00:04.0504 2908 McComponentHostService - ok
22:00:04.0566 2908 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:00:04.0660 2908 Mcx2Svc - ok
22:00:04.0754 2908 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:00:04.0785 2908 megasas - ok
22:00:04.0894 2908 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:00:04.0941 2908 MegaSR - ok
22:00:05.0112 2908 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:00:05.0190 2908 Microsoft Office Groove Audit Service - ok
22:00:05.0268 2908 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:00:05.0378 2908 MMCSS - ok
22:00:05.0409 2908 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:00:05.0502 2908 Modem - ok
22:00:05.0549 2908 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:00:05.0596 2908 monitor - ok
22:00:05.0674 2908 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:00:05.0721 2908 mouclass - ok
22:00:05.0783 2908 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:00:05.0846 2908 mouhid - ok
22:00:05.0939 2908 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:00:05.0986 2908 mountmgr - ok
22:00:06.0204 2908 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:00:06.0267 2908 MozillaMaintenance - ok
22:00:06.0298 2908 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:00:06.0314 2908 mpio - ok
22:00:06.0392 2908 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:00:06.0485 2908 mpsdrv - ok
22:00:06.0594 2908 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:00:06.0704 2908 MpsSvc - ok
22:00:06.0750 2908 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:00:06.0797 2908 MRxDAV - ok
22:00:06.0844 2908 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:06.0984 2908 mrxsmb - ok
22:00:07.0078 2908 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:07.0125 2908 mrxsmb10 - ok
22:00:07.0172 2908 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:07.0234 2908 mrxsmb20 - ok
22:00:07.0296 2908 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:00:07.0328 2908 msahci - ok
22:00:07.0390 2908 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:00:07.0437 2908 msdsm - ok
22:00:07.0452 2908 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:00:07.0515 2908 MSDTC - ok
22:00:07.0593 2908 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:00:07.0671 2908 Msfs - ok
22:00:07.0702 2908 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:00:07.0796 2908 mshidkmdf - ok
22:00:07.0858 2908 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:00:07.0889 2908 msisadrv - ok
22:00:07.0952 2908 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:00:08.0092 2908 MSiSCSI - ok
22:00:08.0092 2908 msiserver - ok
22:00:08.0170 2908 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:00:08.0248 2908 MSKSSRV - ok
22:00:08.0310 2908 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:08.0404 2908 MSPCLOCK - ok
22:00:08.0466 2908 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:00:08.0544 2908 MSPQM - ok
22:00:08.0607 2908 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:00:08.0638 2908 MsRPC - ok
22:00:08.0700 2908 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:00:08.0716 2908 mssmbios - ok
22:00:08.0778 2908 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:00:08.0888 2908 MSTEE - ok
22:00:08.0966 2908 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:00:09.0012 2908 MTConfig - ok
22:00:09.0044 2908 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:00:09.0075 2908 Mup - ok
22:00:09.0106 2908 [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:00:09.0153 2908 mwlPSDFilter - ok
22:00:09.0184 2908 [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:00:09.0215 2908 mwlPSDNServ - ok
22:00:09.0262 2908 [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:00:09.0278 2908 mwlPSDVDisk - ok
22:00:09.0356 2908 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:00:09.0465 2908 napagent - ok
22:00:09.0590 2908 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:00:09.0668 2908 NativeWifiP - ok
22:00:09.0792 2908 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
22:00:09.0855 2908 NAUpdate - ok
22:00:09.0964 2908 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:00:10.0011 2908 NDIS - ok
22:00:10.0089 2908 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:10.0198 2908 NdisCap - ok
22:00:10.0276 2908 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:10.0370 2908 NdisTapi - ok
22:00:10.0448 2908 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:10.0557 2908 Ndisuio - ok
22:00:10.0635 2908 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:10.0760 2908 NdisWan - ok
22:00:10.0806 2908 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:00:10.0900 2908 NDProxy - ok
22:00:10.0962 2908 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:00:11.0040 2908 NetBIOS - ok
22:00:11.0103 2908 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:00:11.0181 2908 NetBT - ok
22:00:11.0228 2908 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:00:11.0290 2908 Netlogon - ok
22:00:11.0352 2908 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:00:11.0462 2908 Netman - ok
22:00:11.0524 2908 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:00:11.0633 2908 netprofm - ok
22:00:11.0664 2908 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:11.0774 2908 NetTcpPortSharing - ok
22:00:11.0820 2908 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:00:11.0836 2908 nfrd960 - ok
22:00:11.0883 2908 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:00:11.0930 2908 NlaSvc - ok
22:00:11.0992 2908 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:00:12.0086 2908 Npfs - ok
22:00:12.0148 2908 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:00:12.0242 2908 nsi - ok
22:00:12.0304 2908 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:00:12.0398 2908 nsiproxy - ok
22:00:12.0554 2908 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:00:12.0632 2908 Ntfs - ok
22:00:12.0788 2908 [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
22:00:12.0819 2908 NTI IScheduleSvc - ok
22:00:12.0881 2908 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
22:00:12.0897 2908 NTIDrvr - ok
22:00:12.0944 2908 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:00:13.0037 2908 Null - ok
22:00:13.0115 2908 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:00:13.0146 2908 nvraid - ok
22:00:13.0209 2908 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:00:13.0240 2908 nvstor - ok
22:00:13.0334 2908 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:00:13.0365 2908 nv_agp - ok
22:00:13.0490 2908 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:00:13.0568 2908 odserv - ok
22:00:13.0661 2908 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:00:13.0692 2908 ohci1394 - ok
22:00:13.0802 2908 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:13.0864 2908 ose - ok
22:00:14.0207 2908 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:00:14.0597 2908 osppsvc - ok
22:00:14.0675 2908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:00:14.0769 2908 p2pimsvc - ok
22:00:14.0847 2908 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:00:14.0940 2908 p2psvc - ok
22:00:14.0987 2908 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:00:15.0018 2908 Parport - ok
22:00:15.0065 2908 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:00:15.0096 2908 partmgr - ok
22:00:15.0206 2908 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:00:15.0268 2908 PcaSvc - ok
22:00:15.0315 2908 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:00:15.0346 2908 pci - ok
22:00:15.0393 2908 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:00:15.0408 2908 pciide - ok
22:00:15.0440 2908 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:00:15.0471 2908 pcmcia - ok
22:00:15.0502 2908 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:00:15.0533 2908 pcw - ok
22:00:15.0674 2908 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:00:15.0767 2908 PEAUTH - ok
22:00:16.0064 2908 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:00:16.0142 2908 PerfHost - ok
22:00:16.0298 2908 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:00:16.0422 2908 pla - ok
22:00:16.0610 2908 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:00:16.0734 2908 PlugPlay - ok
22:00:16.0797 2908 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:00:16.0828 2908 PNRPAutoReg - ok
22:00:16.0859 2908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:00:16.0890 2908 PNRPsvc - ok
22:00:16.0984 2908 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:00:17.0109 2908 PolicyAgent - ok
22:00:17.0187 2908 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:00:17.0280 2908 Power - ok
22:00:17.0358 2908 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:00:17.0452 2908 PptpMiniport - ok
22:00:17.0499 2908 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:00:17.0546 2908 Processor - ok
22:00:17.0655 2908 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:00:17.0733 2908 ProfSvc - ok
22:00:17.0764 2908 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:00:17.0795 2908 ProtectedStorage - ok
22:00:17.0858 2908 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:00:17.0967 2908 Psched - ok
22:00:18.0138 2908 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:00:18.0216 2908 ql2300 - ok
22:00:18.0310 2908 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:00:18.0341 2908 ql40xx - ok
22:00:18.0404 2908 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:00:18.0450 2908 QWAVE - ok
22:00:18.0482 2908 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:00:18.0513 2908 QWAVEdrv - ok
22:00:18.0544 2908 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:00:18.0638 2908 RasAcd - ok
22:00:18.0731 2908 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:00:18.0825 2908 RasAgileVpn - ok
22:00:18.0872 2908 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:00:18.0981 2908 RasAuto - ok
22:00:19.0074 2908 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:00:19.0152 2908 Rasl2tp - ok
22:00:19.0277 2908 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:00:19.0386 2908 RasMan - ok
22:00:19.0480 2908 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:00:19.0558 2908 RasPppoe - ok
22:00:19.0605 2908 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:00:19.0714 2908 RasSstp - ok
22:00:19.0792 2908 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:00:19.0901 2908 rdbss - ok
22:00:19.0948 2908 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:00:19.0995 2908 rdpbus - ok
22:00:20.0073 2908 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:00:20.0166 2908 RDPCDD - ok
22:00:20.0244 2908 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:00:20.0338 2908 RDPENCDD - ok
22:00:20.0400 2908 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:00:20.0494 2908 RDPREFMP - ok
22:00:20.0525 2908 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:00:20.0603 2908 RDPWD - ok
22:00:20.0681 2908 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:00:20.0712 2908 rdyboost - ok
22:00:20.0759 2908 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:00:20.0853 2908 RemoteAccess - ok
22:00:20.0900 2908 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:00:21.0009 2908 RemoteRegistry - ok
22:00:21.0056 2908 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:00:21.0149 2908 RpcEptMapper - ok
22:00:21.0196 2908 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:00:21.0227 2908 RpcLocator - ok
22:00:21.0290 2908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:00:21.0368 2908 RpcSs - ok
22:00:21.0461 2908 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:00:21.0555 2908 rspndr - ok
22:00:21.0664 2908 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
22:00:21.0695 2908 RSUSBSTOR - ok
22:00:21.0711 2908 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:00:21.0758 2908 SamSs - ok
22:00:21.0820 2908 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:00:21.0851 2908 sbp2port - ok
22:00:21.0914 2908 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:00:22.0023 2908 SCardSvr - ok
22:00:22.0116 2908 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:00:22.0179 2908 scfilter - ok
22:00:22.0304 2908 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:00:22.0413 2908 Schedule - ok
22:00:22.0460 2908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:00:22.0522 2908 SCPolicySvc - ok
22:00:22.0553 2908 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:00:22.0662 2908 SDRSVC - ok
22:00:22.0928 2908 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
22:00:22.0959 2908 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
22:00:22.0959 2908 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
22:00:23.0037 2908 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:00:23.0130 2908 secdrv - ok
22:00:23.0177 2908 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:00:23.0271 2908 seclogon - ok
22:00:23.0302 2908 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:00:23.0396 2908 SENS - ok
22:00:23.0427 2908 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:00:23.0520 2908 SensrSvc - ok
22:00:23.0536 2908 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:00:23.0614 2908 Serenum - ok
22:00:23.0661 2908 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:00:23.0708 2908 Serial - ok
22:00:23.0786 2908 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:00:23.0801 2908 sermouse - ok
22:00:23.0879 2908 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:00:23.0988 2908 SessionEnv - ok
22:00:24.0020 2908 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:00:24.0113 2908 sffdisk - ok
22:00:24.0144 2908 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:00:24.0207 2908 sffp_mmc - ok
22:00:24.0222 2908 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:00:24.0269 2908 sffp_sd - ok
22:00:24.0316 2908 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:00:24.0378 2908 sfloppy - ok
22:00:24.0503 2908 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:00:24.0550 2908 Sftfs - ok
22:00:24.0690 2908 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:00:24.0737 2908 sftlist - ok
22:00:24.0800 2908 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:00:24.0831 2908 Sftplay - ok
22:00:24.0846 2908 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:00:24.0878 2908 Sftredir - ok
22:00:24.0909 2908 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:00:24.0924 2908 Sftvol - ok
22:00:24.0971 2908 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:00:25.0002 2908 sftvsa - ok
22:00:25.0096 2908 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:00:25.0205 2908 SharedAccess - ok
22:00:25.0330 2908 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:00:25.0439 2908 ShellHWDetection - ok
22:00:25.0486 2908 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:00:25.0533 2908 SiSRaid2 - ok
22:00:25.0533 2908 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:00:25.0564 2908 SiSRaid4 - ok
22:00:25.0720 2908 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:00:25.0923 2908 SkypeUpdate - ok
22:00:26.0001 2908 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:00:26.0094 2908 Smb - ok
22:00:26.0188 2908 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:00:26.0235 2908 SNMPTRAP - ok
22:00:26.0282 2908 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:00:26.0313 2908 spldr - ok
22:00:26.0406 2908 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:00:26.0531 2908 Spooler - ok
22:00:26.0781 2908 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:00:26.0999 2908 sppsvc - ok
22:00:27.0062 2908 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:00:27.0171 2908 sppuinotify - ok
22:00:27.0249 2908 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:00:27.0358 2908 srv - ok
22:00:27.0436 2908 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:00:27.0498 2908 srv2 - ok
22:00:27.0530 2908 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:00:27.0592 2908 srvnet - ok
22:00:27.0654 2908 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:00:27.0764 2908 SSDPSRV - ok
22:00:27.0795 2908 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:00:27.0873 2908 SstpSvc - ok
22:00:27.0920 2908 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:00:27.0935 2908 stexstor - ok
22:00:28.0029 2908 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:00:28.0107 2908 stisvc - ok
22:00:28.0138 2908 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:00:28.0185 2908 swenum - ok
22:00:28.0247 2908 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:00:28.0325 2908 swprv - ok
22:00:28.0590 2908 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:00:28.0668 2908 SynTP - ok
22:00:28.0840 2908 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:00:28.0934 2908 SysMain - ok
22:00:28.0996 2908 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:00:29.0043 2908 TabletInputService - ok
22:00:29.0090 2908 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:00:29.0183 2908 TapiSrv - ok
22:00:29.0230 2908 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:00:29.0308 2908 TBS - ok
22:00:29.0604 2908 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:00:29.0729 2908 Tcpip - ok
22:00:29.0870 2908 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:00:29.0948 2908 TCPIP6 - ok
22:00:29.0994 2908 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:00:30.0026 2908 tcpipreg - ok
22:00:30.0104 2908 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:00:30.0197 2908 TDPIPE - ok
22:00:30.0228 2908 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:00:30.0291 2908 TDTCP - ok
22:00:30.0384 2908 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:00:30.0494 2908 tdx - ok
22:00:30.0525 2908 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:00:30.0572 2908 TermDD - ok
22:00:30.0665 2908 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:00:30.0774 2908 TermService - ok
22:00:30.0837 2908 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:00:30.0868 2908 Themes - ok
22:00:30.0930 2908 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:00:30.0993 2908 THREADORDER - ok
22:00:31.0133 2908 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
22:00:31.0180 2908 TomTomHOMEService - ok
22:00:31.0211 2908 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:00:31.0305 2908 TrkWks - ok
22:00:31.0398 2908 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:00:31.0508 2908 TrustedInstaller - ok
22:00:31.0586 2908 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:31.0664 2908 tssecsrv - ok
22:00:31.0710 2908 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:00:31.0851 2908 TsUsbFlt - ok
22:00:31.0913 2908 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:00:32.0007 2908 tunnel - ok
22:00:32.0054 2908 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:00:32.0100 2908 uagp35 - ok
22:00:32.0116 2908 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
22:00:32.0178 2908 UBHelper - ok
22:00:32.0241 2908 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:00:32.0334 2908 udfs - ok
22:00:32.0397 2908 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:00:32.0444 2908 UI0Detect - ok
22:00:32.0490 2908 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:00:32.0522 2908 uliagpkx - ok
22:00:32.0600 2908 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:00:32.0646 2908 umbus - ok
22:00:32.0740 2908 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:00:32.0771 2908 UmPass - ok
22:00:32.0880 2908 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:00:32.0927 2908 Updater Service - ok
22:00:33.0021 2908 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:00:33.0146 2908 upnphost - ok
22:00:33.0192 2908 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:33.0255 2908 usbccgp - ok
22:00:33.0333 2908 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:00:33.0395 2908 usbcir - ok
22:00:33.0426 2908 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:00:33.0473 2908 usbehci - ok
22:00:33.0536 2908 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:00:33.0567 2908 usbfilter - ok
22:00:33.0614 2908 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:00:33.0660 2908 usbhub - ok
22:00:33.0707 2908 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:00:33.0754 2908 usbohci - ok
22:00:33.0816 2908 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:00:33.0863 2908 usbprint - ok
22:00:33.0926 2908 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:00:33.0988 2908 usbscan - ok
22:00:34.0019 2908 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:34.0128 2908 USBSTOR - ok
22:00:34.0191 2908 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:00:34.0222 2908 usbuhci - ok
22:00:34.0316 2908 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:00:34.0409 2908 usbvideo - ok
22:00:34.0456 2908 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:00:34.0565 2908 UxSms - ok
22:00:34.0596 2908 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:00:34.0643 2908 VaultSvc - ok
22:00:34.0721 2908 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:00:34.0737 2908 vdrvroot - ok
22:00:34.0830 2908 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:00:34.0940 2908 vds - ok
22:00:35.0033 2908 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:35.0064 2908 vga - ok
22:00:35.0096 2908 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:00:35.0174 2908 VgaSave - ok
22:00:35.0236 2908 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:00:35.0283 2908 vhdmp - ok
22:00:35.0330 2908 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:00:35.0345 2908 viaide - ok
22:00:35.0361 2908 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:00:35.0392 2908 volmgr - ok
22:00:35.0454 2908 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:00:35.0501 2908 volmgrx - ok
22:00:35.0564 2908 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:00:35.0610 2908 volsnap - ok
22:00:35.0642 2908 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:00:35.0673 2908 vsmraid - ok
22:00:35.0845 2908 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:00:36.0016 2908 VSS - ok
22:00:36.0032 2908 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:36.0094 2908 vwifibus - ok
22:00:36.0157 2908 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:36.0203 2908 vwififlt - ok
22:00:36.0266 2908 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:00:36.0375 2908 W32Time - ok
22:00:36.0437 2908 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:00:36.0469 2908 WacomPen - ok
22:00:36.0593 2908 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:00:36.0671 2908 WANARP - ok
22:00:36.0687 2908 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:00:36.0765 2908 Wanarpv6 - ok
22:00:36.0890 2908 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:00:37.0093 2908 wbengine - ok
22:00:37.0155 2908 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:00:37.0217 2908 WbioSrvc - ok
22:00:37.0280 2908 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:00:37.0358 2908 wcncsvc - ok
22:00:37.0405 2908 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:00:37.0529 2908 WcsPlugInService - ok
22:00:37.0576 2908 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:00:37.0607 2908 Wd - ok
22:00:37.0701 2908 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:00:37.0748 2908 Wdf01000 - ok
22:00:37.0841 2908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:00:37.0997 2908 WdiServiceHost - ok
22:00:38.0044 2908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:00:38.0075 2908 WdiSystemHost - ok
22:00:38.0122 2908 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:00:38.0169 2908 WebClient - ok
22:00:38.0231 2908 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:00:38.0341 2908 Wecsvc - ok
22:00:38.0372 2908 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:00:38.0481 2908 wercplsupport - ok
22:00:38.0559 2908 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:00:38.0653 2908 WerSvc - ok
22:00:38.0715 2908 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:38.0793 2908 WfpLwf - ok
22:00:38.0871 2908 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:00:38.0902 2908 WIMMount - ok
22:00:38.0949 2908 WinDefend - ok
22:00:38.0965 2908 WinHttpAutoProxySvc - ok
22:00:39.0105 2908 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:00:39.0230 2908 Winmgmt - ok
22:00:39.0401 2908 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:00:39.0542 2908 WinRM - ok
22:00:39.0635 2908 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:00:39.0667 2908 WinUsb - ok
22:00:39.0745 2908 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:00:39.0807 2908 Wlansvc - ok
22:00:39.0916 2908 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:00:39.0947 2908 wlcrasvc - ok
22:00:40.0213 2908 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:00:40.0322 2908 wlidsvc - ok
22:00:40.0400 2908 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:00:40.0431 2908 WmiAcpi - ok
22:00:40.0478 2908 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:00:40.0571 2908 wmiApSrv - ok
22:00:40.0618 2908 WMPNetworkSvc - ok
22:00:40.0665 2908 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:00:40.0743 2908 WPCSvc - ok
22:00:40.0805 2908 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:00:40.0899 2908 WPDBusEnum - ok
22:00:40.0961 2908 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:00:41.0055 2908 ws2ifsl - ok
22:00:41.0102 2908 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:00:41.0195 2908 wscsvc - ok
22:00:41.0211 2908 WSearch - ok
22:00:41.0336 2908 [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe
22:00:41.0414 2908 WTGService - ok
22:00:41.0617 2908 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:00:41.0757 2908 wuauserv - ok
22:00:41.0804 2908 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:00:41.0913 2908 WudfPf - ok
22:00:41.0975 2908 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:42.0022 2908 WUDFRd - ok
22:00:42.0069 2908 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:00:42.0116 2908 wudfsvc - ok
22:00:42.0163 2908 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:00:42.0272 2908 WwanSvc - ok
22:00:42.0381 2908 [ 1EA18D9ADA8FE282D7B5822F1BD05E8F ] XS Stick Service C:\Windows\service4g.exe
22:00:42.0443 2908 XS Stick Service - ok
22:00:42.0475 2908 ================ Scan global ===============================
22:00:42.0677 2908 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:00:42.0755 2908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:00:42.0771 2908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:00:42.0833 2908 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:00:42.0896 2908 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:00:42.0911 2908 [Global] - ok
22:00:42.0911 2908 ================ Scan MBR ==================================
22:00:42.0943 2908 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:00:43.0364 2908 \Device\Harddisk0\DR0 - ok
22:00:43.0364 2908 ================ Scan VBR ==================================
22:00:43.0411 2908 [ 9460FE28809EDF7D19847A35F600938C ] \Device\Harddisk0\DR0\Partition1
22:00:43.0411 2908 \Device\Harddisk0\DR0\Partition1 - ok
22:00:43.0426 2908 [ 9AFE4A64667342448CB3130EEFE84CD4 ] \Device\Harddisk0\DR0\Partition2
22:00:43.0426 2908 \Device\Harddisk0\DR0\Partition2 - ok
22:00:43.0442 2908 ============================================================
22:00:43.0442 2908 Scan finished
22:00:43.0442 2908 ============================================================
22:00:43.0457 5456 Detected object count: 3
22:00:43.0457 5456 Actual detected object count: 3
22:01:09.0010 5456 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:01:09.0010 5456 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:01:09.0010 5456 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:01:09.0010 5456 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:01:09.0026 5456 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
22:01:09.0026 5456 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:08.0136 4188 Deinitialize success
Danke schon mal... |
|
16.05.2013, 22:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System Care Antivirus kann nicht entfernt werden Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
17.05.2013, 09:23
| #3 |
| | System Care Antivirus kann nicht entfernt werden Hallo! Vielen Dank für die schnelle Antwort. Ich habe sie gestern leider nicht mehr gelesen. Habe den Scan noch einmal mit deinen Angaben durchgeführt. Der Scan stockte zwar wieder eine viertel Stunde bei firefox-settings (keine Rückmeldung), aber dann ist es doch durchgelaufen:
__________________Code:
ATTFilter OTL logfile created on: 17.05.2013 09:34:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luce\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 0,52 Gb Available Physical Memory | 29,97% Memory free 3,46 Gb Paging File | 1,82 Gb Available in Paging File | 52,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,99 Gb Total Space | 149,91 Gb Free Space | 52,97% Space Free | Partition Type: NTFS Computer Name: YT-1300 | User Name: Luce | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Users\Luce\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - c:\program files (x86)\winamp toolbar\winamptbServer.exe (AOL Inc.) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe () PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) ========== Modules (No Company Name) ========== MOD - C:\Users\Luce\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.2.229\Blingext.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe () MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (SearchAnonymizer) -- C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F7765622F7B7365617263685465726D737D3F6261627372633D62726F777365727365617263682641463D313030353831&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{272AF676-4FC8-4411-9A88-53E0284062AA}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{2CF7D4B0-98F6-4197-8F5D-17183644E44F}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{59F72305-D7D4-4FB8-8E0D-86D3D1FE0458}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{8C988AA4-9F3C-4655-9A3F-D69BDC73C493}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{C2D10C7C-9EFC-4EEE-A0FA-DC02D20BE874}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{D8E47FF5-9649-4EFB-A5FB-605F981F176C}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{E767EB1A-C9D2-4EBB-88ED-1DF3AFDFCF63}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com Search" FF - prefs.js..browser.search.selectedEngine: "Sichere Suche" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/deu/" FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5.1 FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:6.3 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.04.10 21:35:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 18:24:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\mail@gutscheinrausch.de FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 18:24:13 | 000,000,000 | ---D | M] [2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions [2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.05.16 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions [2013.02.09 10:25:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013.01.27 14:28:35 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\2020Player_IKEA@2020Technologies.com [2012.10.26 20:03:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\coralietab@mozdev.org [2013.05.16 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\staged [2012.10.21 23:06:05 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\toolbar@ask.com [2013.05.12 18:41:05 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\client@anonymox.net.xpi [2012.02.20 22:41:19 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\DivXWebPlayer@divx.com.xpi [2013.05.01 08:52:20 | 000,052,496 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\googledictionary@toptip.ca.xpi [2013.05.01 08:52:20 | 000,515,433 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\toolbar@gmx.net.xpi [2013.05.05 18:54:11 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.05.12 18:41:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.16 22:54:42 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\staged\toolbar@gmx.net.xpi [2013.05.01 08:52:32 | 000,001,050 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\11-suche.xml [2011.12.27 16:41:40 | 000,002,643 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\aol-web-search.xml [2013.02.23 19:08:15 | 000,002,306 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\askcomsearch.xml [2012.02.07 01:08:28 | 000,000,931 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\conduit.xml [2013.05.01 08:52:32 | 000,002,418 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\englische-ergebnisse.xml [2013.05.01 08:52:32 | 000,010,701 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\gmx-suche.xml [2013.05.01 08:52:32 | 000,002,432 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\lastminute.xml [2012.01.23 16:18:50 | 000,002,135 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\s-amazon-de.xml [2013.05.01 08:52:32 | 000,005,682 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\webde-suche.xml [2011.12.27 16:41:40 | 000,002,188 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{78A017D2-2C0C-4D63-8BA0-48393A677264}.xml [2011.12.27 16:41:40 | 000,001,870 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{CEE89566-97A4-46CF-9E1A-AEA28779ADDD}.xml [2011.12.27 16:41:40 | 000,002,077 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{F86E7D4D-E70E-4EB3-8508-824D16B0D899}.xml [2013.04.13 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.13 08:07:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.10 21:35:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013.04.13 08:07:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.04.25 14:48:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.27 16:41:40 | 000,002,397 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.30 07:13:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.25 14:48:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.25 14:48:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.16 13:17:38 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.04.25 14:48:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.25 14:48:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002..\Run: [EPSON BX310FN Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE /FU "C:\Windows\TEMP\E_SD28F.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0ef38fed-b8fb-11e0-a08b-18f46ab4bb9b}\Shell - "" = AutoRun O33 - MountPoints2\{0ef38fed-b8fb-11e0-a08b-18f46ab4bb9b}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.16 22:17:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe [2013.05.16 21:57:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe [2013.05.16 18:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.16 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Luce\Desktop\mbar-1.05.0.1001 [2013.05.16 18:16:24 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.16 18:16:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.16 18:16:01 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.16 18:16:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.16 18:15:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.16 18:15:59 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.16 18:14:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.16 18:14:08 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll [2013.05.16 18:13:41 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 18:13:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 18:13:36 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 18:13:36 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 18:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 18:13:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 18:13:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 18:12:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.16 18:12:14 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.12 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EE08215D7633C2570000EE073359C5DA [2013.05.12 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.08 16:25:04 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.03.24 23:24:06 | 000,657,600 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Luce\autoruns.exe [2013.03.24 23:24:06 | 000,576,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Luce\autorunsc.exe [85 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.17 09:39:49 | 000,179,554 | ---- | M] () -- C:\Users\Luce\Desktop\Unbenannt.PNG [2013.05.17 09:39:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 09:39:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 09:34:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.17 09:34:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.17 09:25:30 | 000,428,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.17 09:25:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.17 09:23:48 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys [2013.05.16 23:39:01 | 001,535,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.16 23:39:01 | 000,659,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.16 23:39:01 | 000,620,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.16 23:39:01 | 000,132,970 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.16 23:39:01 | 000,108,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.16 23:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.16 22:38:00 | 000,377,856 | ---- | M] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe [2013.05.16 22:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe [2013.05.16 22:14:57 | 000,000,000 | ---- | M] () -- C:\Users\Luce\defogger_reenable [2013.05.16 22:14:04 | 000,050,477 | ---- | M] () -- C:\Users\Luce\Desktop\Defogger.exe [2013.05.16 21:58:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe [2013.05.16 21:55:00 | 000,000,512 | ---- | M] () -- C:\Users\Luce\Desktop\MBR.dat [2013.05.16 19:14:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.16 19:14:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.16 18:25:42 | 012,917,756 | ---- | M] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip [2013.05.12 22:09:12 | 000,002,052 | ---- | M] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk [2013.05.08 16:24:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [85 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.17 09:39:48 | 000,179,554 | ---- | C] () -- C:\Users\Luce\Desktop\Unbenannt.PNG [2013.05.16 22:37:31 | 000,377,856 | ---- | C] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe [2013.05.16 22:14:57 | 000,000,000 | ---- | C] () -- C:\Users\Luce\defogger_reenable [2013.05.16 22:13:55 | 000,050,477 | ---- | C] () -- C:\Users\Luce\Desktop\Defogger.exe [2013.05.16 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Luce\Desktop\MBR.dat [2013.05.16 18:25:25 | 012,917,756 | ---- | C] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip [2013.05.12 19:26:32 | 000,002,052 | ---- | C] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk [2013.03.26 09:36:34 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.03.17 16:52:14 | 000,049,518 | ---- | C] () -- C:\Users\Luce\autoruns.chm [2012.01.03 13:59:22 | 000,008,192 | ---- | C] () -- C:\Users\Luce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.27 16:41:34 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.27 16:16:11 | 1242,169,276 | ---- | C] () -- C:\Users\Luce\marco4.ps [2011.12.27 13:37:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.12.27 13:23:34 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.11.30 15:11:01 | 000,000,032 | ---- | C] () -- C:\Users\Luce\.simfy [2011.10.26 15:52:10 | 000,000,001 | R--- | C] () -- C:\Users\Luce\serverport [2011.08.08 09:34:28 | 000,017,408 | ---- | C] () -- C:\Users\Luce\AppData\Local\WebpageIcons.db [2011.06.18 17:19:43 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI [2011.06.18 17:19:42 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE [2010.12.02 10:24:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 < End of report > |
|
17.05.2013, 11:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Care Antivirus kann nicht entfernt werden Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.05.2013, 19:40
| #5 |
| | System Care Antivirus kann nicht entfernt werden Hallo! Hier die Logdatei, die ich gefunden habe. Obwohl combofix immer noch anzeigt, dass man warten soll, bis er die logdatei fertig gestellt hat: Code:
ATTFilter ComboFix 13-05-16.02 - Luce 17.05.2013 18:23:33.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1771.588 [GMT 2:00]
ausgeführt von:: C:\Users\Luce\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Users\Luce\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
C:\Users\Luce\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
((((((((((((((((((((((( Dateien erstellt von 2013-04-17 bis 2013-05-17 ))))))))))))))))))))))))))))))
2013-05-17 16:34:13 . 2013-05-17 16:34:13 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-05-17 16:06:54 . 2013-05-13 06:37:50 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A17F566-5339-461E-A22D-5FF286A8EFAF}\mpengine.dll
2013-05-16 21:58:25 . 2013-05-16 21:58:25 0 ----a-w- C:\Windows\SysWow64\sho1F18.tmp
2013-05-16 16:27:14 . 2013-05-16 16:27:14 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-16 16:16:24 . 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-16 16:16:24 . 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-16 16:16:24 . 2011-02-03 11:25:18 144384 ----a-w- C:\Windows\system32\cdd.dll
2013-05-16 16:16:04 . 2013-02-27 05:52:56 14172672 ----a-w- C:\Windows\system32\shell32.dll
2013-05-16 16:16:01 . 2013-02-27 05:52:55 197120 ----a-w- C:\Windows\system32\shdocvw.dll
2013-05-16 16:16:01 . 2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\system32\authui.dll
2013-05-16 16:15:59 . 2013-02-27 06:02:44 111448 ----a-w- C:\Windows\system32\consent.exe
2013-05-16 16:15:59 . 2013-02-27 05:47:10 70144 ----a-w- C:\Windows\system32\appinfo.dll
2013-05-16 16:15:59 . 2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-16 16:14:25 . 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\system32\wwansvc.dll
2013-05-16 16:14:24 . 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\system32\wwanprotdim.dll
2013-05-16 16:14:15 . 2013-05-06 13:39:27 9060352 ----a-w- C:\Windows\system32\mshtml.dll
2013-05-16 16:14:08 . 2013-04-01 06:03:35 78680 ----a-w- C:\Windows\system32\mcupdate_AuthenticAMD.dll
2013-05-16 16:14:01 . 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\system32\win32k.sys
2013-05-16 16:12:54 . 2013-05-16 16:12:54 -------- d-----w- C:\Windows\ERUNT
2013-05-16 16:12:14 . 2013-05-16 16:12:18 -------- d-----w- C:\JRT
2013-05-12 20:08:22 . 2013-05-12 20:08:22 0 ----a-w- C:\Windows\SysWow64\shoAFE1.tmp
2013-05-12 17:41:10 . 2013-05-12 20:09:06 -------- d-----w- C:\ProgramData\EE08215D7633C2570000EE073359C5DA
2013-05-11 10:37:28 . 2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2013-05-08 14:25:04 . 2013-05-08 14:24:26 83160 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2013-04-27 16:49:26 . 2013-04-27 16:49:26 0 ----a-w- C:\Windows\SysWow64\sho53E6.tmp
2013-04-24 12:46:30 . 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-05-16 21:47:11 . 2011-06-10 17:29:18 75016696 ----a-w- C:\Windows\system32\MRT.exe
2013-05-16 17:14:48 . 2012-06-12 21:12:01 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-16 17:14:48 . 2011-08-08 07:34:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 15:53:23 . 2010-06-24 10:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06:08 . 2011-04-22 10:29:27 278800 ------w- C:\Windows\system32\MpSigStub.exe
2013-04-16 19:06:07 . 2013-04-16 19:06:07 0 ----a-w- C:\Windows\SysWow64\sho45B7.tmp
2013-04-13 05:49:23 . 2013-05-16 16:16:21 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 . 2013-05-16 16:16:21 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 . 2013-05-16 16:16:21 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 . 2013-05-16 16:16:20 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 . 2013-05-16 16:16:21 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 . 2013-05-16 16:16:21 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-07 19:48:46 . 2013-04-07 19:48:46 0 ----a-w- C:\Windows\SysWow64\sho2B86.tmp
2013-04-04 21:40:33 . 2013-04-04 21:40:33 0 ----a-w- C:\Windows\SysWow64\shoEA05.tmp
2013-03-28 06:39:25 . 2013-03-28 06:39:54 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-03-28 06:39:25 . 2013-03-28 06:39:54 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-03-28 06:39:25 . 2013-03-28 06:39:54 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-03-26 08:58:43 . 2013-03-26 08:58:55 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 08:58:43 . 2012-10-10 07:03:42 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-26 08:58:43 . 2011-12-06 21:11:15 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 . 2013-04-10 20:00:29 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-19 05:46:56 . 2013-04-10 20:00:26 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-03-19 05:04:13 . 2013-04-10 20:00:27 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 . 2013-04-10 20:00:28 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 . 2013-04-10 20:00:25 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 . 2013-04-10 20:00:26 112640 ----a-w- C:\Windows\system32\smss.exe
2013-03-14 21:15:34 . 2013-03-14 21:15:34 0 ----a-w- C:\Windows\SysWow64\shoEA94.tmp
2013-03-11 21:13:48 . 2013-03-11 21:13:48 0 ----a-w- C:\Windows\SysWow64\sho9DDA.tmp
2013-03-08 22:10:12 . 2013-03-08 22:10:12 0 ----a-w- C:\Windows\SysWow64\sho269B.tmp
2013-02-28 12:03:52 . 2013-03-14 20:52:40 1638912 ----a-w- C:\Windows\system32\mshtml.tlb
2013-02-28 11:38:43 . 2013-03-14 20:52:40 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-26 21:42:18 . 2013-02-26 21:42:18 0 ----a-w- C:\Windows\SysWow64\sho6DE1.tmp
2006-05-03 11:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 14:22:16 1307728 ----a-w- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 15:43:36 1519272 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 15:43:36 1519272]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 04:43:08 247728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 03:00:56 340336]
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 00:10:16 407920]
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 00:10:02 201584]
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 13:21:44 296984]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2010-12-31 12:05:26 1029200]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 14:55:44 336384]
"MDS_Menu"="C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 21:16:16 222504]
"IJNetworkScanUtility"="C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 15:11:52 136544]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
"starter4g"="C:\Windows\starter4g.exe" [2010-03-19 15:14:26 161040]
"WinampAgent"="C:\Program Files (x86)\Winamp\winampa.exe" [2011-07-11 21:47:06 74752]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 18:55:54 49208]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 14:23:52 345312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 12:17:22 73216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 14:22:16 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 10:21:24 160944]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\system32\DRIVERS\cmnsusbser.sys [2011-07-28 14:04:49 117888]
R3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 02:09:54 172912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 15:48:00 235216]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-17 09:18:28 246376]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 17:10:10 57184]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-28 06:39:25 28600]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2010-12-02 08:39:13 22912]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2010-12-02 08:39:13 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2010-12-02 08:39:13 62584]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2010-11-09 13:55:50 203776]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 15:14:36 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 04:23:36 194496]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 06:39:19 86752]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 13:22:40 822624]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-31 12:05:26 310864]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 18:22:12 868224]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 13:21:22 23584]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 08:54:14 103472]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 10:07:22 503080]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 13:22:10 256536]
S2 SearchAnonymizer;SearchAnonymizer;C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-12-27 14:41:28 40960]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 07:30:18 508776]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 04:43:08 92592]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 00:27:36 243232]
S2 WTGService;WTGService;C:\Program Files (x86)\XSManager\WTGService.exe [2009-06-22 13:21:58 304592]
S2 XS Stick Service;XS Stick Service;C:\Windows\service4g.exe [2010-03-19 15:13:40 145680]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 08:18:24 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2010-11-16 23:04:32 115216]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 14:22:16 240208]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 07:24:44 76912]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 07:30:10 764264]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 07:30:18 268648]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 07:30:18 25960]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 07:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 07:30:22 219496]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2010-04-28 20:43:20 38528]
Inhalt des "geplante Tasks" Ordners
2013-05-17 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 21:12:02 . 2013-05-16 17:14:48]
2013-05-17 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 13:23:34 . 2013-03-22 13:23:32]
2013-05-17 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 13:23:34 . 2013-03-22 13:23:32]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 18:22:14 860040]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 02:00:00 2184520]
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 01:40:00 767312]
"Ocs_SM"="C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-12-27 14:41:28 106496]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
|
|
17.05.2013, 20:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Care Antivirus kann nicht entfernt werden Das Log ist leider unvollständig, poste bitte alles
__________________ --> System Care Antivirus kann nicht entfernt werden |
|
17.05.2013, 21:41
| #7 |
| | System Care Antivirus kann nicht entfernt werden Hallo! Das ist alles, was sich in der log Datei befindet. Jedoch habe ich den Scan mehrmals durchlaufen lassen. Er führt den scan vollständig aus, dann zeigt er an, dass man kein anderes Programm benutzen soll, bis das Log erstellt wurde. Er kommt jedoch nicht zum Schluss. Ich habe bestimmt eine Stunde gewartet. Danach habe ich einfach erneut gescannt und wieder das gleiche. Dann habe ich entdeckt, dass die log-Datei trotzdem vorhanden ist, obwohl das Programm noch nicht ganz fertig ist. Diese habe ich hier gepostet. Naja, anscheinend ist sie unvollständig... |
|
17.05.2013, 21:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Care Antivirus kann nicht entfernt werden Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2013, 22:49
| #9 |
| | System Care Antivirus kann nicht entfernt werden Hier die Log Datei von gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-17 23:16:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3265GSX rev.GJ002J 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Luce\AppData\Local\Temp\kwldrpog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1088:4088] 000007fefb9a341c
Thread C:\Windows\system32\svchost.exe [1088:3724] 000007fefb9a3a2c
Thread C:\Windows\system32\svchost.exe [1088:2784] 000007fefb9a3768
Thread C:\Windows\system32\svchost.exe [1088:3480] 000007fefb9a5c20
Thread C:\Windows\system32\svchost.exe [1088:4484] 000007fefb9a3900
Thread C:\Windows\System32\spoolsv.exe [1192:2992] 000007fef44710c8
Thread C:\Windows\System32\spoolsv.exe [1192:3004] 000007fef4436144
Thread C:\Windows\System32\spoolsv.exe [1192:3008] 000007fef96c5fd0
Thread C:\Windows\System32\spoolsv.exe [1192:3012] 000007fef4413438
Thread C:\Windows\System32\spoolsv.exe [1192:3016] 000007fef96c63ec
Thread C:\Windows\System32\spoolsv.exe [1192:3028] 000007fef47a5e5c
Thread C:\Windows\System32\spoolsv.exe [1192:3060] 00000000005ce0bc
Thread C:\Windows\System32\spoolsv.exe [1192:4476] 00000000005c81fc
Thread C:\Windows\system32\svchost.exe [1672:1308] 000007fef1ec8470
Thread C:\Windows\system32\svchost.exe [1672:1804] 000007fef1ed2418
Thread C:\Windows\system32\svchost.exe [1672:5976] 000007feedabf130
Thread C:\Windows\system32\svchost.exe [1672:3980] 000007feedab4734
Thread C:\Windows\system32\svchost.exe [1672:4696] 000007feedab4734
Thread C:\Windows\system32\svchost.exe [1672:2592] 000007fef1ed976c
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2640] 000000007339102d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2648] 000000007309f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2656] 000000007309f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2660] 00000000730955d3
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2348:2896] 000000007333c159
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2908:3000] 000000007277473d
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2908:3032] 0000000072785ced
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2908:5572] 000000007624d864
Thread C:\Windows\system32\Dwm.exe [3820:4032] 000007fef35ff0d8
Thread C:\Windows\system32\Dwm.exe [3820:4048] 000007fef2deabf0
Thread C:\Windows\system32\taskhost.exe [3860:4060] 000007fef2da1010
Thread C:\Windows\System32\svchost.exe [5444:2408] 000007fef1749688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 15433
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}@LeaseObtainedTime 1368824468
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}@T1 -778659181
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}@T2 1905695379
---- EOF - GMER 2.1 ----
und weiter die Log Datei von mbar. Ohne Funde. Diesen Scan habe ich schon einmal durchgeführt und oben auch schon gepostet. Hier die aktuellen Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.17.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Luce :: YT-1300 [administrator]
17.05.2013 23:32:46
mbar-log-2013-05-17 (23-32-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30023
Time elapsed: 13 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
17.05.2013, 23:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Care Antivirus kann nicht entfernt werden aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2013, 00:12
| #11 |
| | System Care Antivirus kann nicht entfernt werden Hier die zwei log-Datein: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-16 19:48:34
-----------------------------
19:48:34.189 OS Version: Windows x64 6.1.7601 Service Pack 1
19:48:34.189 Number of processors: 2 586 0x100
19:48:34.267 ComputerName: YT-1300 UserName: Luce
19:48:38.525 Initialize success
19:49:53.354 AVAST engine defs: 13051600
19:50:16.801 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:50:16.817 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
19:50:17.051 Disk 0 MBR read successfully
19:50:17.051 Disk 0 MBR scan
19:50:17.113 Disk 0 Windows 7 default MBR code
19:50:17.144 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
19:50:17.191 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
19:50:17.207 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
19:50:17.347 Disk 0 scanning C:\Windows\system32\drivers
19:50:44.554 Service scanning
19:51:52.975 Modules scanning
19:51:52.991 Disk 0 trace - called modules:
19:51:53.069 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:51:53.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800246b060]
19:51:53.100 3 CLASSPNP.SYS[fffff880018da43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001f92610]
19:51:54.910 AVAST engine scan C:\Windows
19:51:59.746 AVAST engine scan C:\Windows\system32
20:00:03.253 AVAST engine scan C:\Windows\system32\drivers
20:00:43.080 AVAST engine scan C:\Users\Luce
21:55:00.226 Disk 0 MBR has been saved successfully to "C:\Users\Luce\Desktop\MBR.dat"
21:55:00.257 The log file has been saved successfully to "C:\Users\Luce\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-18 00:20:53
-----------------------------
00:20:53.398 OS Version: Windows x64 6.1.7601 Service Pack 1
00:20:53.398 Number of processors: 2 586 0x100
00:20:53.398 ComputerName: YT-1300 UserName: Luce
00:20:55.863 Initialize success
00:22:10.960 AVAST engine defs: 13051701
00:22:21.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:22:21.475 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
00:22:21.615 Disk 0 MBR read successfully
00:22:21.631 Disk 0 MBR scan
00:22:21.678 Disk 0 Windows 7 default MBR code
00:22:21.693 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
00:22:21.724 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
00:22:21.756 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
00:22:21.927 Disk 0 scanning C:\Windows\system32\drivers
00:22:38.791 Service scanning
00:23:27.088 Modules scanning
00:23:27.104 Disk 0 trace - called modules:
00:23:27.135 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:23:27.135 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002489420]
00:23:27.151 3 CLASSPNP.SYS[fffff8800187a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001fb5060]
00:23:28.180 AVAST engine scan C:\Windows
00:23:32.782 AVAST engine scan C:\Windows\system32
00:28:58.355 AVAST engine scan C:\Windows\system32\drivers
00:29:19.633 AVAST engine scan C:\Users\Luce
00:53:04.431 AVAST engine scan C:\ProgramData
00:56:32.551 Scan finished successfully
00:57:16.578 Disk 0 MBR has been saved successfully to "C:\Users\Luce\Desktop\MBR.dat"
00:57:16.624 The log file has been saved successfully to "C:\Users\Luce\Desktop\aswMBR.txt"
und noch der report: Code:
ATTFilter 01:01:45.0817 4804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:01:46.0160 4804 ============================================================
01:01:46.0160 4804 Current date / time: 2013/05/18 01:01:46.0144
01:01:46.0160 4804 SystemInfo:
01:01:46.0160 4804
01:01:46.0160 4804 OS Version: 6.1.7601 ServicePack: 1.0
01:01:46.0160 4804 Product type: Workstation
01:01:46.0160 4804 ComputerName: YT-1300
01:01:46.0160 4804 UserName: Luce
01:01:46.0160 4804 Windows directory: C:\Windows
01:01:46.0160 4804 System windows directory: C:\Windows
01:01:46.0160 4804 Running under WOW64
01:01:46.0160 4804 Processor architecture: Intel x64
01:01:46.0160 4804 Number of processors: 2
01:01:46.0160 4804 Page size: 0x1000
01:01:46.0160 4804 Boot type: Normal boot
01:01:46.0160 4804 ============================================================
01:01:48.0625 4804 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:01:48.0625 4804 ============================================================
01:01:48.0625 4804 \Device\Harddisk0\DR0:
01:01:48.0625 4804 MBR partitions:
01:01:48.0625 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
01:01:48.0625 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
01:01:48.0625 4804 ============================================================
01:01:48.0640 4804 C: <-> \Device\Harddisk0\DR0\Partition2
01:01:48.0703 4804 ============================================================
01:01:48.0703 4804 Initialize success
01:01:48.0703 4804 ============================================================
01:04:41.0832 1288 ============================================================
01:04:41.0832 1288 Scan started
01:04:41.0832 1288 Mode: Manual; SigCheck; TDLFS;
01:04:41.0832 1288 ============================================================
01:04:42.0440 1288 ================ Scan system memory ========================
01:04:42.0440 1288 System memory - ok
01:04:42.0440 1288 ================ Scan services =============================
01:04:42.0627 1288 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:04:42.0799 1288 1394ohci - ok
01:04:42.0877 1288 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:04:42.0908 1288 ACPI - ok
01:04:42.0955 1288 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:04:43.0049 1288 AcpiPmi - ok
01:04:43.0158 1288 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:04:43.0189 1288 AdobeARMservice - ok
01:04:43.0329 1288 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:04:43.0376 1288 AdobeFlashPlayerUpdateSvc - ok
01:04:43.0439 1288 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:04:43.0485 1288 adp94xx - ok
01:04:43.0517 1288 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:04:43.0548 1288 adpahci - ok
01:04:43.0563 1288 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:04:43.0595 1288 adpu320 - ok
01:04:43.0641 1288 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:04:43.0735 1288 AeLookupSvc - ok
01:04:43.0813 1288 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:04:43.0891 1288 AFD - ok
01:04:43.0938 1288 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:04:43.0969 1288 agp440 - ok
01:04:44.0031 1288 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:04:44.0109 1288 ALG - ok
01:04:44.0156 1288 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:04:44.0187 1288 aliide - ok
01:04:44.0250 1288 [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:04:44.0343 1288 AMD External Events Utility - ok
01:04:44.0406 1288 AMD FUEL Service - ok
01:04:44.0484 1288 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
01:04:44.0499 1288 AMD Reservation Manager - ok
01:04:44.0546 1288 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:04:44.0577 1288 amdide - ok
01:04:44.0624 1288 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
01:04:44.0655 1288 amdiox64 - ok
01:04:44.0718 1288 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:04:44.0796 1288 AmdK8 - ok
01:04:45.0030 1288 [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:04:45.0357 1288 amdkmdag - ok
01:04:45.0404 1288 [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:04:45.0467 1288 amdkmdap - ok
01:04:45.0529 1288 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:04:45.0591 1288 AmdPPM - ok
01:04:45.0638 1288 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:04:45.0669 1288 amdsata - ok
01:04:45.0685 1288 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:04:45.0716 1288 amdsbs - ok
01:04:45.0732 1288 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:04:45.0763 1288 amdxata - ok
01:04:45.0872 1288 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:04:45.0888 1288 AntiVirSchedulerService - ok
01:04:45.0950 1288 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:04:45.0981 1288 AntiVirService - ok
01:04:46.0028 1288 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:04:46.0231 1288 AppID - ok
01:04:46.0278 1288 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:04:46.0371 1288 AppIDSvc - ok
01:04:46.0418 1288 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
01:04:46.0512 1288 Appinfo - ok
01:04:46.0574 1288 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:04:46.0590 1288 arc - ok
01:04:46.0621 1288 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:04:46.0637 1288 arcsas - ok
01:04:46.0668 1288 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:04:46.0746 1288 AsyncMac - ok
01:04:46.0777 1288 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:04:46.0808 1288 atapi - ok
01:04:46.0902 1288 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
01:04:46.0980 1288 athr - ok
01:04:47.0058 1288 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
01:04:47.0089 1288 AtiHDAudioService - ok
01:04:47.0151 1288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:04:47.0292 1288 AudioEndpointBuilder - ok
01:04:47.0307 1288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:04:47.0385 1288 AudioSrv - ok
01:04:47.0463 1288 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:04:47.0479 1288 avgntflt - ok
01:04:47.0541 1288 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:04:47.0573 1288 avipbb - ok
01:04:47.0604 1288 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:04:47.0619 1288 avkmgr - ok
01:04:47.0666 1288 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:04:47.0791 1288 AxInstSV - ok
01:04:47.0853 1288 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:04:47.0916 1288 b06bdrv - ok
01:04:47.0947 1288 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:04:47.0994 1288 b57nd60a - ok
01:04:48.0134 1288 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
01:04:48.0181 1288 BBSvc - ok
01:04:48.0228 1288 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
01:04:48.0259 1288 BBUpdate - ok
01:04:48.0321 1288 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:04:48.0399 1288 BDESVC - ok
01:04:48.0431 1288 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:04:48.0524 1288 Beep - ok
01:04:48.0587 1288 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:04:48.0696 1288 BFE - ok
01:04:48.0743 1288 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
01:04:48.0867 1288 BITS - ok
01:04:48.0930 1288 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:04:48.0992 1288 blbdrive - ok
01:04:49.0023 1288 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:04:49.0101 1288 bowser - ok
01:04:49.0148 1288 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:04:49.0226 1288 BrFiltLo - ok
01:04:49.0242 1288 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:04:49.0289 1288 BrFiltUp - ok
01:04:49.0367 1288 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
01:04:49.0460 1288 BridgeMP - ok
01:04:49.0523 1288 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:04:49.0569 1288 Browser - ok
01:04:49.0601 1288 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:04:49.0679 1288 Brserid - ok
01:04:49.0710 1288 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:04:49.0757 1288 BrSerWdm - ok
01:04:49.0788 1288 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:04:49.0835 1288 BrUsbMdm - ok
01:04:49.0850 1288 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:04:49.0897 1288 BrUsbSer - ok
01:04:49.0913 1288 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:04:49.0959 1288 BTHMODEM - ok
01:04:50.0006 1288 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:04:50.0084 1288 bthserv - ok
01:04:50.0147 1288 catchme - ok
01:04:50.0162 1288 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:04:50.0271 1288 cdfs - ok
01:04:50.0318 1288 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:04:50.0365 1288 cdrom - ok
01:04:50.0412 1288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:04:50.0490 1288 CertPropSvc - ok
01:04:50.0537 1288 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:04:50.0583 1288 circlass - ok
01:04:50.0630 1288 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:04:50.0677 1288 CLFS - ok
01:04:50.0755 1288 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:04:50.0786 1288 clr_optimization_v2.0.50727_32 - ok
01:04:50.0833 1288 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:04:50.0849 1288 clr_optimization_v2.0.50727_64 - ok
01:04:50.0942 1288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:04:51.0020 1288 clr_optimization_v4.0.30319_32 - ok
01:04:51.0223 1288 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:04:51.0270 1288 clr_optimization_v4.0.30319_64 - ok
01:04:51.0317 1288 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:04:51.0363 1288 CmBatt - ok
01:04:51.0379 1288 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:04:51.0410 1288 cmdide - ok
01:04:51.0457 1288 [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
01:04:51.0519 1288 cmnsusbser - ok
01:04:51.0566 1288 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:04:51.0629 1288 CNG - ok
01:04:51.0722 1288 [ 78AC76700D37A98B5BADB19D57301BD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
01:04:51.0785 1288 CnxtHdAudService - ok
01:04:51.0831 1288 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:04:51.0847 1288 Compbatt - ok
01:04:51.0909 1288 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:04:51.0987 1288 CompositeBus - ok
01:04:52.0003 1288 COMSysApp - ok
01:04:52.0050 1288 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:04:52.0081 1288 crcdisk - ok
01:04:52.0128 1288 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:04:52.0190 1288 CryptSvc - ok
01:04:52.0315 1288 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:04:52.0377 1288 cvhsvc - ok
01:04:52.0455 1288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:04:52.0549 1288 DcomLaunch - ok
01:04:52.0611 1288 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:04:52.0705 1288 defragsvc - ok
01:04:52.0767 1288 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:04:52.0861 1288 DfsC - ok
01:04:52.0939 1288 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:04:53.0033 1288 Dhcp - ok
01:04:53.0095 1288 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:04:53.0189 1288 discache - ok
01:04:53.0235 1288 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:04:53.0267 1288 Disk - ok
01:04:53.0313 1288 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:04:53.0376 1288 Dnscache - ok
01:04:53.0438 1288 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:04:53.0516 1288 dot3svc - ok
01:04:53.0532 1288 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:04:53.0625 1288 DPS - ok
01:04:53.0672 1288 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:04:53.0719 1288 drmkaud - ok
01:04:53.0828 1288 [ 53E4843E1CD3653E665DAA32241F8F8B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
01:04:53.0859 1288 DsiWMIService - ok
01:04:53.0937 1288 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:04:54.0000 1288 DXGKrnl - ok
01:04:54.0062 1288 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:04:54.0156 1288 EapHost - ok
01:04:54.0265 1288 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:04:54.0390 1288 ebdrv - ok
01:04:54.0437 1288 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:04:54.0483 1288 EFS - ok
01:04:54.0530 1288 [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
01:04:54.0561 1288 EgisTec Ticket Service - ok
01:04:54.0639 1288 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:04:54.0733 1288 ehRecvr - ok
01:04:54.0780 1288 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:04:54.0827 1288 ehSched - ok
01:04:54.0889 1288 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:04:54.0920 1288 elxstor - ok
01:04:54.0998 1288 [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
01:04:55.0061 1288 ePowerSvc - ok
01:04:55.0154 1288 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
01:04:55.0201 1288 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
01:04:55.0201 1288 EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
01:04:55.0232 1288 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
01:04:55.0263 1288 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
01:04:55.0263 1288 EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
01:04:55.0295 1288 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:04:55.0341 1288 ErrDev - ok
01:04:55.0404 1288 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:04:55.0513 1288 EventSystem - ok
01:04:55.0529 1288 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:04:55.0622 1288 exfat - ok
01:04:55.0653 1288 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:04:55.0747 1288 fastfat - ok
01:04:55.0809 1288 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:04:55.0903 1288 Fax - ok
01:04:55.0919 1288 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:04:55.0950 1288 fdc - ok
01:04:56.0012 1288 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:04:56.0090 1288 fdPHost - ok
01:04:56.0121 1288 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:04:56.0199 1288 FDResPub - ok
01:04:56.0262 1288 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:04:56.0277 1288 FileInfo - ok
01:04:56.0293 1288 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:04:56.0387 1288 Filetrace - ok
01:04:56.0465 1288 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:04:56.0496 1288 FLEXnet Licensing Service - ok
01:04:56.0543 1288 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:04:56.0574 1288 flpydisk - ok
01:04:56.0636 1288 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:04:56.0683 1288 FltMgr - ok
01:04:56.0761 1288 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
01:04:56.0855 1288 FontCache - ok
01:04:56.0933 1288 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:04:56.0964 1288 FontCache3.0.0.0 - ok
01:04:56.0995 1288 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:04:57.0026 1288 FsDepends - ok
01:04:57.0057 1288 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:04:57.0089 1288 Fs_Rec - ok
01:04:57.0151 1288 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:04:57.0198 1288 fvevol - ok
01:04:57.0245 1288 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:04:57.0276 1288 gagp30kx - ok
01:04:57.0338 1288 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:04:57.0432 1288 gpsvc - ok
01:04:57.0510 1288 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
01:04:57.0541 1288 GREGService - ok
01:04:57.0603 1288 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:04:57.0619 1288 gupdate - ok
01:04:57.0650 1288 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:04:57.0681 1288 gupdatem - ok
01:04:57.0728 1288 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:04:57.0806 1288 hcw85cir - ok
01:04:57.0869 1288 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:04:57.0915 1288 HdAudAddService - ok
01:04:57.0962 1288 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:04:58.0009 1288 HDAudBus - ok
01:04:58.0056 1288 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:04:58.0087 1288 HidBatt - ok
01:04:58.0103 1288 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:04:58.0149 1288 HidBth - ok
01:04:58.0196 1288 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:04:58.0227 1288 HidIr - ok
01:04:58.0274 1288 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
01:04:58.0352 1288 hidserv - ok
01:04:58.0415 1288 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:04:58.0446 1288 HidUsb - ok
01:04:58.0493 1288 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:04:58.0571 1288 hkmsvc - ok
01:04:58.0617 1288 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:04:58.0711 1288 HomeGroupListener - ok
01:04:58.0758 1288 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:04:58.0789 1288 HomeGroupProvider - ok
01:04:58.0851 1288 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:04:58.0883 1288 HpSAMD - ok
01:04:58.0961 1288 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:04:59.0070 1288 HTTP - ok
01:04:59.0101 1288 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:04:59.0132 1288 hwpolicy - ok
01:04:59.0163 1288 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:04:59.0210 1288 i8042prt - ok
01:04:59.0273 1288 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:04:59.0319 1288 iaStorV - ok
01:04:59.0397 1288 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:04:59.0460 1288 idsvc - ok
01:04:59.0491 1288 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:04:59.0522 1288 iirsp - ok
01:04:59.0585 1288 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:04:59.0709 1288 IKEEXT - ok
01:04:59.0756 1288 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:04:59.0772 1288 intelide - ok
01:04:59.0819 1288 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:04:59.0850 1288 intelppm - ok
01:04:59.0912 1288 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:05:00.0006 1288 IPBusEnum - ok
01:05:00.0053 1288 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:05:00.0146 1288 IpFilterDriver - ok
01:05:00.0209 1288 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:05:00.0271 1288 iphlpsvc - ok
01:05:00.0318 1288 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:05:00.0365 1288 IPMIDRV - ok
01:05:00.0411 1288 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:05:00.0489 1288 IPNAT - ok
01:05:00.0521 1288 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:05:00.0630 1288 IRENUM - ok
01:05:00.0692 1288 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:05:00.0708 1288 isapnp - ok
01:05:00.0755 1288 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:05:00.0786 1288 iScsiPrt - ok
01:05:00.0817 1288 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:05:00.0848 1288 kbdclass - ok
01:05:00.0864 1288 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:05:00.0911 1288 kbdhid - ok
01:05:00.0926 1288 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:05:00.0957 1288 KeyIso - ok
01:05:01.0004 1288 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:05:01.0035 1288 KSecDD - ok
01:05:01.0067 1288 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:05:01.0113 1288 KSecPkg - ok
01:05:01.0160 1288 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:05:01.0238 1288 ksthunk - ok
01:05:01.0285 1288 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:05:01.0379 1288 KtmRm - ok
01:05:01.0441 1288 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
01:05:01.0457 1288 L1C - ok
01:05:01.0519 1288 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
01:05:01.0597 1288 LanmanServer - ok
01:05:01.0644 1288 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:05:01.0753 1288 LanmanWorkstation - ok
01:05:01.0800 1288 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:05:01.0893 1288 lltdio - ok
01:05:01.0940 1288 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:05:02.0034 1288 lltdsvc - ok
01:05:02.0065 1288 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:05:02.0143 1288 lmhosts - ok
01:05:02.0190 1288 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:05:02.0221 1288 LSI_FC - ok
01:05:02.0268 1288 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:05:02.0299 1288 LSI_SAS - ok
01:05:02.0315 1288 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:05:02.0346 1288 LSI_SAS2 - ok
01:05:02.0377 1288 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:05:02.0393 1288 LSI_SCSI - ok
01:05:02.0424 1288 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:05:02.0517 1288 luafv - ok
01:05:02.0658 1288 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
01:05:02.0689 1288 McAfee SiteAdvisor Service - ok
01:05:02.0814 1288 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
01:05:02.0861 1288 McComponentHostService - ok
01:05:02.0907 1288 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:05:02.0954 1288 Mcx2Svc - ok
01:05:02.0985 1288 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:05:03.0017 1288 megasas - ok
01:05:03.0032 1288 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:05:03.0063 1288 MegaSR - ok
01:05:03.0173 1288 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:05:03.0204 1288 Microsoft Office Groove Audit Service - ok
01:05:03.0251 1288 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:05:03.0344 1288 MMCSS - ok
01:05:03.0375 1288 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:05:03.0453 1288 Modem - ok
01:05:03.0500 1288 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:05:03.0547 1288 monitor - ok
01:05:03.0609 1288 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:05:03.0641 1288 mouclass - ok
01:05:03.0672 1288 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:05:03.0734 1288 mouhid - ok
01:05:03.0781 1288 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:05:03.0797 1288 mountmgr - ok
01:05:03.0906 1288 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:05:03.0953 1288 MozillaMaintenance - ok
01:05:03.0968 1288 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:05:03.0999 1288 mpio - ok
01:05:04.0031 1288 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:05:04.0124 1288 mpsdrv - ok
01:05:04.0171 1288 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:05:04.0265 1288 MpsSvc - ok
01:05:04.0327 1288 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:05:04.0374 1288 MRxDAV - ok
01:05:04.0421 1288 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:05:04.0483 1288 mrxsmb - ok
01:05:04.0545 1288 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:05:04.0577 1288 mrxsmb10 - ok
01:05:04.0592 1288 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:05:04.0639 1288 mrxsmb20 - ok
01:05:04.0670 1288 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:05:04.0701 1288 msahci - ok
01:05:04.0748 1288 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:05:04.0764 1288 msdsm - ok
01:05:04.0795 1288 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:05:04.0842 1288 MSDTC - ok
01:05:04.0889 1288 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:05:04.0982 1288 Msfs - ok
01:05:04.0998 1288 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:05:05.0076 1288 mshidkmdf - ok
01:05:05.0123 1288 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:05:05.0138 1288 msisadrv - ok
01:05:05.0185 1288 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:05:05.0279 1288 MSiSCSI - ok
01:05:05.0279 1288 msiserver - ok
01:05:05.0341 1288 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:05:05.0403 1288 MSKSSRV - ok
01:05:05.0435 1288 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:05:05.0528 1288 MSPCLOCK - ok
01:05:05.0528 1288 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:05:05.0606 1288 MSPQM - ok
01:05:05.0653 1288 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:05:05.0700 1288 MsRPC - ok
01:05:05.0731 1288 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:05:05.0762 1288 mssmbios - ok
01:05:05.0809 1288 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:05:05.0887 1288 MSTEE - ok
01:05:05.0918 1288 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:05:05.0949 1288 MTConfig - ok
01:05:05.0981 1288 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:05:05.0996 1288 Mup - ok
01:05:06.0012 1288 [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:05:06.0059 1288 mwlPSDFilter - ok
01:05:06.0074 1288 [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:05:06.0090 1288 mwlPSDNServ - ok
01:05:06.0105 1288 [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:05:06.0121 1288 mwlPSDVDisk - ok
01:05:06.0183 1288 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:05:06.0277 1288 napagent - ok
01:05:06.0339 1288 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:05:06.0417 1288 NativeWifiP - ok
01:05:06.0511 1288 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
01:05:06.0542 1288 NAUpdate - ok
01:05:06.0605 1288 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:05:06.0667 1288 NDIS - ok
01:05:06.0714 1288 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:05:06.0807 1288 NdisCap - ok
01:05:06.0839 1288 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:05:06.0932 1288 NdisTapi - ok
01:05:06.0963 1288 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:05:07.0041 1288 Ndisuio - ok
01:05:07.0088 1288 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:05:07.0182 1288 NdisWan - ok
01:05:07.0213 1288 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:05:07.0291 1288 NDProxy - ok
01:05:07.0353 1288 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:05:07.0431 1288 NetBIOS - ok
01:05:07.0478 1288 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:05:07.0541 1288 NetBT - ok
01:05:07.0572 1288 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:05:07.0587 1288 Netlogon - ok
01:05:07.0634 1288 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:05:07.0743 1288 Netman - ok
01:05:07.0759 1288 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:05:07.0868 1288 netprofm - ok
01:05:07.0899 1288 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:05:07.0915 1288 NetTcpPortSharing - ok
01:05:07.0962 1288 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:05:08.0009 1288 nfrd960 - ok
01:05:08.0055 1288 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:05:08.0102 1288 NlaSvc - ok
01:05:08.0149 1288 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:05:08.0211 1288 Npfs - ok
01:05:08.0243 1288 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:05:08.0336 1288 nsi - ok
01:05:08.0367 1288 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:05:08.0461 1288 nsiproxy - ok
01:05:08.0539 1288 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:05:08.0601 1288 Ntfs - ok
01:05:08.0679 1288 [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
01:05:08.0726 1288 NTI IScheduleSvc - ok
01:05:08.0773 1288 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
01:05:08.0789 1288 NTIDrvr - ok
01:05:08.0804 1288 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:05:08.0898 1288 Null - ok
01:05:08.0929 1288 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:05:08.0960 1288 nvraid - ok
01:05:09.0007 1288 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:05:09.0023 1288 nvstor - ok
01:05:09.0085 1288 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:05:09.0116 1288 nv_agp - ok
01:05:09.0194 1288 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:05:09.0241 1288 odserv - ok
01:05:09.0303 1288 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:05:09.0335 1288 ohci1394 - ok
01:05:09.0397 1288 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:05:09.0413 1288 ose - ok
01:05:09.0600 1288 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:05:09.0834 1288 osppsvc - ok
01:05:09.0896 1288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:05:09.0959 1288 p2pimsvc - ok
01:05:09.0990 1288 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:05:10.0037 1288 p2psvc - ok
01:05:10.0083 1288 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:05:10.0115 1288 Parport - ok
01:05:10.0146 1288 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:05:10.0177 1288 partmgr - ok
01:05:10.0224 1288 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:05:10.0255 1288 PcaSvc - ok
01:05:10.0302 1288 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:05:10.0333 1288 pci - ok
01:05:10.0349 1288 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:05:10.0380 1288 pciide - ok
01:05:10.0411 1288 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:05:10.0442 1288 pcmcia - ok
01:05:10.0458 1288 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:05:10.0489 1288 pcw - ok
01:05:10.0520 1288 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:05:10.0614 1288 PEAUTH - ok
01:05:10.0739 1288 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:05:10.0785 1288 PerfHost - ok
01:05:10.0863 1288 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:05:10.0988 1288 pla - ok
01:05:11.0051 1288 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:05:11.0097 1288 PlugPlay - ok
01:05:11.0144 1288 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:05:11.0160 1288 PNRPAutoReg - ok
01:05:11.0191 1288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:05:11.0222 1288 PNRPsvc - ok
01:05:11.0285 1288 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:05:11.0378 1288 PolicyAgent - ok
01:05:11.0425 1288 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:05:11.0519 1288 Power - ok
01:05:11.0565 1288 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:05:11.0675 1288 PptpMiniport - ok
01:05:11.0721 1288 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:05:11.0784 1288 Processor - ok
01:05:11.0831 1288 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:05:11.0877 1288 ProfSvc - ok
01:05:11.0909 1288 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:05:11.0924 1288 ProtectedStorage - ok
01:05:11.0987 1288 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:05:12.0065 1288 Psched - ok
01:05:12.0127 1288 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:05:12.0189 1288 ql2300 - ok
01:05:12.0221 1288 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:05:12.0252 1288 ql40xx - ok
01:05:12.0299 1288 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:05:12.0345 1288 QWAVE - ok
01:05:12.0361 1288 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:05:12.0439 1288 QWAVEdrv - ok
01:05:12.0470 1288 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:05:12.0548 1288 RasAcd - ok
01:05:12.0611 1288 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:05:12.0689 1288 RasAgileVpn - ok
01:05:12.0720 1288 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:05:12.0813 1288 RasAuto - ok
01:05:12.0860 1288 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:05:12.0938 1288 Rasl2tp - ok
01:05:13.0001 1288 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:05:13.0079 1288 RasMan - ok
01:05:13.0125 1288 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:05:13.0219 1288 RasPppoe - ok
01:05:13.0235 1288 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:05:13.0313 1288 RasSstp - ok
01:05:13.0359 1288 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:05:13.0469 1288 rdbss - ok
01:05:13.0500 1288 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:05:13.0531 1288 rdpbus - ok
01:05:13.0562 1288 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:05:13.0656 1288 RDPCDD - ok
01:05:13.0671 1288 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:05:13.0765 1288 RDPENCDD - ok
01:05:13.0796 1288 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:05:13.0874 1288 RDPREFMP - ok
01:05:13.0937 1288 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:05:13.0999 1288 RDPWD - ok
01:05:14.0077 1288 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:05:14.0108 1288 rdyboost - ok
01:05:14.0139 1288 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:05:14.0233 1288 RemoteAccess - ok
01:05:14.0264 1288 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:05:14.0358 1288 RemoteRegistry - ok
01:05:14.0389 1288 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:05:14.0483 1288 RpcEptMapper - ok
01:05:14.0529 1288 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:05:14.0561 1288 RpcLocator - ok
01:05:14.0607 1288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:05:14.0701 1288 RpcSs - ok
01:05:14.0748 1288 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:05:14.0857 1288 rspndr - ok
01:05:14.0919 1288 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
01:05:14.0951 1288 RSUSBSTOR - ok
01:05:14.0966 1288 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:05:14.0997 1288 SamSs - ok
01:05:15.0044 1288 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:05:15.0060 1288 sbp2port - ok
01:05:15.0107 1288 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:05:15.0185 1288 SCardSvr - ok
01:05:15.0231 1288 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:05:15.0309 1288 scfilter - ok
01:05:15.0372 1288 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:05:15.0497 1288 Schedule - ok
01:05:15.0543 1288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:05:15.0606 1288 SCPolicySvc - ok
01:05:15.0621 1288 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:05:15.0668 1288 SDRSVC - ok
01:05:15.0793 1288 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
01:05:15.0809 1288 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
01:05:15.0809 1288 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
01:05:15.0855 1288 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:05:15.0965 1288 secdrv - ok
01:05:15.0996 1288 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:05:16.0074 1288 seclogon - ok
01:05:16.0121 1288 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
01:05:16.0199 1288 SENS - ok
01:05:16.0230 1288 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:05:16.0277 1288 SensrSvc - ok
01:05:16.0292 1288 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:05:16.0323 1288 Serenum - ok
01:05:16.0370 1288 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:05:16.0401 1288 Serial - ok
01:05:16.0448 1288 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:05:16.0495 1288 sermouse - ok
01:05:16.0557 1288 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:05:16.0651 1288 SessionEnv - ok
01:05:16.0682 1288 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:05:16.0729 1288 sffdisk - ok
01:05:16.0745 1288 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:05:16.0776 1288 sffp_mmc - ok
01:05:16.0791 1288 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:05:16.0823 1288 sffp_sd - ok
01:05:16.0869 1288 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:05:16.0901 1288 sfloppy - ok
01:05:16.0979 1288 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
01:05:17.0010 1288 Sftfs - ok
01:05:17.0072 1288 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:05:17.0103 1288 sftlist - ok
01:05:17.0150 1288 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:05:17.0181 1288 Sftplay - ok
01:05:17.0197 1288 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:05:17.0213 1288 Sftredir - ok
01:05:17.0244 1288 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
01:05:17.0259 1288 Sftvol - ok
01:05:17.0291 1288 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:05:17.0322 1288 sftvsa - ok
01:05:17.0369 1288 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:05:17.0462 1288 SharedAccess - ok
01:05:17.0509 1288 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:05:17.0618 1288 ShellHWDetection - ok
01:05:17.0665 1288 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:05:17.0696 1288 SiSRaid2 - ok
01:05:17.0712 1288 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:05:17.0743 1288 SiSRaid4 - ok
01:05:17.0837 1288 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:05:17.0868 1288 SkypeUpdate - ok
01:05:17.0915 1288 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:05:18.0008 1288 Smb - ok
01:05:18.0055 1288 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:05:18.0086 1288 SNMPTRAP - ok
01:05:18.0102 1288 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:05:18.0133 1288 spldr - ok
01:05:18.0180 1288 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:05:18.0242 1288 Spooler - ok
01:05:18.0351 1288 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:05:18.0523 1288 sppsvc - ok
01:05:18.0570 1288 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:05:18.0648 1288 sppuinotify - ok
01:05:18.0695 1288 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:05:18.0757 1288 srv - ok
01:05:18.0773 1288 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:05:18.0835 1288 srv2 - ok
01:05:18.0851 1288 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:05:18.0897 1288 srvnet - ok
01:05:18.0944 1288 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:05:19.0022 1288 SSDPSRV - ok
01:05:19.0038 1288 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:05:19.0116 1288 SstpSvc - ok
01:05:19.0163 1288 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:05:19.0178 1288 stexstor - ok
01:05:19.0241 1288 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:05:19.0303 1288 stisvc - ok
01:05:19.0350 1288 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:05:19.0365 1288 swenum - ok
01:05:19.0412 1288 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:05:19.0506 1288 swprv - ok
01:05:19.0568 1288 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:05:19.0631 1288 SynTP - ok
01:05:19.0724 1288 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:05:19.0833 1288 SysMain - ok
01:05:19.0865 1288 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:05:19.0943 1288 TabletInputService - ok
01:05:19.0974 1288 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:05:20.0067 1288 TapiSrv - ok
01:05:20.0114 1288 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:05:20.0192 1288 TBS - ok
01:05:20.0270 1288 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:05:20.0364 1288 Tcpip - ok
01:05:20.0411 1288 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:05:20.0473 1288 TCPIP6 - ok
01:05:20.0520 1288 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:05:20.0551 1288 tcpipreg - ok
01:05:20.0582 1288 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:05:20.0676 1288 TDPIPE - ok
01:05:20.0707 1288 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:05:20.0754 1288 TDTCP - ok
01:05:20.0801 1288 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:05:20.0879 1288 tdx - ok
01:05:20.0910 1288 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:05:20.0941 1288 TermDD - ok
01:05:20.0972 1288 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:05:21.0066 1288 TermService - ok
01:05:21.0113 1288 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:05:21.0144 1288 Themes - ok
01:05:21.0191 1288 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:05:21.0269 1288 THREADORDER - ok
01:05:21.0347 1288 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
01:05:21.0378 1288 TomTomHOMEService - ok
01:05:21.0425 1288 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:05:21.0518 1288 TrkWks - ok
01:05:21.0581 1288 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:05:21.0674 1288 TrustedInstaller - ok
01:05:21.0705 1288 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:05:21.0783 1288 tssecsrv - ok
01:05:21.0815 1288 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:05:21.0893 1288 TsUsbFlt - ok
01:05:21.0971 1288 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:05:22.0049 1288 tunnel - ok
01:05:22.0095 1288 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:05:22.0127 1288 uagp35 - ok
01:05:22.0142 1288 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
01:05:22.0173 1288 UBHelper - ok
01:05:22.0205 1288 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:05:22.0314 1288 udfs - ok
01:05:22.0376 1288 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:05:22.0423 1288 UI0Detect - ok
01:05:22.0454 1288 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:05:22.0470 1288 uliagpkx - ok
01:05:22.0532 1288 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:05:22.0563 1288 umbus - ok
01:05:22.0610 1288 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:05:22.0641 1288 UmPass - ok
01:05:22.0719 1288 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
01:05:22.0766 1288 Updater Service - ok
01:05:22.0829 1288 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:05:22.0969 1288 upnphost - ok
01:05:23.0000 1288 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:05:23.0031 1288 usbccgp - ok
01:05:23.0078 1288 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:05:23.0156 1288 usbcir - ok
01:05:23.0172 1288 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:05:23.0219 1288 usbehci - ok
01:05:23.0265 1288 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
01:05:23.0281 1288 usbfilter - ok
01:05:23.0312 1288 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:05:23.0343 1288 usbhub - ok
01:05:23.0390 1288 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:05:23.0421 1288 usbohci - ok
01:05:23.0468 1288 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:05:23.0515 1288 usbprint - ok
01:05:23.0546 1288 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:05:23.0577 1288 usbscan - ok
01:05:23.0609 1288 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:05:23.0671 1288 USBSTOR - ok
01:05:23.0702 1288 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:05:23.0733 1288 usbuhci - ok
01:05:23.0796 1288 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
01:05:23.0843 1288 usbvideo - ok
01:05:23.0889 1288 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:05:23.0967 1288 UxSms - ok
01:05:23.0999 1288 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:05:24.0030 1288 VaultSvc - ok
01:05:24.0092 1288 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:05:24.0123 1288 vdrvroot - ok
01:05:24.0170 1288 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:05:24.0279 1288 vds - ok
01:05:24.0311 1288 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:05:24.0342 1288 vga - ok
01:05:24.0357 1288 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:05:24.0451 1288 VgaSave - ok
01:05:24.0498 1288 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:05:24.0545 1288 vhdmp - ok
01:05:24.0576 1288 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:05:24.0607 1288 viaide - ok
01:05:24.0623 1288 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:05:24.0654 1288 volmgr - ok
01:05:24.0701 1288 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:05:24.0732 1288 volmgrx - ok
01:05:24.0779 1288 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:05:24.0825 1288 volsnap - ok
01:05:24.0872 1288 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:05:24.0903 1288 vsmraid - ok
01:05:24.0966 1288 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:05:25.0091 1288 VSS - ok
01:05:25.0106 1288 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:05:25.0153 1288 vwifibus - ok
01:05:25.0184 1288 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:05:25.0231 1288 vwififlt - ok
01:05:25.0278 1288 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:05:25.0387 1288 W32Time - ok
01:05:25.0434 1288 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:05:25.0465 1288 WacomPen - ok
01:05:25.0527 1288 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:05:25.0605 1288 WANARP - ok
01:05:25.0605 1288 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:05:25.0683 1288 Wanarpv6 - ok
01:05:25.0746 1288 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:05:25.0839 1288 wbengine - ok
01:05:25.0886 1288 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:05:25.0949 1288 WbioSrvc - ok
01:05:25.0995 1288 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:05:26.0042 1288 wcncsvc - ok
01:05:26.0073 1288 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:05:26.0120 1288 WcsPlugInService - ok
01:05:26.0167 1288 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:05:26.0183 1288 Wd - ok
01:05:26.0245 1288 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:05:26.0307 1288 Wdf01000 - ok
01:05:26.0354 1288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:05:26.0432 1288 WdiServiceHost - ok
01:05:26.0432 1288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:05:26.0479 1288 WdiSystemHost - ok
01:05:26.0526 1288 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:05:26.0573 1288 WebClient - ok
01:05:26.0619 1288 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:05:26.0713 1288 Wecsvc - ok
01:05:26.0729 1288 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:05:26.0807 1288 wercplsupport - ok
01:05:26.0822 1288 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:05:26.0900 1288 WerSvc - ok
01:05:26.0947 1288 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:05:27.0025 1288 WfpLwf - ok
01:05:27.0056 1288 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:05:27.0087 1288 WIMMount - ok
01:05:27.0119 1288 WinDefend - ok
01:05:27.0119 1288 WinHttpAutoProxySvc - ok
01:05:27.0212 1288 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:05:27.0290 1288 Winmgmt - ok
01:05:27.0384 1288 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:05:27.0509 1288 WinRM - ok
01:05:27.0587 1288 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:05:27.0633 1288 WinUsb - ok
01:05:27.0680 1288 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:05:27.0743 1288 Wlansvc - ok
01:05:27.0805 1288 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:05:27.0836 1288 wlcrasvc - ok
01:05:27.0961 1288 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:05:28.0055 1288 wlidsvc - ok
01:05:28.0101 1288 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:05:28.0133 1288 WmiAcpi - ok
01:05:28.0179 1288 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:05:28.0226 1288 wmiApSrv - ok
01:05:28.0257 1288 WMPNetworkSvc - ok
01:05:28.0304 1288 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:05:28.0351 1288 WPCSvc - ok
01:05:28.0382 1288 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:05:28.0491 1288 WPDBusEnum - ok
01:05:28.0538 1288 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:05:28.0616 1288 ws2ifsl - ok
01:05:28.0679 1288 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
01:05:28.0725 1288 wscsvc - ok
01:05:28.0725 1288 WSearch - ok
01:05:28.0835 1288 [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe
01:05:28.0866 1288 WTGService - ok
01:05:28.0975 1288 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:05:29.0084 1288 wuauserv - ok
01:05:29.0131 1288 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:05:29.0178 1288 WudfPf - ok
01:05:29.0209 1288 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:05:29.0240 1288 WUDFRd - ok
01:05:29.0287 1288 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:05:29.0334 1288 wudfsvc - ok
01:05:29.0365 1288 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
01:05:29.0443 1288 WwanSvc - ok
01:05:29.0505 1288 [ 1EA18D9ADA8FE282D7B5822F1BD05E8F ] XS Stick Service C:\Windows\service4g.exe
01:05:29.0521 1288 XS Stick Service - ok
01:05:29.0537 1288 ================ Scan global ===============================
01:05:29.0583 1288 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:05:29.0630 1288 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:05:29.0646 1288 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:05:29.0693 1288 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:05:29.0739 1288 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:05:29.0739 1288 [Global] - ok
01:05:29.0739 1288 ================ Scan MBR ==================================
01:05:29.0771 1288 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:05:30.0847 1288 \Device\Harddisk0\DR0 - ok
01:05:30.0847 1288 ================ Scan VBR ==================================
01:05:30.0878 1288 [ 9460FE28809EDF7D19847A35F600938C ] \Device\Harddisk0\DR0\Partition1
01:05:30.0894 1288 \Device\Harddisk0\DR0\Partition1 - ok
01:05:30.0909 1288 [ 9AFE4A64667342448CB3130EEFE84CD4 ] \Device\Harddisk0\DR0\Partition2
01:05:30.0909 1288 \Device\Harddisk0\DR0\Partition2 - ok
01:05:30.0909 1288 ============================================================
01:05:30.0909 1288 Scan finished
01:05:30.0909 1288 ============================================================
01:05:30.0941 3764 Detected object count: 3
01:05:30.0941 3764 Actual detected object count: 3
01:05:40.0410 3764 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:40.0410 3764 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:05:40.0425 3764 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:40.0425 3764 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:05:40.0425 3764 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
01:05:40.0425 3764 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
18.05.2013, 00:30
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Care Antivirus kann nicht entfernt werden JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2013, 14:57
| #13 |
| | System Care Antivirus kann nicht entfernt werden Hier die Ergebnisse: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Luce on 18.05.2013 at 8:33:19,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\babylonhelper.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontc_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\dvdvideosofttbtoolbarhelper_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\dvdvideosofttbtoolbarhelper_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2CF7D4B0-98F6-4197-8F5D-17183644E44F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
~~~ Files
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] C:\Windows\syswow64\sho11C1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1366.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1B04.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1F18.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2232.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho24EF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho269B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho28DA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2B79.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2B86.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3066.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3849.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3C45.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho40A1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho45B7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4AF8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4DE4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho52D2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho53E6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho56FA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6224.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6682.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6887.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho69AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6DE1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho71B8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho73A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho73C7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho756D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho781.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7D6E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7F02.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8378.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8A86.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8AC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8E8C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho90FC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho910D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho95CE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9CAB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9CFD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9DDA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9E05.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9E1D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA31D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA3A5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA7D4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD16.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD76.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAFE1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB263.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB27A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB432.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB5AF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBB59.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBC62.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBD9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBE8F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBF8D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBFA3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC1EB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC470.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC544.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC685.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC9A8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC9C7.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCA55.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCB03.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCE2B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD5A5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD61.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD8E0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD984.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDD56.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDFA5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE9A6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEA05.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEA94.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE6D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE97.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEF04.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF0A9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF596.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFE27.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFE6F.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Luce\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\local\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\locallow\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Users\Luce\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\dvdvideosofttb"
Failed to delete: [Folder] "C:\Program Files (x86)\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{018E9319-600B-41FC-BB4E-FED29EC553ED}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{0B94E47C-323B-45C7-80F5-9E15A4AB1812}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{1CB974A3-D4BE-433C-A81F-97A0BA327AAD}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{21777FE1-FC31-4F1E-8C6B-2D983394E0DD}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{26DB5635-96C6-4E72-A8C2-F78D115BBBF9}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{2D836991-76E3-4D38-A0A1-A357D442DA9D}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{337457EF-C528-4D28-92D5-6308DDCD4AD4}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{36AD64C5-C8B9-421F-9467-51474289A966}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{4781E84F-D5C7-408C-826D-7466E22E7CB2}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{4932679E-DE70-4A96-9534-3216CA4B7198}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{4D32B78C-7BC6-4910-AE7D-55E4C1DFCA69}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{521B1388-F1C7-47E3-A193-FA80A5691EE3}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{5616342F-33A9-4810-8760-028E6C2B2F12}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{5F70E741-DC5A-40F0-BE06-D99F8CC47D27}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{611B6132-E912-47C8-9C5A-6D0B317F9265}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{65DCD903-5722-48EB-9498-DF782D8DF52A}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6912781F-76CA-4BA1-9D35-14ED1A8B641D}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6926451D-9B17-4319-A398-72CAD38615A0}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6B3549BE-56C9-4922-95F0-CD01178F7059}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{6F22D6FC-C5C5-400C-9CEC-D05773D9767A}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{85E63797-6322-4C4D-B0D9-D638A6F41EA0}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{9ABCF9DB-87D4-48A8-9EE9-1A6D68A14858}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{A12432FA-8FEC-4999-9854-267CD31733F0}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{AD47AFA3-4945-4306-8424-C385AEF3C65B}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{ADAF568F-846C-4227-8572-06FBF3F93A4C}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{DAA7D28B-8D8D-4345-9776-1C268E483BCF}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{DBB2921B-DDE5-4879-BCFE-46D6D4F47D4B}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{E1988F9D-1CE0-4180-B96D-0A3F3378CF83}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{E788DB26-99DE-48F9-8A76-50F85BDB2FFB}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{F0186589-E3F8-4381-9461-4D443BF07E5D}
Successfully deleted: [Empty Folder] C:\Users\Luce\appdata\local\{F1BC8F98-747E-4E39-92B9-CD8E34050C20}
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\user.js
Successfully deleted: [File] "C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\DivXWebPlayer@divx.com.xpi"
Successfully deleted: [File] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\askcomsearch.xml
Successfully deleted: [File] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\winamptoolbardata
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\toolbar@ask.com
Successfully deleted: [Folder] C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Successfully deleted the following from C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\prefs.js
user_pref("CT2269050..clientLogIsEnabled", false);
user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
user_pref("CT2269050.CTID", "CT2269050");
user_pref("CT2269050.CurrentServerDate", "18-5-2013");
user_pref("CT2269050.DSChangedManually", false);
user_pref("CT2269050.DSInstall", true);
user_pref("CT2269050.DSProtectChoice", true);
user_pref("CT2269050.DSProtectCount", 2);
user_pref("CT2269050.DialogsAlignMode", "LTR");
user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun May 12 2013 18:33:21 GMT+0200");
user_pref("CT2269050.DownloadReferralCookieData", "");
user_pref("CT2269050.EMailNotifierPollDate", "Wed Feb 08 2012 22:12:43 GMT+0100");
user_pref("CT2269050.FirstServerDate", "8-2-2012");
user_pref("CT2269050.FirstTime", true);
user_pref("CT2269050.FirstTimeFF3", true);
user_pref("CT2269050.FixPageNotFoundErrors", true);
user_pref("CT2269050.GroupingServerCheckInterval", 1440);
user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2269050.HPInstall", true);
user_pref("CT2269050.HasUserGlobalKeys", true);
user_pref("CT2269050.HomePageProtectorEnabled", true);
user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
user_pref("CT2269050.Initialize", true);
user_pref("CT2269050.InitializeCommonPrefs", true);
user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
user_pref("CT2269050.InstallationType", "UnknownIntegration");
user_pref("CT2269050.InstalledDate", "Wed Feb 08 2012 16:41:30 GMT+0100");
user_pref("CT2269050.InvalidateCache", false);
user_pref("CT2269050.IsAlertDBUpdated", true);
user_pref("CT2269050.IsGrouping", false);
user_pref("CT2269050.IsInitSetupIni", true);
user_pref("CT2269050.IsMulticommunity", false);
user_pref("CT2269050.IsOpenThankYouPage", false);
user_pref("CT2269050.IsOpenUninstallPage", false);
user_pref("CT2269050.IsProtectorsInit", true);
user_pref("CT2269050.LanguagePackLastCheckTime", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 13:12:57 GMT+0200");
user_pref("CT2269050.LastLogin_3.12.2.3", "Tue May 29 2012 17:24:16 GMT+0200");
user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 08:27:56 GMT+0200");
user_pref("CT2269050.LastLogin_3.14.1.0", "Wed Aug 22 2012 16:43:09 GMT+0200");
user_pref("CT2269050.LastLogin_3.15.1.0", "Fri Nov 09 2012 20:34:28 GMT+0100");
user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Feb 08 2013 17:56:31 GMT+0100");
user_pref("CT2269050.LastLogin_3.16.0.3", "Tue Jan 01 2013 11:14:12 GMT+0100");
user_pref("CT2269050.LastLogin_3.18.0.7", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.LastLogin_3.9.0.3", "Wed Feb 08 2012 19:09:53 GMT+0100");
user_pref("CT2269050.LatestVersion", "3.18.0.7");
user_pref("CT2269050.Locale", "en");
user_pref("CT2269050.MCDetectTooltipHeight", "83");
user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2269050.MCDetectTooltipWidth", "295");
user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
user_pref("CT2269050.OriginalFirstVersion", "3.9.0.3");
user_pref("CT2269050.RadioIsPodcast", false);
user_pref("CT2269050.RadioLastCheckTime", "Wed Feb 08 2012 19:09:55 GMT+0100");
user_pref("CT2269050.RadioLastUpdateIPServer", "3");
user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
user_pref("CT2269050.RadioMediaID", "12473383");
user_pref("CT2269050.RadioMediaType", "Media Player");
user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
user_pref("CT2269050.RadioShrinkedFromSetup", false);
user_pref("CT2269050.RadioStationName", "Hotmix%20108");
user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
user_pref("CT2269050.SavedHomepage", "www.google.de");
user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
user_pref("CT2269050.SearchFromAddressBarIsInit", true);
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("CT2269050.SearchInNewTabEnabled", true);
user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat May 18 2013 00:58:32 GMT+0200");
user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2269050.SearchProtectorEnabled", true);
user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
user_pref("CT2269050.SendProtectorDataViaLogin", true);
user_pref("CT2269050.ServiceMapLastCheckTime", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.SettingsLastCheckTime", "Sat May 18 2013 00:58:31 GMT+0200");
user_pref("CT2269050.SettingsLastUpdate", "1368778346");
user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Feb 08 2012 19:09:45 GMT+0100");
user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2269050.UserID", "UN70149169439389110");
user_pref("CT2269050.ValidationData_Toolbar", 1);
user_pref("CT2269050.WeatherNetwork", "");
user_pref("CT2269050.WeatherPollDate", "Wed Feb 08 2012 22:10:43 GMT+0100");
user_pref("CT2269050.WeatherUnit", "C");
user_pref("CT2269050.alertChannelId", "666138");
user_pref("CT2269050.autoDisableScopes", -1);
user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B
user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262A442B564B4E3B243D2F2D2F2F33433A45373838615D61406A644F38514341424545574E594B
user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6D6D6C7375757770");
user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473737372797B7B7D76242F4B49474F42357D5D5C3D");
user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#oqq;igi+vkn", "247E61393F236B25737471722A212C6E414F444D327A344352574757532F5B5D5D475553553762575A473E492C58545E6A4F385143
user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563
user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D305C5D66523B544356
user_pref("CT2269050.backendstorage./9b+7e31;cjdjihl@af%peh", "247E61393F236B25767172727A2B222D6F4250454E337B3551575655594D4E53325D52554239442753545D49324B3C3B4E45506261657161
user_pref("CT2269050.backendstorage./9b+7e31;cjh<=bik#cm?", "247E61393F236B2576727072762B222D6F4250454E337B3555494A4F565830505A4C403742256265534730493B364C434E315D5E67533C5546
user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C55445
user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A395148536775636367757567
user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F
user_pref("CT2269050.backendstorage./9b-0?3g>d", "3E686D6C6F6E72737A4445497A2079797C7D2550217B202A522954252456275C5E2A2F5C");
user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6D686C716D4141727A6F77797B4A7D7C4E4A22504D");
user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6D6C7375757775707173");
user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5475652041756720323820323031322031303A32313A343320474D542B30323030");
user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Wed Feb 08 2012 16:41:33 GMT+0100");
user_pref("CT2269050.homepageProtectorEnableByLogin", true);
user_pref("CT2269050.initDone", true);
user_pref("CT2269050.isAppTrackingManagerOn", false);
user_pref("CT2269050.isFirstRadioInstallation", false);
user_pref("CT2269050.myStuffEnabled", true);
user_pref("CT2269050.myStuffPublihserMinWidth", 400);
user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2269050.revertSettingsEnabled", true);
user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
user_pref("CT2269050.searchProtectorEnableByLogin", true);
user_pref("CT2269050.testingCtid", "");
user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sat May 18 2013 00:58:34 GMT+0200");
user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Wed Feb 08 2012 19:09:56 GMT+0100");
user_pref("CT2269050.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"86bdb693acb13a9f35c7cc500b9194933\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1365594729\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"6341c50648fd59897cde84cfa3927631\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"073e33a707e0305bf15c11c5bbb33921\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e3705148d1ef9c9f4723c1a1d66a8544\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Luce\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\s9f7e1rr.default\\conduitCommon\\modules\\3.9.0.3");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_135908ca", "356x332");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?AF=100581&babsrc=adbartrp&mntrId=ee02c25700000000000018f46ab4bb9b&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
user_pref("CommunityToolbar.globalUserId", "da11ca15-f246-4e14-8afe-c5a215a8f4d0");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Feb 08 2012 16:41:33 GMT+0100");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Feb 08 2012 20:09:56 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Feb 08 2012 19:09:53 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "44bbed8f-e807-4048-aa11-4762df4d72d5");
user_pref("CommunityToolbar.originalHomepage", "www.google.de");
user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
user_pref("aol_toolbar.surf.date", "63");
user_pref("aol_toolbar.surf.lastDate", "8");
user_pref("aol_toolbar.surf.lastMonth", "10");
user_pref("aol_toolbar.surf.lastYear", "2011");
user_pref("aol_toolbar.surf.month", "642");
user_pref("aol_toolbar.surf.prevMonth", "3933");
user_pref("aol_toolbar.surf.total", "5459");
user_pref("aol_toolbar.surf.week", "259");
user_pref("aol_toolbar.surf.year", "5415");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultengine", "Ask.com Search");
user_pref("browser.search.defaultenginename", "Ask.com Search");
user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com Search");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babclient");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=100581");
user_pref("extensions.BabylonToolbar.bbDpng", 1);
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "ee02c25700000000000018f46ab4bb9b");
user_pref("extensions.BabylonToolbar.instlDay", "15335");
user_pref("extensions.BabylonToolbar.instlRef", "std");
user_pref("extensions.BabylonToolbar.lastDP", 1);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:22:47");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 69175963);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "def");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:22:47");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100581");
user_pref("extensions.BabylonToolbar_i.hardId", "ee02c25700000000000018f46ab4bb9b");
user_pref("extensions.BabylonToolbar_i.id", "ee02c25700000000000018f46ab4bb9b");
user_pref("extensions.BabylonToolbar_i.instlDay", "15335");
user_pref("extensions.BabylonToolbar_i.instlRef", "std");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100581&babsrc=NT_def");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "def");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:22:47");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.asktb.cbid", "N9");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.o", "15418");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("winamp_toolbar.search.searchtype", "web");
Emptied folder: C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\minidumps [143 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2013 at 8:43:22,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 18/05/2013 um 10:52:47 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Luce - YT-1300
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Luce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DKQKLVB\adwcleaner[1].exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\searchplugins\aol-web-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Users\Luce\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Luce\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Luce\AppData\Roaming\OCS
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A84F2BD-FB5D-43F0-8FC7-849288CF3411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95185A4D-A42E-4EF6-8500-1EFD7716B358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\prefs.js
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e37[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Luce\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("extensions.enabledAddons", "coralietab%40mozdev.org:2.04.20110724,DivXWebPlayer%40divx.co[...]
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.guid", "{461D4411-5EE9-3508-0C09-2FD90FC17DD3}");
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "8");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "10");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "19");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "22");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "1");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "9");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "44");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1320790840294");
Gelöscht : user_pref("winamp_toolbar.search.cid", "26-10-2011");
Gelöscht : user_pref("winamp_toolbar.search.instd", "20110919190237652");
Gelöscht : user_pref("winamp_toolbar.search.oid", "19-09-2011");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Gelöscht : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.volume", "255");
*************************
AdwCleaner[S1].txt - [16566 octets] - [18/05/2013 10:52:47]
########## EOF - C:\AdwCleaner[S1].txt - [16627 octets] ##########
Code:
ATTFilter OTL logfile created on: 18.05.2013 15:14:31 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luce\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 48,00% Memory free 3,46 Gb Paging File | 1,96 Gb Available in Paging File | 56,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,99 Gb Total Space | 153,53 Gb Free Space | 54,25% Space Free | Partition Type: NTFS Computer Name: YT-1300 | User Name: Luce | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Users\Luce\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe () PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) ========== Modules (No Company Name) ========== MOD - C:\Users\Luce\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.2.229\Blingext.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe () MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{272AF676-4FC8-4411-9A88-53E0284062AA}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{59F72305-D7D4-4FB8-8E0D-86D3D1FE0458}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{8C988AA4-9F3C-4655-9A3F-D69BDC73C493}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{C2D10C7C-9EFC-4EEE-A0FA-DC02D20BE874}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{D8E47FF5-9649-4EFB-A5FB-605F981F176C}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{E767EB1A-C9D2-4EBB-88ED-1DF3AFDFCF63}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Sichere Suche" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/deu/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.04.10 21:35:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 08:39:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Luce\AppData\Roaming\Mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\mail@gutscheinrausch.de FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:07:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 08:39:04 | 000,000,000 | ---D | M] [2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions [2012.07.12 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.05.18 08:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions [2013.01.27 14:28:35 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\2020Player_IKEA@2020Technologies.com [2012.10.26 20:03:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Luce\AppData\Roaming\mozilla\Firefox\Profiles\s9f7e1rr.default\extensions\coralietab@mozdev.org [2013.05.12 18:41:05 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\client@anonymox.net.xpi [2013.05.01 08:52:20 | 000,052,496 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\googledictionary@toptip.ca.xpi [2013.05.17 20:37:05 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\toolbar@gmx.net.xpi [2013.05.05 18:54:11 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.05.12 18:41:04 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.17 20:37:16 | 000,002,418 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\englische-ergebnisse.xml [2013.05.17 20:37:15 | 000,010,701 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\gmx-suche.xml [2013.05.17 20:37:15 | 000,002,432 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\lastminute.xml [2012.01.23 16:18:50 | 000,002,135 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\s-amazon-de.xml [2013.05.17 20:37:15 | 000,005,682 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\webde-suche.xml [2011.12.27 16:41:40 | 000,002,188 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{78A017D2-2C0C-4D63-8BA0-48393A677264}.xml [2011.12.27 16:41:40 | 000,001,870 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{CEE89566-97A4-46CF-9E1A-AEA28779ADDD}.xml [2011.12.27 16:41:40 | 000,002,077 | ---- | M] () -- C:\Users\Luce\AppData\Roaming\mozilla\firefox\profiles\s9f7e1rr.default\searchplugins\{F86E7D4D-E70E-4EB3-8508-824D16B0D899}.xml [2013.04.13 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.13 08:07:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.10 21:35:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR File not found (No name found) -- C:\USERS\LUCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9F7E1RR.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\LUCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9F7E1RR.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2013.04.13 08:07:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.04.25 14:48:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 07:13:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.25 14:48:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.25 14:48:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.16 13:17:38 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.04.25 14:48:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.25 14:48:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.17 18:34:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21DFF927-2881-4556-92D5-DA438AD2FF04}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.18 10:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.05.18 08:32:27 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Luce\Desktop\JRT.exe [2013.05.18 00:18:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Luce\Desktop\aswMBR.exe [2013.05.17 23:44:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.17 18:21:00 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.17 13:00:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.17 13:00:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.17 13:00:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.17 12:59:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.17 12:59:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.17 12:57:30 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Luce\Desktop\ComboFix.exe [2013.05.16 22:17:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe [2013.05.16 21:57:53 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe [2013.05.16 18:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.16 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Luce\Desktop\mbar-1.05.0.1001 [2013.05.16 18:16:24 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.16 18:16:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.16 18:16:01 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.16 18:16:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.16 18:15:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.16 18:15:59 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.16 18:14:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.16 18:14:08 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll [2013.05.16 18:13:41 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 18:13:36 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 18:13:36 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 18:13:36 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 18:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 18:13:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 18:13:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 18:12:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.16 18:12:14 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.12 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EE08215D7633C2570000EE073359C5DA [2013.05.12 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.08 16:25:04 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys ========== Files - Modified Within 30 Days ========== [2013.05.18 15:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.18 15:11:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.18 15:11:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.18 11:02:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 11:02:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 10:55:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.18 10:54:42 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys [2013.05.18 08:32:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Luce\Desktop\JRT.exe [2013.05.18 00:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Luce\Desktop\MBR.dat [2013.05.18 00:18:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Luce\Desktop\aswMBR.exe [2013.05.17 18:34:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.17 12:57:52 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Luce\Desktop\ComboFix.exe [2013.05.17 09:39:49 | 000,179,554 | ---- | M] () -- C:\Users\Luce\Desktop\Unbenannt.PNG [2013.05.17 09:25:30 | 000,428,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 23:39:01 | 001,535,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.16 23:39:01 | 000,659,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.16 23:39:01 | 000,620,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.16 23:39:01 | 000,132,970 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.16 23:39:01 | 000,108,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.16 22:38:00 | 000,377,856 | ---- | M] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe [2013.05.16 22:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luce\Desktop\OTL.exe [2013.05.16 22:14:57 | 000,000,000 | ---- | M] () -- C:\Users\Luce\defogger_reenable [2013.05.16 22:14:04 | 000,050,477 | ---- | M] () -- C:\Users\Luce\Desktop\Defogger.exe [2013.05.16 21:58:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luce\Desktop\tdsskiller.exe [2013.05.16 19:14:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.16 19:14:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.16 18:25:42 | 012,917,756 | ---- | M] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip [2013.05.12 22:09:12 | 000,002,052 | ---- | M] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk [2013.05.08 16:24:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys ========== Files Created - No Company Name ========== [2013.05.17 13:00:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.17 13:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.17 13:00:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.17 13:00:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.17 13:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.17 09:39:48 | 000,179,554 | ---- | C] () -- C:\Users\Luce\Desktop\Unbenannt.PNG [2013.05.16 22:37:31 | 000,377,856 | ---- | C] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe [2013.05.16 22:14:57 | 000,000,000 | ---- | C] () -- C:\Users\Luce\defogger_reenable [2013.05.16 22:13:55 | 000,050,477 | ---- | C] () -- C:\Users\Luce\Desktop\Defogger.exe [2013.05.16 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Luce\Desktop\MBR.dat [2013.05.16 18:25:25 | 012,917,756 | ---- | C] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip [2013.05.12 19:26:32 | 000,002,052 | ---- | C] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk [2013.03.26 09:36:34 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.03.17 16:52:14 | 000,049,518 | ---- | C] () -- C:\Users\Luce\autoruns.chm [2012.01.03 13:59:22 | 000,008,192 | ---- | C] () -- C:\Users\Luce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.27 16:41:34 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.27 16:16:11 | 1242,169,276 | ---- | C] () -- C:\Users\Luce\marco4.ps [2011.12.27 13:37:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.12.27 13:23:34 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.11.30 15:11:01 | 000,000,032 | ---- | C] () -- C:\Users\Luce\.simfy [2011.10.26 15:52:10 | 000,000,001 | R--- | C] () -- C:\Users\Luce\serverport [2011.08.08 09:34:28 | 000,017,408 | ---- | C] () -- C:\Users\Luce\AppData\Local\WebpageIcons.db [2011.06.18 17:19:43 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI [2011.06.18 17:19:42 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 < End of report > |
|
18.05.2013, 14:59
| #14 |
| | System Care Antivirus kann nicht entfernt werden ...und Nummer 4: Code:
ATTFilter OTL Extras logfile created on: 18.05.2013 15:14:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,73 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 48,00% Memory free
3,46 Gb Paging File | 1,96 Gb Available in Paging File | 56,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 153,53 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
Computer Name: YT-1300 | User Name: Luce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FBB058-41B1-4D30-8ABB-F3284EE48D95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{075DF398-5318-4B1E-A2FE-5C79D4DF42F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{10E27EB7-6161-4D6E-BA9F-3D5969BE551E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12088797-7E61-4EE1-B01D-0BE60C686C26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{135D49FE-07B0-4A51-8357-D3D9B195BA48}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A7B8D84-9F32-4BE7-B2A3-AF0AA26AC10C}" = lport=138 | protocol=17 | dir=in | app=system |
"{260B41E2-5775-40B1-9555-D241E4D9049D}" = lport=137 | protocol=17 | dir=in | app=system |
"{280143F3-0F86-4140-928C-C98C41377741}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{328E7709-3997-4F8F-9098-185DAB00F9FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{386C7703-164D-44C5-9370-52A960F019B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F16AE05-A8D3-42E9-897E-1A05C823F22A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40D689FD-C12E-4804-9218-5322F2961352}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45245B26-FF1B-464D-9135-23D5C58598CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{45F93B99-C87B-4384-A06B-E8B2511301AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5139722C-A926-480D-BAF9-03F7F296DF6C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5688B20F-386F-4A2A-B838-45E5A5605A23}" = rport=10243 | protocol=6 | dir=out | app=system |
"{753BED9C-9BCE-41CB-896F-9AB774131C52}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E930AAB-4C8B-4DF1-A89D-B70EAD4AEA8B}" = rport=138 | protocol=17 | dir=out | app=system |
"{827089C8-A4B7-45B8-B049-39A8EF45BADE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E9119D4-AE16-4CAF-9831-EB5F358E6F3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{972D1F6C-EF1E-480C-9023-807F0F0A3A3C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE4EC8A4-81DE-4C34-A29D-F27C6DE255E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AFC484DB-2042-46AF-A764-0E959ACF74D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B05C1DFC-3E6E-411B-90E2-628E5B2E2F14}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CEEDA6C3-6E2C-41AF-A6EC-EA6066487636}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E011E995-817D-47E2-84A4-AAAABD06CB5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001DF5A7-B10C-4996-AE9E-65E33ED6FE5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{02708B69-9749-4A9A-A100-F8AEE0067B9D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{03CE7EE7-0513-4115-97FB-E8A091116306}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{0602840D-99E8-4C7B-90F3-4D95228C029F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{14387C9B-8F30-4E92-9186-C8D2D490C9ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{152BF173-3251-4E4F-ACE7-1D55EBAC42DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A836415-B088-4A9A-B0AD-796CA10422B5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1ACAD6FB-0646-4481-88A9-34AF578BF921}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1EAEA3D8-2731-4D12-B4AE-8C18041BEE21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{219216A1-1152-419B-B153-4AE6BC70C840}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{287F06A7-481E-4211-9E8A-2E84C1A3E51B}" = protocol=6 | dir=out | app=system |
"{2D3F7DE0-CD84-46A9-A411-E85832176CB7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{32EA872F-6E49-4505-9191-A2CC1D411A5D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{359E63D8-4D66-4444-9557-77148CCA3340}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{35DD51C2-E821-49C4-8383-7A219898D3E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{37DEC0F3-9E4C-4924-BB49-D25675E2B3B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat |
"{3B501F12-996E-45E2-8B98-E52D5A8DDF12}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat |
"{4413A50A-299F-49A0-B987-36DE5430B7D6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{47C1698F-4DA9-4991-B630-97389316C392}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48D31277-FD3F-44C8-BCD7-652E2DF75F65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{49B3C51A-59B5-4AFD-A98D-6C598D84A99C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{4A01B0DD-BC99-423E-B120-9D7D53421A3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B599239-B6B3-4F21-A6A1-8C009D92022C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{6B7A9267-5E50-4919-A9E2-C7C875057B6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71F4957C-1A6B-4C9C-B76D-220CDC61D406}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7FF5C60A-C1FD-4B7C-B6EE-2147264D0128}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat |
"{85C24DA7-D44B-476E-8861-C24E54EB821F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85D73552-AF7D-4FE8-9D57-B2E0CDD75F11}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{87C95F51-A8AA-45F0-88CD-8464CA70157D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{95EF29B2-5367-4D53-B3F5-5BE2EAC9AA63}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{99C24BD7-2CEF-4E78-A180-8C920A6743F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB66FCB6-79F8-457E-802C-0668E388522E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B873CE48-65A8-4E5F-8B33-ECEE63BEF0F1}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{BB5969A5-1EAE-47E4-A6D8-681A543E330F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD178AA6-DB90-427F-95E8-63EC35DFDD58}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CE33F4B5-45E6-4F6B-921B-B45A1ACE0CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat |
"{D161598E-A019-4784-B5F4-57CD7D244B2D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D2540DF6-968E-469D-B5C1-116BD05AB0FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4FC5CB9-E62A-4856-AC94-B3A61BCADA0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F50EFA52-EFB3-468C-9D87-A3E9A5A7CEBE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F8B9EE24-33F1-491D-8A69-301F02508286}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe |
"{F9AE677E-5814-4EDC-8A16-89FEB14A8833}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FB766703-783E-4972-A46C-FCD08DB428F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{153276F3-FA4E-4EA2-9006-E0D28469C026}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{3C766BDF-101C-496F-A16C-BBCBBE447DFB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{63C3C954-B9CB-4C55-B235-059783C602C8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{86763842-CB05-4FDB-BFDD-C2E2984213F9}C:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
"TCP Query User{F5624B1B-DCF4-4E11-AA80-1A098D983408}C:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat |
"UDP Query User{09979D8C-190B-42C6-87F8-DBB7787C933B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{2B65228E-8D82-4F50-B002-0137E57E2B90}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{2FDEFDA5-8D45-47F8-B682-3F71FE2F5EC7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{530B37B8-DEE3-4B58-99CC-E263A86A7526}C:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\patchget.dat |
"UDP Query User{A27A23A8-B52A-4B56-8278-85883B91611C}C:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\luce\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{3F7C54EA-F59C-45DD-BA93-AD1E084A9550}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager
"{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64
"{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON BX310FN Series" = Druckerdeinstallation für EPSON BX310FN Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC0F900C-C7D6-76C4-98E9-095986BA5378}" = simfy
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArtMoney SE_is1" = ArtMoney SE v7.38
"AudibleManager" = AudibleManager
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Civitas3" = Grand Ages Rome 1.11
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.70
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein Heim 3D V3" = Mein Heim 3D V3
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"S2TNG" = Die Siedler II - Die nächste Generation
"Simfy" = simfy
"SopCast" = SopCast 3.4.8
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3221331733-3512096612-1023093492-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 03.12.2012 11:33:25 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18372
seconds with 240 seconds of active time. This session ended with a crash.
Error - 15.12.2012 17:00:00 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.12.2012 15:13:50 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 160
seconds with 60 seconds of active time. This session ended with a crash.
Error - 19.01.2013 15:28:05 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 88611
seconds with 540 seconds of active time. This session ended with a crash.
Error - 08.02.2013 13:31:23 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2048
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.03.2013 15:35:33 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.04.2013 15:27:41 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 399
seconds with 120 seconds of active time. This session ended with a crash.
Error - 02.05.2013 01:33:19 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 462
seconds with 420 seconds of active time. This session ended with a crash.
Error - 02.05.2013 01:35:51 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.
Error - 02.05.2013 01:36:39 | Computer Name = YT-1300 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.05.2013 04:50:13 | Computer Name = YT-1300 | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
19.05.2013, 02:34
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Care Antivirus kann nicht entfernt werdenFixen mit OTL
Code:
ATTFilter :OTL
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Luce\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4 - HKLM..\Run: [] File not found
FF - user.js - File not found
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
[2013.05.16 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Luce\Desktop\MBR.dat
[2013.05.16 18:25:25 | 012,917,756 | ---- | C] () -- C:\Users\Luce\Desktop\mbar-1.05.0.1001.zip
[2013.05.12 19:26:32 | 000,002,052 | ---- | C] () -- C:\Users\Luce\Desktop\System Care Antivirus.lnk
[2013.05.16 22:37:31 | 000,377,856 | ---- | C] () -- C:\Users\Luce\Desktop\gmer_2.1.19163.exe
[2013.05.18 08:32:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Luce\Desktop\JRT.exe
[2013.05.18 00:18:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Luce\Desktop\aswMBR.exe
[2013.05.12 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EE08215D7633C2570000EE073359C5DA
[2013.05.12 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Luce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.16 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Luce\Desktop\mbar-1.05.0.1001
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{272AF676-4FC8-4411-9A88-53E0284062AA}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{59F72305-D7D4-4FB8-8E0D-86D3D1FE0458}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{8C988AA4-9F3C-4655-9A3F-D69BDC73C493}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{C2D10C7C-9EFC-4EEE-A0FA-DC02D20BE874}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{D8E47FF5-9649-4EFB-A5FB-605F981F176C}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-3221331733-3512096612-1023093492-1002\..\SearchScopes\{E767EB1A-C9D2-4EBB-88ED-1DF3AFDFCF63}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b4fa438a-33e2-48c4-8a86-62767d98ec27&pid=freewarede&mode=bounce&k=0
FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/deu/"
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System Care Antivirus kann nicht entfernt werden |
| administrator, antivirus, aswmbr, avast, avira, bingbar, browser, classpnp.sys, computer, desktop, dxgkrnl, explorer, file, firefox, fontcache, google, hal.dll, internet, internet explorer, langsam, log file, monitor, policyagent, programm, recycle.bin, registry, security, server, sigcheck, siteadvisor, system, system care, temp, trustedinstaller, tunnel, warnmeldungen, wlansvc, wmp, wsearch |
Textbox. 
Linear-Darstellung
