Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.06.2013, 09:31   #1
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Hallo, Avira hat auf meinem Rechner folgenden Trojaner gefunden: 'TR/Spy.ZBot.mhlv.2' in der Datei C:\Users\XXX\AppData\Local\Temp\tmp143c9259\gw01.exe. Der zugriff wurde durch Avira verweigert, der Trojaner taucht immer wieder auf. Was soll ich tun?

Alt 18.06.2013, 10:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.06.2013, 14:32   #3
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Hier die kompletten Logs von Avira und Malewarebytes...
Vieln Dank schonmal für deine schnelle Antwort

Avira:
18.06.2013 10:01 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde abgebrochen!].
Anzahl Dateien: 0
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0

18.06.2013 09:50 [Planer] Auftrag gestartet
Auftrag "Vollständige Systemprüfung"
wurde erfolgreich gestartet.

18.06.2013 09:45 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert:
vbase031.vdf 7.11.85.28
aevdf.dat 7.11.85.28

18.06.2013 09:44 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.60
VDF Version: 7.11.85.28

18.06.2013 09:43 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

18.06.2013 09:42 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 935
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0

18.06.2013 09:39 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp143c9259\gw01.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

18.06.2013 09:39 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.60
VDF Version: 7.11.85.14

18.06.2013 09:39 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.60
VDF Version: 7.11.85.14

18.06.2013 09:38 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

17.06.2013 12:45 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

17.06.2013 12:45 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

17.06.2013 11:38 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert:
vbase031.vdf 7.11.85.14
aevdf.dat 7.11.85.14

17.06.2013 11:38 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.60
VDF Version: 7.11.85.14

17.06.2013 11:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp54f15984\gw01.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

17.06.2013 11:37 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

16.06.2013 19:54 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp024ec518\gw01.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

16.06.2013 19:54 [Updater] Update nicht ausgeführt
Das Update von Computer LUKAS-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.

16.06.2013 19:54 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

16.06.2013 19:49 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.60
VDF Version: 7.11.84.240

16.06.2013 19:49 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.60
VDF Version: 7.11.84.240

16.06.2013 19:49 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

16.06.2013 13:08 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

16.06.2013 13:08 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

16.06.2013 12:18 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.60
VDF Version: 7.11.84.240

16.06.2013 12:18 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.60
VDF Version: 7.11.84.240

16.06.2013 12:18 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

16.06.2013 12:17 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

16.06.2013 12:17 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

16.06.2013 12:13 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.74/update" aktualisiert:
vbase024.vdf 7.11.84.233
vbase025.vdf 7.11.84.234
vbase026.vdf 7.11.84.235
vbase027.vdf 7.11.84.236
vbase028.vdf 7.11.84.237
vbase029.vdf 7.11.84.238
vbase030.vdf 7.11.84.239
vbase031.vdf 7.11.84.240
aevdf.dat 7.11.84.240

16.06.2013 12:13 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.60
VDF Version: 7.11.84.240

16.06.2013 12:12 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

16.06.2013 00:22 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 455132
Anzahl Verzeichnisse: 32354
Anzahl Malware: 0
Anzahl Warnungen: 0

15.06.2013 22:31 [Planer] Auftrag gestartet
Auftrag "Vollständige Systemprüfung"
wurde erfolgreich gestartet.

15.06.2013 21:45 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 828
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0

15.06.2013 21:43 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp23e20196\gw01.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

15.06.2013 21:43 [Updater] Update erfolgreich durchgeführt
Update auf Computer LUKAS-PC (192.168.2.102) von "hxxp://80.190.148.75/update"
wurde erfolgreich durchgeführt.
Es sind keine neuen Engine/VDF Dateien verfügbar.

15.06.2013 21:43 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

15.06.2013 16:12 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.60
VDF Version: 7.11.84.224

15.06.2013 16:12 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.60
VDF Version: 7.11.84.224

15.06.2013 16:11 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

15.06.2013 16:09 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

15.06.2013 16:09 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

15.06.2013 15:49 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp176aa533\gw01.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

15.06.2013 15:45 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.60
VDF Version: 7.11.84.224

15.06.2013 15:45 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert:
vbase023.vdf 7.11.84.163
vbase024.vdf 7.11.84.164
vbase025.vdf 7.11.84.165
vbase026.vdf 7.11.84.166
vbase027.vdf 7.11.84.167
vbase028.vdf 7.11.84.168
vbase029.vdf 7.11.84.169
vbase030.vdf 7.11.84.170
vbase031.vdf 7.11.84.224
aevdf.dat 7.11.84.224
aeheur.dll 8.1.4.412
aerdl.dll 8.2.0.128
aescript.dll 8.1.4.122
aevdf.dll 8.1.3.4
aeset.dat 8.2.12.60
avreg.yml 13.6.0.1762

15.06.2013 15:45 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.60
VDF Version: 7.11.84.224

15.06.2013 15:44 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

15.06.2013 15:43 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

13.06.2013 14:00 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

12.06.2013 23:51 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.74/update" aktualisiert:
vbase031.vdf 7.11.84.102
aevdf.dat 7.11.84.102

12.06.2013 23:51 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.58
VDF Version: 7.11.84.102

12.06.2013 23:50 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

12.06.2013 22:15 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.58
VDF Version: 7.11.84.94

12.06.2013 22:15 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.58
VDF Version: 7.11.84.94

12.06.2013 22:15 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

12.06.2013 22:14 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

12.06.2013 22:14 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

12.06.2013 17:56 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.58
VDF Version: 7.11.84.94

12.06.2013 17:56 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.58
VDF Version: 7.11.84.94

12.06.2013 17:55 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

12.06.2013 17:54 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

12.06.2013 17:54 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

12.06.2013 17:51 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert:
vbase022.vdf 7.11.84.59
vbase023.vdf 7.11.84.60
vbase024.vdf 7.11.84.61
vbase025.vdf 7.11.84.62
vbase026.vdf 7.11.84.63
vbase027.vdf 7.11.84.64
vbase028.vdf 7.11.84.65
vbase029.vdf 7.11.84.66
vbase030.vdf 7.11.84.67
vbase031.vdf 7.11.84.94
aevdf.dat 7.11.84.94

12.06.2013 17:51 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.58
VDF Version: 7.11.84.94

12.06.2013 17:50 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

12.06.2013 17:44 [Updater] Update nicht ausgeführt
Das Update von Computer LUKAS-PC (192.168.2.102) von
"hxxp://89.105.213.17/update" ist fehlgeschlagen.
Das Engine/VDF Set konnte nicht validiert werden.
Es wurden keine neuen Dateien geladen.

12.06.2013 11:50 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

11.06.2013 23:41 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert:
vbase031.vdf 7.11.84.40
aevdf.dat 7.11.84.40

11.06.2013 23:41 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.58
VDF Version: 7.11.84.40

11.06.2013 23:40 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

11.06.2013 21:48 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.58
VDF Version: 7.11.84.28

11.06.2013 21:48 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.58
VDF Version: 7.11.84.28

11.06.2013 21:48 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

11.06.2013 18:03 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

11.06.2013 18:03 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

11.06.2013 17:47 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.58
VDF Version: 7.11.84.28

11.06.2013 17:47 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.58
VDF Version: 7.11.84.28

11.06.2013 17:46 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

11.06.2013 17:45 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

11.06.2013 17:45 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

11.06.2013 17:44 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 4234
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0

11.06.2013 17:42 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert:
vbase021.vdf 7.11.83.210
vbase022.vdf 7.11.83.211
vbase023.vdf 7.11.83.212
vbase024.vdf 7.11.83.213
vbase025.vdf 7.11.83.214
vbase026.vdf 7.11.83.215
vbase027.vdf 7.11.83.216
vbase028.vdf 7.11.83.217
vbase029.vdf 7.11.83.218
vbase030.vdf 7.11.83.219
vbase031.vdf 7.11.84.28
aevdf.dat 7.11.84.28
aepack.dll 8.3.2.16
aeset.dat 8.2.12.58

11.06.2013 17:42 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.58
VDF Version: 7.11.84.28

11.06.2013 17:40 [Planer] Auftrag gestartet
Auftrag "Schnelle Systemprüfung"
wurde erfolgreich gestartet.

11.06.2013 17:40 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

09.06.2013 06:50 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmpf92f1b26\gw01.exe'
wurde ein Virus oder unerwünschtes Programm 'WORM/Luder.blat' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern

09.06.2013 06:50 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

08.06.2013 16:41 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 450999
Anzahl Verzeichnisse: 32140
Anzahl Malware: 0
Anzahl Warnungen: 0

08.06.2013 14:52 [Planer] Auftrag gestartet
Auftrag "Vollständige Systemprüfung"
wurde erfolgreich gestartet.

08.06.2013 13:20 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert:
vbase020.vdf 7.11.83.121
vbase021.vdf 7.11.83.135
vbase022.vdf 7.11.83.136
vbase023.vdf 7.11.83.137
vbase024.vdf 7.11.83.138
vbase025.vdf 7.11.83.139
vbase026.vdf 7.11.83.140
vbase027.vdf 7.11.83.141
vbase028.vdf 7.11.83.142
vbase029.vdf 7.11.83.143
vbase030.vdf 7.11.83.144
vbase031.vdf 7.11.83.160
aevdf.dat 7.11.83.160

08.06.2013 13:20 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.56
VDF Version: 7.11.83.160

08.06.2013 13:19 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

08.06.2013 13:14 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.56
VDF Version: 7.11.83.78

08.06.2013 13:14 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.56
VDF Version: 7.11.83.78

08.06.2013 13:14 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

08.06.2013 01:23 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

08.06.2013 01:23 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

08.06.2013 00:48 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

08.06.2013 00:48 [Updater] Update nicht ausgeführt
Das Update von Computer LUKAS-PC (192.168.2.102) von
"hxxp://80.190.148.74/update" ist fehlgeschlagen.
Das Engine/VDF Set konnte nicht validiert werden.
Es wurden keine neuen Dateien geladen.

07.06.2013 10:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp7b9f056c\gw01.exe'
wurde ein Virus oder unerwünschtes Programm 'WORM/Luder.bjmz.1' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern

07.06.2013 10:10 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

06.06.2013 18:59 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.74/update" aktualisiert:
vbase019.vdf 7.11.83.27
vbase020.vdf 7.11.83.28
vbase021.vdf 7.11.83.29
vbase022.vdf 7.11.83.30
vbase023.vdf 7.11.83.31
vbase024.vdf 7.11.83.32
vbase025.vdf 7.11.83.33
vbase026.vdf 7.11.83.34
vbase027.vdf 7.11.83.35
vbase028.vdf 7.11.83.36
vbase029.vdf 7.11.83.37
vbase030.vdf 7.11.83.38
vbase031.vdf 7.11.83.78
aevdf.dat 7.11.83.78
aeheur.dll 8.1.4.402
aescript.dll 8.1.4.120
aeset.dat 8.2.12.56

06.06.2013 18:59 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.56
VDF Version: 7.11.83.78

06.06.2013 18:57 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

06.06.2013 18:52 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

06.06.2013 18:52 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

06.06.2013 18:52 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

06.06.2013 18:51 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

06.06.2013 18:51 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

06.06.2013 18:49 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

06.06.2013 18:49 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

06.06.2013 18:49 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

05.06.2013 17:54 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

05.06.2013 17:54 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

05.06.2013 17:35 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

05.06.2013 17:35 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

05.06.2013 17:35 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

05.06.2013 17:34 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

05.06.2013 17:34 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

05.06.2013 17:33 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert:
vbase031.vdf 7.11.83.0
aevdf.dat 7.11.83.0
avreg.yml 13.6.0.1320

05.06.2013 17:33 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

05.06.2013 17:33 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.54
VDF Version: 7.11.83.0

05.06.2013 17:33 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

05.06.2013 17:32 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

05.06.2013 17:27 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.54
VDF Version: 7.11.82.220

05.06.2013 17:27 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.54
VDF Version: 7.11.82.220

05.06.2013 17:27 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

04.06.2013 19:02 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

04.06.2013 19:02 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

04.06.2013 18:24 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert:
vbase018.vdf 7.11.82.169
vbase019.vdf 7.11.82.170
vbase020.vdf 7.11.82.171
vbase021.vdf 7.11.82.172
vbase022.vdf 7.11.82.173
vbase023.vdf 7.11.82.174
vbase024.vdf 7.11.82.175
vbase025.vdf 7.11.82.176
vbase026.vdf 7.11.82.177
vbase027.vdf 7.11.82.178
vbase028.vdf 7.11.82.179
vbase029.vdf 7.11.82.180
vbase030.vdf 7.11.82.181
vbase031.vdf 7.11.82.220
aevdf.dat 7.11.82.220
aehelp.dll 8.1.27.2
aeheur.dll 8.1.4.396
aepack.dll 8.3.2.14
aerdl.dll 8.2.0.118
aevdf.dll 8.1.3.2
aeexp.dll 8.4.0.34
aeset.dat 8.2.12.54

04.06.2013 18:24 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.54
VDF Version: 7.11.82.220

04.06.2013 18:22 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

04.06.2013 18:18 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.50
VDF Version: 7.11.82.146

04.06.2013 18:18 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.50
VDF Version: 7.11.82.146

04.06.2013 18:17 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

03.06.2013 23:29 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

03.06.2013 23:29 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

03.06.2013 23:13 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.50
VDF Version: 7.11.82.146

03.06.2013 23:13 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.50
VDF Version: 7.11.82.146

03.06.2013 23:13 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

03.06.2013 18:52 [Echtzeit-Scanner] Dienst gestoppt
Der Dienst wurde gestoppt.

03.06.2013 18:52 [Planer] Dienst gestoppt
Der Dienst wurde gestoppt.

03.06.2013 18:25 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 4075
Anzahl Verzeichnisse: 0
Anzahl Malware: 0
Anzahl Warnungen: 0

03.06.2013 18:24 [Updater] Update erfolgreich durchgeführt
Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102)
erfolgreich durchgeführt.
Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert:
vbase002.vdf 7.11.80.60
vbase003.vdf 7.11.80.61
vbase004.vdf 7.11.80.62
vbase005.vdf 7.11.80.63
vbase006.vdf 7.11.80.64
vbase007.vdf 7.11.80.65
vbase008.vdf 7.11.80.66
vbase009.vdf 7.11.80.67
vbase010.vdf 7.11.80.68
vbase011.vdf 7.11.80.69
vbase012.vdf 7.11.80.70
vbase013.vdf 7.11.80.71
vbase014.vdf 7.11.81.57
vbase015.vdf 7.11.81.137
vbase016.vdf 7.11.81.255
vbase017.vdf 7.11.82.91
vbase018.vdf 7.11.82.92
vbase019.vdf 7.11.82.93
vbase020.vdf 7.11.82.94
vbase021.vdf 7.11.82.95
vbase022.vdf 7.11.82.96
vbase023.vdf 7.11.82.97
vbase024.vdf 7.11.82.98
vbase025.vdf 7.11.82.99
vbase026.vdf 7.11.82.100
vbase027.vdf 7.11.82.101
vbase028.vdf 7.11.82.102
vbase029.vdf 7.11.82.103
vbase030.vdf 7.11.82.104
vbase031.vdf 7.11.82.146
aevdf.dat 7.11.82.146
antivir0.rdf 10.0.1.36
aeheur.dll 8.1.4.386
aescript.dll 8.1.4.118
aeexp.dll 8.4.0.32
aeset.dat 8.2.12.50

03.06.2013 18:24 [Echtzeit-Scanner] Engine neu geladen
Die Engine wurde neu geladen.
Engine Version: 8.2.12.50
VDF Version: 7.11.82.146

03.06.2013 18:22 [Planer] Auftrag gestartet
Auftrag "Schnelle Systemprüfung"
wurde erfolgreich gestartet.

03.06.2013 18:22 [Planer] Auftrag gestartet
Auftrag "Automatisches Update"
wurde erfolgreich gestartet.

03.06.2013 18:17 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.778
Engine Version: 8.2.12.44
VDF Version: 7.11.79.56

03.06.2013 18:17 [Hilfsdienst] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.1262
Engine Version: 8.2.12.44
VDF Version: 7.11.79.56

03.06.2013 18:17 [Planer] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version 13.6.0.778

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Lukas :: LUKAS-PC [Administrator]

Schutz: Aktiviert

18.06.2013 10:04:54
MBAM-log-2013-06-18 (15-30-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381076
Laufzeit: 1 Stunde(n), 44 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yxguodvuud (Trojan.Agent.ACR) -> Daten: C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe (Trojan.Agent.ACR) -> Keine Aktion durchgeführt.
__________________

Alt 18.06.2013, 14:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Die Logs bitte in CODE-Tags posten


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.06.2013, 15:23   #5
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Code:
ATTFilter
OTL logfile created on: 18.06.2013 15:49:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 38,77% Memory free
3,46 Gb Paging File | 1,95 Gb Available in Paging File | 56,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 161,20 Gb Free Space | 56,96% Space Free | Partition Type: NTFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lukas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\SearchScopes\{3C7CDAAC-AAAE-4083-B218-43B488DCDEC0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=7435E816-75F4-4DF3-A8AF-F23530A5A749&apn_sauid=2862A24A-2F65-4B5E-97A8-1972E7913928
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.12 14:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\r7i8jz36.default\extensions
[2013.05.12 14:54:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.18 16:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.18 16:24:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001..\Run: [Yxguodvuud] C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF56CDC8-8111-4A1A-8FD2-5943080DB6B7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.18 10:46:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.06.18 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.18 10:02:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.18 10:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.18 10:01:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs
[2013.06.17 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Tribes - Wish to Scream (2013)
[2013.06.16 12:14:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.16 12:14:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 22:31:35 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013.06.15 15:48:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.15 15:48:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.15 15:48:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.15 15:48:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.15 15:48:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.15 15:48:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.15 15:48:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.15 15:48:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.15 15:48:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.15 15:48:15 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.15 15:48:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.15 15:48:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.15 15:48:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 18:08:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 18:08:23 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 18:08:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 18:08:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 18:08:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 18:08:06 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 18:08:06 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 18:08:06 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 18:08:05 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 18:08:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 18:08:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 18:07:39 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 18:07:39 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.04 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.18 15:48:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.18 15:42:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 15:42:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 15:35:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.18 15:35:09 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.18 10:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.06.18 10:41:41 | 000,050,477 | ---- | M] () -- C:\Users\Lukas\Desktop\Defogger.exe
[2013.06.18 10:02:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.12 17:48:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 17:48:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2013.06.18 10:41:37 | 000,050,477 | ---- | C] () -- C:\Users\Lukas\Desktop\Defogger.exe
[2013.06.18 10:02:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 20:34:56 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2010.12.02 10:24:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 18.06.2013 15:49:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 38,77% Memory free
3,46 Gb Paging File | 1,95 Gb Available in Paging File | 56,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 161,20 Gb Free Space | 56,96% Space Free | Partition Type: NTFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0027BA6E-5A23-459D-9D6E-B5D3DC2B59DE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4A0A50F1-CAD8-42CE-8762-4CB93FA6A242}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{605739C7-191B-47C1-80D2-FBECD8F60EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77DFF8B0-A25A-415C-A2EC-42225C0ED7C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8603BC6D-77F0-494C-9815-5FDC89FF3440}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9F38957F-8F95-4B72-BE66-3987244A23F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A6F13346-E25A-4217-97A2-3B0257C7E5FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7893A2D-EB71-4952-BDAC-09F2F01845B1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D36DB4E5-EE14-4046-8641-40A2F3E681E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D617FFA6-48BC-479B-8FD9-0DA61EA3A442}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F74EC312-656A-4529-9580-D88F44B01FAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C56DC9-0B22-46F9-BA02-20AFD48CC6F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{08FE0D3D-5E72-4288-ACBF-18330A2AF700}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0C2CA729-EA87-4911-A54D-E9D9B5A853CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{21E5A09C-4702-45CC-8C4E-56DADD986025}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | 
"{23AD006F-B671-45AA-925B-4B099CC7E7C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2DBF95C5-BD37-453B-A835-1AB9D4F0CAE5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{422D80A2-C2DF-4FA5-BBE6-7AEF77D750A4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{4A2EDF64-303D-40F5-B3D6-9F6771E86B6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{4DFB5CEA-0BF7-4D90-9A81-1BFF3EBC05B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{53D1FA55-188A-4008-BF8B-3C337C0FABD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54BA2223-C664-4D9D-B170-69E8182108E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{61D6A021-DA25-48A7-8144-026B53C1A05B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{63691C27-6AB9-4C32-A845-0B5BFDEDB726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{80714254-5761-48C1-9769-9688CE6FDC7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83AA4C8E-83FF-447A-BA13-5E400C5DF97B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{854638FD-5A53-43CC-AF7D-D781DD13D0C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B61E41B-ADFA-4DCE-BB81-D558D4B81C05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C2AD52A-5B84-45F5-B7EF-D0912F095A18}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9673B0BE-4924-4AC8-9BD0-B4340ABA5DE5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9E77838A-335C-4A4F-9BC2-41EA5BB392D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A2247939-EB26-4EE2-BF18-1F1B2C64EBC1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A383EA9B-8DAD-46DE-8C1C-E3268E08375C}" = protocol=6 | dir=out | app=system | 
"{A58417B0-6151-46C8-89AC-1EB8320EDF6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9960DFF-8481-43BE-8554-BBDAA374339A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{AF8C9E41-7FD6-4F35-931F-EF9A2768053E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C105B4E3-EEA6-4179-AE21-C9A4D4DCC4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C1E7EC0E-8B81-4186-AF31-CEC958E4B2A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA9C8C06-1420-4253-B956-6B028D6DB385}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D9A0E4DC-5A5F-497F-854F-F363A1803A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBC54CD8-B12E-43AC-9C9F-A88DCBC294BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F01FDF67-A4F5-4AEB-971A-7EEE604F1D4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F87825F7-B848-4D13-AB84-0D9B7B6B99B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F90AC0C9-BBBE-434F-990F-7EE32AF238F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{6B870DA3-4138-400E-99FF-D9BAF1F5D62B}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=6 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | 
"UDP Query User{76155ABD-C9A3-4099-A92F-74232E61C9A3}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=17 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARDR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARDR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.STANDARDR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.STANDARDR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARDR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.STANDARDR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{91140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARDR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.STANDARDR" = Microsoft Office Standard 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Fliqlo" = Fliqlo Bildschirmschoner
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Simfy" = simfy
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2013 01:01:49 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16083
 
Error - 13.05.2013 01:01:49 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16083
 
Error - 15.05.2013 03:55:34 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.05.2013 03:55:34 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16411
 
Error - 15.05.2013 03:55:34 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16411
 
Error - 15.05.2013 14:41:18 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0032ffd0  ID des fehlerhaften
 Prozesses: 0xccc  Startzeit der fehlerhaften Anwendung: 0x01ce519bc6dd18e8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 077513de-bd8f-11e2-95b1-1c7508ac783a
 
Error - 16.05.2013 09:07:37 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: yvmea.exe, Version: 10.2.4.16, Zeitstempel:
 0x506efb7c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x005dff60  ID des fehlerhaften Prozesses:
 0xa28  Startzeit der fehlerhaften Anwendung: 0x01ce520d31e8bda7  Pfad der fehlerhaften
 Anwendung: C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 941133c3-be29-11e2-97cb-1c7508ac783a
 
Error - 16.05.2013 09:07:37 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PmmUpdate.exe, Version: 1.1.36.0,
 Zeitstempel: 0x4c932097  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039342  ID des fehlerhaften
 Prozesses: 0xaa8  Startzeit der fehlerhaften Anwendung: 0x01ce520d32b3129e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 944f178a-be29-11e2-97cb-1c7508ac783a
 
Error - 16.05.2013 09:07:38 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.05.2013 09:07:38 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8699396
 
Error - 16.05.2013 09:07:38 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8699396
 
[ System Events ]
Error - 17.05.2013 11:17:00 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 AMD External Events Utility erreicht.
 
Error - 17.05.2013 11:17:00 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 17.05.2013 11:25:59 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 AMD External Events Utility erreicht.
 
Error - 17.05.2013 11:25:59 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 18.05.2013 13:00:50 | Computer Name = Lukas-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 08.06.2013 09:15:21 | Computer Name = Lukas-PC | Source = volsnap | ID = 393224
Description = Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume
 "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
 
Error - 11.06.2013 11:40:16 | Computer Name = Lukas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12.06.2013 11:44:35 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 12.06.2013 16:13:55 | Computer Name = Lukas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.06.2013 09:44:22 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
 
< End of report >
         


Alt 18.06.2013, 23:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden

Alt 19.06.2013, 17:59   #7
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Combofix:
Code:
ATTFilter
ComboFix 13-06-18.02 - Lukas 19.06.2013  18:32:58.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1771.821 [GMT 2:00]
ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0544F847-3CC6-4A5D-84D2-9ABD5BF01DE6}.xps
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-19 bis 2013-06-19  ))))))))))))))))))))))))))))))
.
.
2013-06-19 16:43 . 2013-06-19 16:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-18 08:02 . 2013-06-18 08:02	--------	d-----w-	c:\users\Lukas\AppData\Roaming\Malwarebytes
2013-06-18 08:02 . 2013-06-18 08:02	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-18 08:02 . 2013-06-18 08:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-18 08:02 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-18 08:01 . 2013-06-18 08:01	--------	d-----w-	c:\users\Lukas\AppData\Local\Programs
2013-06-15 20:31 . 2013-06-15 20:31	--------	d-----w-	c:\windows\Profiles
2013-06-12 16:08 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 16:07 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 16:07 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-04 16:20 . 2013-06-07 22:51	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-15 13:49 . 2011-06-02 18:34	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 15:48 . 2012-09-01 12:29	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:48 . 2011-05-31 21:51	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 12:25 . 2010-06-24 10:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-07 21:12 . 2013-05-07 21:13	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-04-13 05:49 . 2013-05-16 08:23	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 08:23	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 08:23	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 08:23	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 08:23	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 08:23	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 17:01	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 08:24	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 08:24	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 08:23	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-06 12:50 . 2012-10-31 09:46	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-04-06 12:50 . 2011-06-27 10:23	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-04 03:35 . 2013-05-09 15:12	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-01 12:19 . 2013-04-01 12:20	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-01 12:19 . 2013-04-01 12:20	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-01 12:19 . 2013-04-01 12:20	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-01 06:03 . 2013-05-16 08:23	78680	----a-w-	c:\windows\system32\mcupdate_AuthenticAMD.dll
2013-03-29 02:04 . 2013-03-29 02:04	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 02:04 . 2013-03-29 02:04	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 02:04 . 2013-03-29 02:04	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 02:04 . 2013-03-29 02:04	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 02:04 . 2013-03-29 02:04	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 02:04 . 2013-03-29 02:04	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 02:04 . 2013-03-29 02:04	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 02:04 . 2013-03-29 02:04	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 02:04 . 2013-03-29 02:04	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 02:04 . 2013-03-29 02:04	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 02:04 . 2013-03-29 02:04	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 02:04 . 2013-03-29 02:04	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 02:04 . 2013-03-29 02:04	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 02:04 . 2013-03-29 02:04	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 02:04 . 2013-03-29 02:04	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 02:04 . 2013-03-29 02:04	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 02:04 . 2013-03-29 02:04	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 02:04 . 2013-03-29 02:04	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 02:04 . 2013-03-29 02:04	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 02:04 . 2013-03-29 02:04	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 02:04 . 2013-03-29 02:04	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 02:04 . 2013-03-29 02:04	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 02:04 . 2013-03-29 02:04	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 02:04 . 2013-03-29 02:04	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 02:04 . 2013-03-29 02:04	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 02:04 . 2013-03-29 02:04	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 02:04 . 2013-03-29 02:04	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 02:04 . 2013-03-29 02:04	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 02:04 . 2013-03-29 02:04	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 02:04 . 2013-03-29 02:04	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 02:04 . 2013-03-29 02:04	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 02:04 . 2013-03-29 02:04	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 02:04 . 2013-03-29 02:04	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 02:04 . 2013-03-29 02:04	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 02:04 . 2013-03-29 02:04	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 02:04 . 2013-03-29 02:04	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 02:04 . 2013-03-29 02:04	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 02:04 . 2013-03-29 02:04	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 02:04 . 2013-03-29 02:04	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 02:04 . 2013-03-29 02:04	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 02:04 . 2013-03-29 02:04	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 02:04 . 2013-03-29 02:04	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 02:04 . 2013-03-29 02:04	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-29 02:04 . 2013-03-29 02:04	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 02:04 . 2013-03-29 02:04	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 02:04 . 2013-03-29 02:04	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 02:04 . 2013-03-29 02:04	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 02:04 . 2013-03-29 02:04	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 02:04 . 2013-03-29 02:04	12800	----a-w-	c:\windows\system32\msfeedssync.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-31 1029200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 15:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\r7i8jz36.default\
FF - ExtSQL: 2013-05-12 14:54; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\r7i8jz36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Yxguodvuud - c:\users\Lukas\AppData\Roaming\Peyt\yvmea.exe
Wow6432Node-HKLM-Run-MDS_Menu - c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-19  18:48:49
ComboFix-quarantined-files.txt  2013-06-19 16:48
.
Vor Suchlauf: 9 Verzeichnis(se), 173.411.282.944 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 173.834.547.200 Bytes frei
.
- - End Of File - - 8562C84E0F5B8556057A9D4A20133D98
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 19.06.2013, 18:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.06.2013, 20:05   #9
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



mbar hatt nichts gefunden.

Gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 20:21:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3265GSX rev.GJ002J 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fwloapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000074ff1465 2 bytes [FF, 74]
.text   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       0000000074ff14bb 2 bytes [FF, 74]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074ff1465 2 bytes [FF, 74]
.text   C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074ff14bb 2 bytes [FF, 74]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000074ff1465 2 bytes [FF, 74]
.text   C:\Program Files (x86)\Launch Manager\LManager.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000074ff14bb 2 bytes [FF, 74]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         0000000074ff1465 2 bytes [FF, 74]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        0000000074ff14bb 2 bytes [FF, 74]
.text   ...                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1036:1652]                                                                                          000007fef6d45170
Thread  C:\Windows\system32\svchost.exe [1036:2636]                                                                                          000007fefa45341c
Thread  C:\Windows\system32\svchost.exe [1036:1096]                                                                                          000007fefa453a2c
Thread  C:\Windows\system32\svchost.exe [1036:3736]                                                                                          000007fefa453768
Thread  C:\Windows\system32\svchost.exe [1036:400]                                                                                           000007fefa455c20
Thread  C:\Windows\System32\spoolsv.exe [1284:1852]                                                                                          000007fef60610c8
Thread  C:\Windows\System32\spoolsv.exe [1284:2772]                                                                                          000007fef62a6144
Thread  C:\Windows\System32\spoolsv.exe [1284:2828]                                                                                          000007fef6025fd0
Thread  C:\Windows\System32\spoolsv.exe [1284:2848]                                                                                          000007fef6303438
Thread  C:\Windows\System32\spoolsv.exe [1284:2696]                                                                                          000007fef60263ec
Thread  C:\Windows\System32\spoolsv.exe [1284:2856]                                                                                          000007fef6a85e5c
Thread  C:\Windows\System32\spoolsv.exe [1284:2408]                                                                                          000007fef64d5074

---- EOF - GMER 2.1 ----
         
Malewarbytes Anti-rootkit:
Code:
ATTFilter
AMalwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Lukas :: LUKAS-PC [administrator]

19.06.2013 20:33:26
mbar-log-2013-06-19 (20-33-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 259428
Time elapsed: 24 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 19.06.2013, 20:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.06.2013, 21:03   #11
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



aswMBR:

HTML-Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-19 21:31:24
-----------------------------
21:31:24.971    OS Version: Windows x64 6.1.7601 Service Pack 1
21:31:24.971    Number of processors: 2 586 0x100
21:31:24.971    ComputerName: LUKAS-PC  UserName: Lukas
21:31:26.110    Initialize success
21:33:12.834    AVAST engine defs: 13061901
21:33:45.175    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:33:45.190    Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
21:33:45.331    Disk 0 MBR read successfully
21:33:45.331    Disk 0 MBR scan
21:33:45.487    Disk 0 Windows 7 default MBR code
21:33:45.518    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
21:33:45.565    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
21:33:45.643    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       289783 MB offset 31664128
21:33:45.877    Disk 0 scanning C:\Windows\system32\drivers
21:34:07.654    Service scanning
21:35:04.454    Modules scanning
21:35:04.470    Disk 0 trace - called modules:
21:35:04.516    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:35:04.516    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002495060]
21:35:04.532    3 CLASSPNP.SYS[fffff8800190b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001fbd680]
21:35:05.421    AVAST engine scan C:\Windows
21:35:10.647    AVAST engine scan C:\Windows\system32
21:41:52.887    AVAST engine scan C:\Windows\system32\drivers
21:42:17.258    AVAST engine scan C:\Users\Lukas
21:55:24.079    AVAST engine scan C:\ProgramData
21:58:00.223    Scan finished successfully
22:01:16.970    Disk 0 MBR has been saved successfully to "C:\Users\Lukas\Desktop\MBR.dat"
22:01:16.986    The log file has been saved successfully to "C:\Users\Lukas\Desktop\aswMBR.txt"
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-19 21:31:24
-----------------------------
21:31:24.971    OS Version: Windows x64 6.1.7601 Service Pack 1
21:31:24.971    Number of processors: 2 586 0x100
21:31:24.971    ComputerName: LUKAS-PC  UserName: Lukas
21:31:26.110    Initialize success
21:33:12.834    AVAST engine defs: 13061901
21:33:45.175    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:33:45.190    Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
21:33:45.331    Disk 0 MBR read successfully
21:33:45.331    Disk 0 MBR scan
21:33:45.487    Disk 0 Windows 7 default MBR code
21:33:45.518    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
21:33:45.565    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
21:33:45.643    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       289783 MB offset 31664128
21:33:45.877    Disk 0 scanning C:\Windows\system32\drivers
21:34:07.654    Service scanning
21:35:04.454    Modules scanning
21:35:04.470    Disk 0 trace - called modules:
21:35:04.516    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:35:04.516    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002495060]
21:35:04.532    3 CLASSPNP.SYS[fffff8800190b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001fbd680]
21:35:05.421    AVAST engine scan C:\Windows
21:35:10.647    AVAST engine scan C:\Windows\system32
21:41:52.887    AVAST engine scan C:\Windows\system32\drivers
21:42:17.258    AVAST engine scan C:\Users\Lukas
21:55:24.079    AVAST engine scan C:\ProgramData
21:58:00.223    Scan finished successfully
22:01:16.970    Disk 0 MBR has been saved successfully to "C:\Users\Lukas\Desktop\MBR.dat"
22:01:16.986    The log file has been saved successfully to "C:\Users\Lukas\Desktop\aswMBR.txt"
         

Alt 19.06.2013, 21:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.06.2013, 21:18   #13
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



TDSS-Killer

Code:
ATTFilter
22:12:32.0351 2420  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:12:32.0835 2420  ============================================================
22:12:32.0835 2420  Current date / time: 2013/06/19 22:12:32.0835
22:12:32.0835 2420  SystemInfo:
22:12:32.0835 2420  
22:12:32.0835 2420  OS Version: 6.1.7601 ServicePack: 1.0
22:12:32.0835 2420  Product type: Workstation
22:12:32.0835 2420  ComputerName: LUKAS-PC
22:12:32.0835 2420  UserName: Lukas
22:12:32.0835 2420  Windows directory: C:\Windows
22:12:32.0835 2420  System windows directory: C:\Windows
22:12:32.0835 2420  Running under WOW64
22:12:32.0835 2420  Processor architecture: Intel x64
22:12:32.0835 2420  Number of processors: 2
22:12:32.0835 2420  Page size: 0x1000
22:12:32.0835 2420  Boot type: Normal boot
22:12:32.0835 2420  ============================================================
22:12:34.0567 2420  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:12:34.0582 2420  ============================================================
22:12:34.0582 2420  \Device\Harddisk0\DR0:
22:12:34.0582 2420  MBR partitions:
22:12:34.0582 2420  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
22:12:34.0582 2420  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
22:12:34.0582 2420  ============================================================
22:12:34.0629 2420  C: <-> \Device\Harddisk0\DR0\Partition2
22:12:34.0645 2420  ============================================================
22:12:34.0660 2420  Initialize success
22:12:34.0660 2420  ============================================================
22:13:49.0306 4908  ============================================================
22:13:49.0306 4908  Scan started
22:13:49.0306 4908  Mode: Manual; SigCheck; TDLFS; 
22:13:49.0306 4908  ============================================================
22:13:49.0603 4908  ================ Scan system memory ========================
22:13:49.0603 4908  System memory - ok
22:13:49.0618 4908  ================ Scan services =============================
22:13:49.0852 4908  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:13:50.0367 4908  1394ohci - ok
22:13:50.0430 4908  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:13:50.0476 4908  ACPI - ok
22:13:50.0523 4908  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:13:50.0664 4908  AcpiPmi - ok
22:13:50.0804 4908  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:13:50.0851 4908  AdobeFlashPlayerUpdateSvc - ok
22:13:50.0913 4908  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:13:50.0960 4908  adp94xx - ok
22:13:50.0991 4908  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:13:51.0022 4908  adpahci - ok
22:13:51.0038 4908  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:13:51.0069 4908  adpu320 - ok
22:13:51.0100 4908  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:13:51.0288 4908  AeLookupSvc - ok
22:13:51.0350 4908  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:13:51.0459 4908  AFD - ok
22:13:51.0506 4908  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:13:51.0537 4908  agp440 - ok
22:13:51.0568 4908  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:13:51.0662 4908  ALG - ok
22:13:51.0709 4908  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:13:51.0740 4908  aliide - ok
22:13:51.0802 4908  [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:13:51.0912 4908  AMD External Events Utility - ok
22:13:51.0958 4908  AMD FUEL Service - ok
22:13:52.0005 4908  [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
22:13:52.0036 4908  AMD Reservation Manager - ok
22:13:52.0068 4908  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:13:52.0099 4908  amdide - ok
22:13:52.0146 4908  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
22:13:52.0380 4908  amdiox64 - ok
22:13:52.0395 4908  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:13:52.0489 4908  AmdK8 - ok
22:13:52.0707 4908  [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:13:53.0019 4908  amdkmdag - ok
22:13:53.0066 4908  [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:13:53.0128 4908  amdkmdap - ok
22:13:53.0160 4908  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:13:53.0238 4908  AmdPPM - ok
22:13:53.0284 4908  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:13:53.0316 4908  amdsata - ok
22:13:53.0347 4908  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:13:53.0378 4908  amdsbs - ok
22:13:53.0394 4908  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:13:53.0425 4908  amdxata - ok
22:13:53.0503 4908  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:13:53.0534 4908  AntiVirSchedulerService - ok
22:13:53.0581 4908  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:13:53.0612 4908  AntiVirService - ok
22:13:53.0659 4908  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:13:53.0877 4908  AppID - ok
22:13:53.0924 4908  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:13:54.0002 4908  AppIDSvc - ok
22:13:54.0064 4908  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:13:54.0142 4908  Appinfo - ok
22:13:54.0252 4908  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:13:54.0283 4908  Apple Mobile Device - ok
22:13:54.0330 4908  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:13:54.0361 4908  arc - ok
22:13:54.0376 4908  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:13:54.0408 4908  arcsas - ok
22:13:54.0439 4908  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:13:54.0532 4908  AsyncMac - ok
22:13:54.0579 4908  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:13:54.0610 4908  atapi - ok
22:13:54.0688 4908  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:13:54.0782 4908  athr - ok
22:13:54.0860 4908  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:13:54.0876 4908  AtiHDAudioService - ok
22:13:54.0938 4908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:13:55.0063 4908  AudioEndpointBuilder - ok
22:13:55.0078 4908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:13:55.0156 4908  AudioSrv - ok
22:13:55.0203 4908  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:13:55.0250 4908  avgntflt - ok
22:13:55.0297 4908  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:13:55.0328 4908  avipbb - ok
22:13:55.0359 4908  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:13:55.0375 4908  avkmgr - ok
22:13:55.0437 4908  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:13:55.0578 4908  AxInstSV - ok
22:13:55.0609 4908  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:13:55.0671 4908  b06bdrv - ok
22:13:55.0702 4908  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:13:55.0765 4908  b57nd60a - ok
22:13:55.0812 4908  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:13:55.0890 4908  BDESVC - ok
22:13:55.0921 4908  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:13:56.0014 4908  Beep - ok
22:13:56.0092 4908  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:13:56.0202 4908  BFE - ok
22:13:56.0233 4908  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:13:56.0358 4908  BITS - ok
22:13:56.0389 4908  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:13:56.0436 4908  blbdrive - ok
22:13:56.0498 4908  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:13:56.0545 4908  Bonjour Service - ok
22:13:56.0576 4908  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:13:56.0638 4908  bowser - ok
22:13:56.0670 4908  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:13:56.0763 4908  BrFiltLo - ok
22:13:56.0779 4908  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:13:56.0841 4908  BrFiltUp - ok
22:13:56.0888 4908  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:13:56.0982 4908  BridgeMP - ok
22:13:57.0044 4908  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:13:57.0122 4908  Browser - ok
22:13:57.0138 4908  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:13:57.0216 4908  Brserid - ok
22:13:57.0262 4908  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:13:57.0309 4908  BrSerWdm - ok
22:13:57.0325 4908  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:13:57.0387 4908  BrUsbMdm - ok
22:13:57.0403 4908  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:13:57.0450 4908  BrUsbSer - ok
22:13:57.0481 4908  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:13:57.0528 4908  BTHMODEM - ok
22:13:57.0574 4908  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:13:57.0652 4908  bthserv - ok
22:13:57.0684 4908  catchme - ok
22:13:57.0699 4908  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:13:57.0808 4908  cdfs - ok
22:13:57.0871 4908  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:13:57.0918 4908  cdrom - ok
22:13:57.0964 4908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:13:58.0042 4908  CertPropSvc - ok
22:13:58.0074 4908  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:13:58.0120 4908  circlass - ok
22:13:58.0167 4908  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:13:58.0198 4908  CLFS - ok
22:13:58.0261 4908  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:13:58.0292 4908  clr_optimization_v2.0.50727_32 - ok
22:13:58.0339 4908  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:13:58.0354 4908  clr_optimization_v2.0.50727_64 - ok
22:13:58.0448 4908  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:13:58.0526 4908  clr_optimization_v4.0.30319_32 - ok
22:13:58.0573 4908  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:13:58.0588 4908  clr_optimization_v4.0.30319_64 - ok
22:13:58.0635 4908  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:13:58.0682 4908  CmBatt - ok
22:13:58.0682 4908  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:13:58.0713 4908  cmdide - ok
22:13:58.0776 4908  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:13:58.0838 4908  CNG - ok
22:13:58.0932 4908  [ 78AC76700D37A98B5BADB19D57301BD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:13:59.0010 4908  CnxtHdAudService - ok
22:13:59.0041 4908  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:13:59.0072 4908  Compbatt - ok
22:13:59.0134 4908  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:13:59.0212 4908  CompositeBus - ok
22:13:59.0228 4908  COMSysApp - ok
22:13:59.0259 4908  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:13:59.0290 4908  crcdisk - ok
22:13:59.0337 4908  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:13:59.0415 4908  CryptSvc - ok
22:13:59.0493 4908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:13:59.0587 4908  DcomLaunch - ok
22:13:59.0634 4908  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:13:59.0727 4908  defragsvc - ok
22:13:59.0790 4908  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:13:59.0883 4908  DfsC - ok
22:13:59.0961 4908  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:14:00.0055 4908  Dhcp - ok
22:14:00.0102 4908  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:14:00.0180 4908  discache - ok
22:14:00.0211 4908  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:14:00.0242 4908  Disk - ok
22:14:00.0273 4908  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:14:00.0336 4908  Dnscache - ok
22:14:00.0382 4908  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:14:00.0460 4908  dot3svc - ok
22:14:00.0507 4908  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:14:00.0601 4908  DPS - ok
22:14:00.0648 4908  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:14:00.0694 4908  drmkaud - ok
22:14:00.0772 4908  [ 53E4843E1CD3653E665DAA32241F8F8B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:14:00.0819 4908  DsiWMIService - ok
22:14:00.0882 4908  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:14:00.0944 4908  DXGKrnl - ok
22:14:00.0991 4908  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:14:01.0069 4908  EapHost - ok
22:14:01.0194 4908  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:14:01.0318 4908  ebdrv - ok
22:14:01.0365 4908  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:14:01.0459 4908  EFS - ok
22:14:01.0506 4908  [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
22:14:01.0537 4908  EgisTec Ticket Service - ok
22:14:01.0599 4908  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:14:01.0740 4908  ehRecvr - ok
22:14:01.0771 4908  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:14:01.0880 4908  ehSched - ok
22:14:01.0927 4908  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:14:01.0958 4908  elxstor - ok
22:14:02.0036 4908  [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:14:02.0083 4908  ePowerSvc - ok
22:14:02.0098 4908  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:14:02.0145 4908  ErrDev - ok
22:14:02.0192 4908  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:14:02.0286 4908  EventSystem - ok
22:14:02.0317 4908  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:14:02.0395 4908  exfat - ok
22:14:02.0442 4908  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:14:02.0535 4908  fastfat - ok
22:14:02.0598 4908  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:14:02.0738 4908  Fax - ok
22:14:02.0769 4908  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:14:02.0800 4908  fdc - ok
22:14:02.0847 4908  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:14:02.0941 4908  fdPHost - ok
22:14:02.0956 4908  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:14:03.0034 4908  FDResPub - ok
22:14:03.0066 4908  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:14:03.0097 4908  FileInfo - ok
22:14:03.0112 4908  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:14:03.0222 4908  Filetrace - ok
22:14:03.0284 4908  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:14:03.0315 4908  FLEXnet Licensing Service - ok
22:14:03.0346 4908  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:14:03.0393 4908  flpydisk - ok
22:14:03.0440 4908  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:14:03.0487 4908  FltMgr - ok
22:14:03.0549 4908  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:14:03.0658 4908  FontCache - ok
22:14:03.0721 4908  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:14:03.0752 4908  FontCache3.0.0.0 - ok
22:14:03.0783 4908  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:14:03.0814 4908  FsDepends - ok
22:14:03.0861 4908  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:14:03.0892 4908  Fs_Rec - ok
22:14:03.0955 4908  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:14:04.0002 4908  fvevol - ok
22:14:04.0048 4908  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:14:04.0064 4908  gagp30kx - ok
22:14:04.0111 4908  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:14:04.0126 4908  GEARAspiWDM - ok
22:14:04.0189 4908  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:14:04.0298 4908  gpsvc - ok
22:14:04.0329 4908  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:14:04.0376 4908  GREGService - ok
22:14:04.0407 4908  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:14:04.0516 4908  hcw85cir - ok
22:14:04.0579 4908  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:14:04.0626 4908  HdAudAddService - ok
22:14:04.0688 4908  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:14:04.0735 4908  HDAudBus - ok
22:14:04.0766 4908  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:14:04.0813 4908  HidBatt - ok
22:14:04.0844 4908  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:14:04.0891 4908  HidBth - ok
22:14:04.0922 4908  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:14:04.0969 4908  HidIr - ok
22:14:04.0984 4908  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:14:05.0078 4908  hidserv - ok
22:14:05.0125 4908  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:14:05.0156 4908  HidUsb - ok
22:14:05.0203 4908  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:14:05.0281 4908  hkmsvc - ok
22:14:05.0328 4908  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:14:05.0452 4908  HomeGroupListener - ok
22:14:05.0484 4908  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:14:05.0530 4908  HomeGroupProvider - ok
22:14:05.0577 4908  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:14:05.0608 4908  HpSAMD - ok
22:14:05.0671 4908  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:14:05.0780 4908  HTTP - ok
22:14:05.0827 4908  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:14:05.0858 4908  hwpolicy - ok
22:14:05.0920 4908  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:14:05.0952 4908  i8042prt - ok
22:14:05.0998 4908  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:14:06.0030 4908  iaStorV - ok
22:14:06.0123 4908  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:14:06.0170 4908  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:14:06.0170 4908  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:14:06.0248 4908  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:14:06.0295 4908  idsvc - ok
22:14:06.0342 4908  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:14:06.0373 4908  iirsp - ok
22:14:06.0420 4908  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:14:06.0529 4908  IKEEXT - ok
22:14:06.0576 4908  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:14:06.0622 4908  intelide - ok
22:14:06.0654 4908  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:14:06.0700 4908  intelppm - ok
22:14:06.0732 4908  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:14:06.0825 4908  IPBusEnum - ok
22:14:06.0872 4908  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:14:06.0950 4908  IpFilterDriver - ok
22:14:07.0012 4908  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:14:07.0090 4908  iphlpsvc - ok
22:14:07.0137 4908  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:14:07.0168 4908  IPMIDRV - ok
22:14:07.0200 4908  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:14:07.0293 4908  IPNAT - ok
22:14:07.0356 4908  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:14:07.0418 4908  iPod Service - ok
22:14:07.0434 4908  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:14:07.0543 4908  IRENUM - ok
22:14:07.0574 4908  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:14:07.0590 4908  isapnp - ok
22:14:07.0636 4908  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:14:07.0668 4908  iScsiPrt - ok
22:14:07.0699 4908  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:14:07.0730 4908  kbdclass - ok
22:14:07.0777 4908  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:14:07.0808 4908  kbdhid - ok
22:14:07.0824 4908  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:14:07.0855 4908  KeyIso - ok
22:14:07.0902 4908  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:14:07.0933 4908  KSecDD - ok
22:14:07.0980 4908  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:14:08.0011 4908  KSecPkg - ok
22:14:08.0042 4908  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:14:08.0136 4908  ksthunk - ok
22:14:08.0167 4908  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:14:08.0260 4908  KtmRm - ok
22:14:08.0307 4908  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:14:08.0323 4908  L1C - ok
22:14:08.0385 4908  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:14:08.0479 4908  LanmanServer - ok
22:14:08.0526 4908  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:14:08.0604 4908  LanmanWorkstation - ok
22:14:08.0650 4908  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:14:08.0744 4908  lltdio - ok
22:14:08.0775 4908  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:14:08.0869 4908  lltdsvc - ok
22:14:08.0884 4908  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:14:08.0962 4908  lmhosts - ok
22:14:08.0994 4908  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:14:09.0009 4908  LSI_FC - ok
22:14:09.0040 4908  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:14:09.0056 4908  LSI_SAS - ok
22:14:09.0072 4908  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:14:09.0103 4908  LSI_SAS2 - ok
22:14:09.0134 4908  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:14:09.0150 4908  LSI_SCSI - ok
22:14:09.0181 4908  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:14:09.0274 4908  luafv - ok
22:14:09.0306 4908  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:14:09.0321 4908  MBAMProtector - ok
22:14:09.0384 4908  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:14:09.0430 4908  MBAMScheduler - ok
22:14:09.0462 4908  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:14:09.0493 4908  MBAMService - ok
22:14:09.0540 4908  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:14:09.0586 4908  Mcx2Svc - ok
22:14:09.0618 4908  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:14:09.0649 4908  megasas - ok
22:14:09.0696 4908  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:14:09.0727 4908  MegaSR - ok
22:14:09.0758 4908  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:14:09.0852 4908  MMCSS - ok
22:14:09.0883 4908  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:14:09.0976 4908  Modem - ok
22:14:10.0008 4908  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:14:10.0054 4908  monitor - ok
22:14:10.0117 4908  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:14:10.0148 4908  mouclass - ok
22:14:10.0179 4908  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:14:10.0226 4908  mouhid - ok
22:14:10.0273 4908  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:14:10.0320 4908  mountmgr - ok
22:14:10.0382 4908  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:14:10.0413 4908  MozillaMaintenance - ok
22:14:10.0444 4908  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:14:10.0491 4908  mpio - ok
22:14:10.0522 4908  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:14:10.0616 4908  mpsdrv - ok
22:14:10.0663 4908  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:14:10.0756 4908  MpsSvc - ok
22:14:10.0788 4908  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:14:10.0850 4908  MRxDAV - ok
22:14:10.0897 4908  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:14:10.0959 4908  mrxsmb - ok
22:14:11.0006 4908  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:14:11.0037 4908  mrxsmb10 - ok
22:14:11.0068 4908  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:14:11.0100 4908  mrxsmb20 - ok
22:14:11.0146 4908  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:14:11.0178 4908  msahci - ok
22:14:11.0271 4908  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
22:14:11.0302 4908  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
22:14:11.0302 4908  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
22:14:11.0334 4908  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:14:11.0365 4908  msdsm - ok
22:14:11.0380 4908  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:14:11.0443 4908  MSDTC - ok
22:14:11.0505 4908  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:14:11.0568 4908  Msfs - ok
22:14:11.0599 4908  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:14:11.0692 4908  mshidkmdf - ok
22:14:11.0724 4908  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:14:11.0739 4908  msisadrv - ok
22:14:11.0786 4908  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:14:11.0880 4908  MSiSCSI - ok
22:14:11.0880 4908  msiserver - ok
22:14:11.0926 4908  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:14:11.0989 4908  MSKSSRV - ok
22:14:12.0020 4908  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:14:12.0114 4908  MSPCLOCK - ok
22:14:12.0129 4908  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:14:12.0207 4908  MSPQM - ok
22:14:12.0254 4908  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:14:12.0285 4908  MsRPC - ok
22:14:12.0332 4908  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:14:12.0379 4908  mssmbios - ok
22:14:12.0410 4908  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:14:12.0488 4908  MSTEE - ok
22:14:12.0504 4908  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:14:12.0550 4908  MTConfig - ok
22:14:12.0566 4908  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:14:12.0597 4908  Mup - ok
22:14:12.0613 4908  [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:14:12.0628 4908  mwlPSDFilter - ok
22:14:12.0644 4908  [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:14:12.0675 4908  mwlPSDNServ - ok
22:14:12.0691 4908  [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:14:12.0706 4908  mwlPSDVDisk - ok
22:14:12.0769 4908  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:14:12.0878 4908  napagent - ok
22:14:12.0940 4908  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:14:12.0987 4908  NativeWifiP - ok
22:14:13.0065 4908  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
22:14:13.0128 4908  NAUpdate - ok
22:14:13.0190 4908  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:14:13.0237 4908  NDIS - ok
22:14:13.0284 4908  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:14:13.0362 4908  NdisCap - ok
22:14:13.0377 4908  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:14:13.0455 4908  NdisTapi - ok
22:14:13.0518 4908  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:14:13.0611 4908  Ndisuio - ok
22:14:13.0658 4908  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:14:13.0752 4908  NdisWan - ok
22:14:13.0783 4908  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:14:13.0861 4908  NDProxy - ok
22:14:13.0892 4908  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:14:13.0986 4908  NetBIOS - ok
22:14:14.0032 4908  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:14:14.0110 4908  NetBT - ok
22:14:14.0142 4908  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:14:14.0173 4908  Netlogon - ok
22:14:14.0204 4908  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:14:14.0298 4908  Netman - ok
22:14:14.0329 4908  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:14:14.0422 4908  netprofm - ok
22:14:14.0454 4908  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:14:14.0485 4908  NetTcpPortSharing - ok
22:14:14.0532 4908  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:14:14.0547 4908  nfrd960 - ok
22:14:14.0578 4908  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:14:14.0641 4908  NlaSvc - ok
22:14:14.0656 4908  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:14:14.0719 4908  Npfs - ok
22:14:14.0766 4908  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:14:14.0844 4908  nsi - ok
22:14:14.0875 4908  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:14:14.0968 4908  nsiproxy - ok
22:14:15.0046 4908  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:14:15.0124 4908  Ntfs - ok
22:14:15.0202 4908  [ 8F59A2506AF43F96F5397B3C79938AE9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
22:14:15.0234 4908  NTI IScheduleSvc - ok
22:14:15.0280 4908  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
22:14:15.0296 4908  NTIDrvr - ok
22:14:15.0312 4908  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:14:15.0405 4908  Null - ok
22:14:15.0452 4908  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:14:15.0483 4908  nvraid - ok
22:14:15.0514 4908  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:14:15.0546 4908  nvstor - ok
22:14:15.0592 4908  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:14:15.0624 4908  nv_agp - ok
22:14:15.0655 4908  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:14:15.0686 4908  ohci1394 - ok
22:14:15.0764 4908  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:14:15.0780 4908  ose64 - ok
22:14:15.0982 4908  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:14:16.0185 4908  osppsvc - ok
22:14:16.0232 4908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:14:16.0279 4908  p2pimsvc - ok
22:14:16.0310 4908  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:14:16.0357 4908  p2psvc - ok
22:14:16.0419 4908  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
22:14:16.0435 4908  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
22:14:16.0435 4908  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
22:14:16.0466 4908  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:14:16.0497 4908  Parport - ok
22:14:16.0528 4908  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:14:16.0560 4908  partmgr - ok
22:14:16.0591 4908  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:14:16.0622 4908  PcaSvc - ok
22:14:16.0669 4908  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:14:16.0700 4908  pci - ok
22:14:16.0716 4908  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:14:16.0747 4908  pciide - ok
22:14:16.0778 4908  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:14:16.0809 4908  pcmcia - ok
22:14:16.0840 4908  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:14:16.0856 4908  pcw - ok
22:14:16.0887 4908  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:14:16.0996 4908  PEAUTH - ok
22:14:17.0074 4908  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:14:17.0121 4908  PerfHost - ok
22:14:17.0215 4908  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:14:17.0324 4908  pla - ok
22:14:17.0386 4908  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:14:17.0433 4908  PlugPlay - ok
22:14:17.0464 4908  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:14:17.0511 4908  PNRPAutoReg - ok
22:14:17.0542 4908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:14:17.0574 4908  PNRPsvc - ok
22:14:17.0620 4908  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:14:17.0698 4908  PolicyAgent - ok
22:14:17.0745 4908  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:14:17.0854 4908  Power - ok
22:14:17.0901 4908  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:14:17.0995 4908  PptpMiniport - ok
22:14:18.0026 4908  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:14:18.0057 4908  Processor - ok
22:14:18.0104 4908  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:14:18.0182 4908  ProfSvc - ok
22:14:18.0198 4908  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:14:18.0229 4908  ProtectedStorage - ok
22:14:18.0260 4908  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:14:18.0354 4908  Psched - ok
22:14:18.0400 4908  [ 5D6C8E778F0218FCD2CCA0EFBC9766CA ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
22:14:18.0432 4908  PxHlpa64 - ok
22:14:18.0478 4908  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:14:18.0556 4908  ql2300 - ok
22:14:18.0588 4908  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:14:18.0619 4908  ql40xx - ok
22:14:18.0666 4908  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:14:18.0697 4908  QWAVE - ok
22:14:18.0728 4908  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:14:18.0775 4908  QWAVEdrv - ok
22:14:18.0790 4908  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:14:18.0884 4908  RasAcd - ok
22:14:18.0915 4908  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:14:19.0009 4908  RasAgileVpn - ok
22:14:19.0040 4908  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:14:19.0118 4908  RasAuto - ok
22:14:19.0165 4908  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:14:19.0243 4908  Rasl2tp - ok
22:14:19.0305 4908  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:14:19.0399 4908  RasMan - ok
22:14:19.0446 4908  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:14:19.0539 4908  RasPppoe - ok
22:14:19.0570 4908  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:14:19.0648 4908  RasSstp - ok
22:14:19.0711 4908  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:14:19.0789 4908  rdbss - ok
22:14:19.0820 4908  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:14:19.0867 4908  rdpbus - ok
22:14:19.0882 4908  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:14:19.0976 4908  RDPCDD - ok
22:14:19.0992 4908  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:14:20.0085 4908  RDPENCDD - ok
22:14:20.0101 4908  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:14:20.0179 4908  RDPREFMP - ok
22:14:20.0226 4908  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:14:20.0319 4908  RDPWD - ok
22:14:20.0382 4908  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:14:20.0413 4908  rdyboost - ok
22:14:20.0444 4908  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:14:20.0522 4908  RemoteAccess - ok
22:14:20.0569 4908  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:14:20.0662 4908  RemoteRegistry - ok
22:14:20.0678 4908  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:14:20.0772 4908  RpcEptMapper - ok
22:14:20.0803 4908  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:14:20.0850 4908  RpcLocator - ok
22:14:20.0896 4908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:14:20.0974 4908  RpcSs - ok
22:14:21.0021 4908  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:14:21.0099 4908  rspndr - ok
22:14:21.0162 4908  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
22:14:21.0193 4908  RSUSBSTOR - ok
22:14:21.0208 4908  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:14:21.0240 4908  SamSs - ok
22:14:21.0286 4908  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:14:21.0302 4908  sbp2port - ok
22:14:21.0349 4908  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:14:21.0442 4908  SCardSvr - ok
22:14:21.0474 4908  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:14:21.0536 4908  scfilter - ok
22:14:21.0614 4908  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:14:21.0723 4908  Schedule - ok
22:14:21.0754 4908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:14:21.0832 4908  SCPolicySvc - ok
22:14:21.0879 4908  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:14:21.0942 4908  SDRSVC - ok
22:14:22.0004 4908  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:14:22.0082 4908  secdrv - ok
22:14:22.0113 4908  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:14:22.0207 4908  seclogon - ok
22:14:22.0238 4908  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:14:22.0332 4908  SENS - ok
22:14:22.0347 4908  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:14:22.0441 4908  SensrSvc - ok
22:14:22.0472 4908  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:14:22.0503 4908  Serenum - ok
22:14:22.0550 4908  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:14:22.0597 4908  Serial - ok
22:14:22.0644 4908  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:14:22.0675 4908  sermouse - ok
22:14:22.0737 4908  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:14:22.0815 4908  SessionEnv - ok
22:14:22.0862 4908  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:14:22.0940 4908  sffdisk - ok
22:14:22.0971 4908  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:14:23.0002 4908  sffp_mmc - ok
22:14:23.0049 4908  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:14:23.0080 4908  sffp_sd - ok
22:14:23.0112 4908  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:14:23.0158 4908  sfloppy - ok
22:14:23.0205 4908  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:14:23.0283 4908  SharedAccess - ok
22:14:23.0346 4908  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:14:23.0424 4908  ShellHWDetection - ok
22:14:23.0470 4908  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:14:23.0502 4908  SiSRaid2 - ok
22:14:23.0517 4908  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:14:23.0548 4908  SiSRaid4 - ok
22:14:23.0626 4908  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:14:23.0658 4908  SkypeUpdate - ok
22:14:23.0689 4908  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:14:23.0782 4908  Smb - ok
22:14:23.0814 4908  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:14:23.0845 4908  SNMPTRAP - ok
22:14:23.0892 4908  [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
22:14:23.0938 4908  SonicStage Back-End Service - ok
22:14:23.0970 4908  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:14:24.0001 4908  spldr - ok
22:14:24.0048 4908  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:14:24.0094 4908  Spooler - ok
22:14:24.0219 4908  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:14:24.0391 4908  sppsvc - ok
22:14:24.0422 4908  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:14:24.0500 4908  sppuinotify - ok
22:14:24.0562 4908  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
22:14:24.0578 4908  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
22:14:24.0578 4908  SPTISRV - detected UnsignedFile.Multi.Generic (1)
22:14:24.0609 4908  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:14:24.0703 4908  srv - ok
22:14:24.0750 4908  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:14:24.0796 4908  srv2 - ok
22:14:24.0828 4908  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:14:24.0859 4908  srvnet - ok
22:14:24.0906 4908  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:14:24.0984 4908  SSDPSRV - ok
22:14:25.0015 4908  [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV        C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
22:14:25.0030 4908  SSScsiSV - ok
22:14:25.0062 4908  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:14:25.0155 4908  SstpSvc - ok
22:14:25.0171 4908  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:14:25.0202 4908  stexstor - ok
22:14:25.0249 4908  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:14:25.0327 4908  stisvc - ok
22:14:25.0374 4908  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:14:25.0389 4908  swenum - ok
22:14:25.0420 4908  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:14:25.0514 4908  swprv - ok
22:14:25.0576 4908  [ EF51B22706DB03F0857FADE127C804EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:14:25.0639 4908  SynTP - ok
22:14:25.0732 4908  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:14:25.0810 4908  SysMain - ok
22:14:25.0888 4908  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:14:25.0966 4908  TabletInputService - ok
22:14:25.0998 4908  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:14:26.0091 4908  TapiSrv - ok
22:14:26.0122 4908  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:14:26.0200 4908  TBS - ok
22:14:26.0294 4908  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:14:26.0372 4908  Tcpip - ok
22:14:26.0434 4908  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:14:26.0497 4908  TCPIP6 - ok
22:14:26.0544 4908  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:14:26.0575 4908  tcpipreg - ok
22:14:26.0622 4908  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:14:26.0653 4908  TDPIPE - ok
22:14:26.0715 4908  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:14:26.0746 4908  TDTCP - ok
22:14:26.0793 4908  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:14:26.0871 4908  tdx - ok
22:14:26.0902 4908  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:14:26.0934 4908  TermDD - ok
22:14:26.0965 4908  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:14:27.0058 4908  TermService - ok
22:14:27.0105 4908  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:14:27.0152 4908  Themes - ok
22:14:27.0168 4908  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:14:27.0246 4908  THREADORDER - ok
22:14:27.0292 4908  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:14:27.0433 4908  TrkWks - ok
22:14:27.0901 4908  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:14:27.0979 4908  TrustedInstaller - ok
22:14:28.0041 4908  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:14:28.0119 4908  tssecsrv - ok
22:14:28.0166 4908  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:14:28.0228 4908  TsUsbFlt - ok
22:14:28.0275 4908  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:14:28.0369 4908  tunnel - ok
22:14:28.0400 4908  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:14:28.0431 4908  uagp35 - ok
22:14:28.0462 4908  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:14:28.0478 4908  UBHelper - ok
22:14:28.0556 4908  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:14:28.0650 4908  udfs - ok
22:14:28.0696 4908  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:14:28.0759 4908  UI0Detect - ok
22:14:28.0790 4908  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:14:28.0821 4908  uliagpkx - ok
22:14:28.0868 4908  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:14:28.0899 4908  umbus - ok
22:14:28.0962 4908  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:14:28.0977 4908  UmPass - ok
22:14:29.0086 4908  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:14:29.0133 4908  Updater Service - ok
22:14:29.0164 4908  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:14:29.0258 4908  upnphost - ok
22:14:29.0289 4908  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:14:29.0352 4908  USBAAPL64 - ok
22:14:29.0383 4908  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:14:29.0414 4908  usbccgp - ok
22:14:29.0461 4908  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:14:29.0508 4908  usbcir - ok
22:14:29.0539 4908  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:14:29.0586 4908  usbehci - ok
22:14:29.0617 4908  [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:14:29.0632 4908  usbfilter - ok
22:14:29.0679 4908  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:14:29.0710 4908  usbhub - ok
22:14:29.0742 4908  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:14:29.0788 4908  usbohci - ok
22:14:29.0804 4908  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:14:29.0851 4908  usbprint - ok
22:14:29.0898 4908  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:14:29.0944 4908  usbscan - ok
22:14:29.0976 4908  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:14:30.0069 4908  USBSTOR - ok
22:14:30.0100 4908  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:14:30.0116 4908  usbuhci - ok
22:14:30.0178 4908  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:14:30.0225 4908  usbvideo - ok
22:14:30.0256 4908  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:14:30.0350 4908  UxSms - ok
22:14:30.0381 4908  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:14:30.0397 4908  VaultSvc - ok
22:14:30.0428 4908  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:14:30.0459 4908  vdrvroot - ok
22:14:30.0522 4908  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:14:30.0615 4908  vds - ok
22:14:30.0662 4908  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:14:30.0693 4908  vga - ok
22:14:30.0709 4908  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:14:30.0787 4908  VgaSave - ok
22:14:30.0834 4908  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:14:30.0865 4908  vhdmp - ok
22:14:30.0896 4908  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:14:30.0927 4908  viaide - ok
22:14:30.0958 4908  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:14:30.0990 4908  volmgr - ok
22:14:31.0036 4908  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:14:31.0083 4908  volmgrx - ok
22:14:31.0130 4908  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:14:31.0177 4908  volsnap - ok
22:14:31.0224 4908  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:14:31.0255 4908  vsmraid - ok
22:14:31.0333 4908  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:14:31.0458 4908  VSS - ok
22:14:31.0473 4908  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:14:31.0520 4908  vwifibus - ok
22:14:31.0551 4908  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:14:31.0598 4908  vwififlt - ok
22:14:31.0645 4908  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:14:31.0754 4908  W32Time - ok
22:14:31.0801 4908  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:14:31.0863 4908  WacomPen - ok
22:14:31.0910 4908  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:14:31.0988 4908  WANARP - ok
22:14:31.0988 4908  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:14:32.0066 4908  Wanarpv6 - ok
22:14:32.0128 4908  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:14:32.0269 4908  wbengine - ok
22:14:32.0300 4908  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:14:32.0362 4908  WbioSrvc - ok
22:14:32.0409 4908  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:14:32.0456 4908  wcncsvc - ok
22:14:32.0487 4908  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:14:32.0550 4908  WcsPlugInService - ok
22:14:32.0565 4908  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:14:32.0596 4908  Wd - ok
22:14:32.0659 4908  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:14:32.0721 4908  Wdf01000 - ok
22:14:32.0752 4908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:14:32.0830 4908  WdiServiceHost - ok
22:14:32.0846 4908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:14:32.0893 4908  WdiSystemHost - ok
22:14:32.0955 4908  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:14:33.0033 4908  WebClient - ok
22:14:33.0142 4908  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:14:33.0252 4908  Wecsvc - ok
22:14:33.0283 4908  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:14:33.0392 4908  wercplsupport - ok
22:14:33.0408 4908  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:14:33.0486 4908  WerSvc - ok
22:14:33.0517 4908  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:14:33.0610 4908  WfpLwf - ok
22:14:33.0642 4908  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:14:33.0657 4908  WIMMount - ok
22:14:33.0688 4908  WinDefend - ok
22:14:33.0720 4908  WinHttpAutoProxySvc - ok
22:14:33.0766 4908  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:14:33.0860 4908  Winmgmt - ok
22:14:33.0985 4908  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:14:34.0125 4908  WinRM - ok
22:14:34.0188 4908  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:14:34.0234 4908  WinUsb - ok
22:14:34.0281 4908  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:14:34.0328 4908  Wlansvc - ok
22:14:34.0390 4908  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:14:34.0406 4908  wlcrasvc - ok
22:14:34.0531 4908  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:14:34.0625 4908  wlidsvc - ok
22:14:34.0671 4908  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:14:34.0703 4908  WmiAcpi - ok
22:14:34.0765 4908  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:14:34.0812 4908  wmiApSrv - ok
22:14:34.0843 4908  WMPNetworkSvc - ok
22:14:34.0921 4908  [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
22:14:34.0952 4908  WMZuneComm - ok
22:14:34.0999 4908  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:14:35.0061 4908  WPCSvc - ok
22:14:35.0093 4908  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:14:35.0186 4908  WPDBusEnum - ok
22:14:35.0217 4908  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:14:35.0295 4908  ws2ifsl - ok
22:14:35.0327 4908  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:14:35.0373 4908  wscsvc - ok
22:14:35.0389 4908  WSearch - ok
22:14:35.0545 4908  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:14:35.0670 4908  wuauserv - ok
22:14:35.0717 4908  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:14:35.0779 4908  WudfPf - ok
22:14:35.0810 4908  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:14:35.0841 4908  WUDFRd - ok
22:14:35.0857 4908  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:14:35.0904 4908  wudfsvc - ok
22:14:35.0966 4908  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:14:36.0029 4908  WwanSvc - ok
22:14:36.0403 4908  [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
22:14:36.0809 4908  ZuneNetworkSvc - ok
22:14:36.0871 4908  [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
22:14:36.0918 4908  ZuneWlanCfgSvc - ok
22:14:36.0933 4908  ================ Scan global ===============================
22:14:36.0965 4908  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:14:37.0011 4908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:14:37.0027 4908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:14:37.0043 4908  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:14:37.0089 4908  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:14:37.0089 4908  [Global] - ok
22:14:37.0089 4908  ================ Scan MBR ==================================
22:14:37.0105 4908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:14:37.0511 4908  \Device\Harddisk0\DR0 - ok
22:14:37.0511 4908  ================ Scan VBR ==================================
22:14:37.0573 4908  [ 872AE8326275D37695E7142C24966BA4 ] \Device\Harddisk0\DR0\Partition1
22:14:37.0573 4908  \Device\Harddisk0\DR0\Partition1 - ok
22:14:37.0589 4908  [ A444D6DCFF1FF30B42DA6C77FD342337 ] \Device\Harddisk0\DR0\Partition2
22:14:37.0604 4908  \Device\Harddisk0\DR0\Partition2 - ok
22:14:37.0604 4908  ============================================================
22:14:37.0604 4908  Scan finished
22:14:37.0604 4908  ============================================================
22:14:37.0620 2720  Detected object count: 4
22:14:37.0620 2720  Actual detected object count: 4
22:15:26.0495 2720  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:15:26.0495 2720  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:15:26.0495 2720  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:15:26.0495 2720  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:15:26.0495 2720  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
22:15:26.0495 2720  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:15:26.0495 2720  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:15:26.0495 2720  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 19.06.2013, 21:21   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



Oh, hätte ich fast nit gemerkt, dass du das Log noch garnicht gepostet hast
Ist aber ok, mach mit JRT/adwCleaner weiter, danach ein frisches Log mit OTL
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.06.2013, 21:31   #15
luke235
 
TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Standard

TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden



JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Lukas on 19.06.2013 at 22:20:33,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3C7CDAAC-AAAE-4083-B218-43B488DCDEC0}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Successfully deleted: [File] C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\user.js
Emptied folder: C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 22:28:21,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 19/06/2013 um 22:33:24 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lukas - LUKAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Ask

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\r7i8jz36.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1042 octets] - [19/06/2013 22:33:24]

########## EOF - C:\AdwCleaner[S1].txt - [1102 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 19.06.2013 22:42:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 49,53% Memory free
3,46 Gb Paging File | 2,12 Gb Available in Paging File | 61,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 162,63 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lukas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.12 14:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\r7i8jz36.default\extensions
[2013.05.12 14:54:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.18 16:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.18 16:24:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.19 18:43:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF56CDC8-8111-4A1A-8FD2-5943080DB6B7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 22:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.06.19 22:20:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.19 22:19:55 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.19 22:19:10 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Lukas\Desktop\JRT.exe
[2013.06.19 22:05:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lukas\Desktop\tdsskiller.exe
[2013.06.19 21:28:54 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lukas\Desktop\aswMBR.exe
[2013.06.19 20:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.19 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\mbar
[2013.06.19 18:53:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.19 18:28:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.19 18:28:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.19 18:28:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.19 18:28:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.19 18:28:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.19 18:25:35 | 005,081,021 | R--- | C] (Swearware) -- C:\Users\Lukas\Desktop\ComboFix.exe
[2013.06.18 10:46:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.06.18 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.18 10:02:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.18 10:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.18 10:01:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs
[2013.06.17 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Tribes - Wish to Scream (2013)
[2013.06.16 12:14:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.16 12:14:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 22:31:35 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013.06.15 15:48:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.15 15:48:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.15 15:48:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.15 15:48:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.15 15:48:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.15 15:48:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.15 15:48:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.15 15:48:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.15 15:48:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.15 15:48:15 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.15 15:48:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.15 15:48:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.15 15:48:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 18:08:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 18:08:23 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 18:08:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 18:08:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 18:08:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 18:08:06 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 18:08:06 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 18:08:06 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 18:08:05 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 18:08:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 18:08:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 18:07:39 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 18:07:39 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.04 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 22:48:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.19 22:43:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 22:43:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 22:35:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 22:35:03 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 22:32:39 | 000,648,201 | ---- | M] () -- C:\Users\Lukas\Desktop\adwcleaner.exe
[2013.06.19 22:19:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Lukas\Desktop\JRT.exe
[2013.06.19 22:05:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lukas\Desktop\tdsskiller.exe
[2013.06.19 22:01:16 | 000,000,512 | ---- | M] () -- C:\Users\Lukas\Desktop\MBR.dat
[2013.06.19 21:30:24 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lukas\Desktop\aswMBR.exe
[2013.06.19 20:28:51 | 013,169,742 | ---- | M] () -- C:\Users\Lukas\Desktop\mbar-1.06.0.1003.zip
[2013.06.19 20:01:19 | 000,377,856 | ---- | M] () -- C:\Users\Lukas\Desktop\gmer_2.1.19163.exe
[2013.06.19 18:43:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.19 18:25:36 | 005,081,021 | R--- | M] (Swearware) -- C:\Users\Lukas\Desktop\ComboFix.exe
[2013.06.18 10:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.06.18 10:41:41 | 000,050,477 | ---- | M] () -- C:\Users\Lukas\Desktop\Defogger.exe
[2013.06.18 10:02:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.12 17:48:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 17:48:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2013.06.19 22:32:35 | 000,648,201 | ---- | C] () -- C:\Users\Lukas\Desktop\adwcleaner.exe
[2013.06.19 22:01:16 | 000,000,512 | ---- | C] () -- C:\Users\Lukas\Desktop\MBR.dat
[2013.06.19 20:28:48 | 013,169,742 | ---- | C] () -- C:\Users\Lukas\Desktop\mbar-1.06.0.1003.zip
[2013.06.19 20:01:16 | 000,377,856 | ---- | C] () -- C:\Users\Lukas\Desktop\gmer_2.1.19163.exe
[2013.06.19 18:28:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.19 18:28:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.19 18:28:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.19 18:28:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.19 18:28:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.18 10:41:37 | 000,050,477 | ---- | C] () -- C:\Users\Lukas\Desktop\Defogger.exe
[2013.06.18 10:02:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.24 20:34:56 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 19.06.2013 22:42:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 49,53% Memory free
3,46 Gb Paging File | 2,12 Gb Available in Paging File | 61,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 162,63 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0027BA6E-5A23-459D-9D6E-B5D3DC2B59DE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4A0A50F1-CAD8-42CE-8762-4CB93FA6A242}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{605739C7-191B-47C1-80D2-FBECD8F60EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77DFF8B0-A25A-415C-A2EC-42225C0ED7C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8603BC6D-77F0-494C-9815-5FDC89FF3440}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9F38957F-8F95-4B72-BE66-3987244A23F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A6F13346-E25A-4217-97A2-3B0257C7E5FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7893A2D-EB71-4952-BDAC-09F2F01845B1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D36DB4E5-EE14-4046-8641-40A2F3E681E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D617FFA6-48BC-479B-8FD9-0DA61EA3A442}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F74EC312-656A-4529-9580-D88F44B01FAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C56DC9-0B22-46F9-BA02-20AFD48CC6F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{08FE0D3D-5E72-4288-ACBF-18330A2AF700}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0C2CA729-EA87-4911-A54D-E9D9B5A853CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{21E5A09C-4702-45CC-8C4E-56DADD986025}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | 
"{23AD006F-B671-45AA-925B-4B099CC7E7C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2DBF95C5-BD37-453B-A835-1AB9D4F0CAE5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{422D80A2-C2DF-4FA5-BBE6-7AEF77D750A4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{4A2EDF64-303D-40F5-B3D6-9F6771E86B6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{4DFB5CEA-0BF7-4D90-9A81-1BFF3EBC05B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{53D1FA55-188A-4008-BF8B-3C337C0FABD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54BA2223-C664-4D9D-B170-69E8182108E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{61D6A021-DA25-48A7-8144-026B53C1A05B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{63691C27-6AB9-4C32-A845-0B5BFDEDB726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{80714254-5761-48C1-9769-9688CE6FDC7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83AA4C8E-83FF-447A-BA13-5E400C5DF97B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{854638FD-5A53-43CC-AF7D-D781DD13D0C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B61E41B-ADFA-4DCE-BB81-D558D4B81C05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C2AD52A-5B84-45F5-B7EF-D0912F095A18}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9673B0BE-4924-4AC8-9BD0-B4340ABA5DE5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9E77838A-335C-4A4F-9BC2-41EA5BB392D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A2247939-EB26-4EE2-BF18-1F1B2C64EBC1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A383EA9B-8DAD-46DE-8C1C-E3268E08375C}" = protocol=6 | dir=out | app=system | 
"{A58417B0-6151-46C8-89AC-1EB8320EDF6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9960DFF-8481-43BE-8554-BBDAA374339A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 
"{AF8C9E41-7FD6-4F35-931F-EF9A2768053E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C105B4E3-EEA6-4179-AE21-C9A4D4DCC4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C1E7EC0E-8B81-4186-AF31-CEC958E4B2A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA9C8C06-1420-4253-B956-6B028D6DB385}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D9A0E4DC-5A5F-497F-854F-F363A1803A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBC54CD8-B12E-43AC-9C9F-A88DCBC294BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F01FDF67-A4F5-4AEB-971A-7EEE604F1D4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F87825F7-B848-4D13-AB84-0D9B7B6B99B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F90AC0C9-BBBE-434F-990F-7EE32AF238F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{6B870DA3-4138-400E-99FF-D9BAF1F5D62B}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=6 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | 
"UDP Query User{76155ABD-C9A3-4099-A92F-74232E61C9A3}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=17 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARDR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARDR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.STANDARDR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.STANDARDR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARDR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.STANDARDR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{91140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARDR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.STANDARDR" = Microsoft Office Standard 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All
"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy
"{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek
"{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai
"{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese
"{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard
"{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian
"{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian
"{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French
"{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish
"{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish
"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Fliqlo" = Fliqlo Bildschirmschoner
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Simfy" = simfy
"WinLiveSuite" = Windows Live Essentials
 
< End of report >
         

Antwort

Themen zu TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden
appdata, avira, datei, folge, folgende, folgenden, gefunde, immer wieder, local, rechner, rojaner gefunden, taucht, temp, tmp, tr/spy.zbot.mhlv.2, troja, trojan.agent.acr, trojaner, trojaner gefunden, users, verweigert, worm/luder.bjmz.1, worm/luder.blat, zugriff




Ähnliche Themen: TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden


  1. Windows 7: Avira meldet TR/Spy.zbot
    Log-Analyse und Auswertung - 29.06.2015 (9)
  2. Avira entdeckte TR/Spy.ZBot.tmwt
    Log-Analyse und Auswertung - 29.07.2014 (11)
  3. Avira findet TR/Spy.ZBot
    Log-Analyse und Auswertung - 31.10.2013 (9)
  4. Win7: Schadsoftware mit Avira gefunden - Spy.ZBot und weiteres
    Log-Analyse und Auswertung - 12.08.2013 (11)
  5. Avira findet TR/Spy.ZBot.eshs
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (34)
  6. TR/Spy.ZBot.akt von Avira gefunden
    Log-Analyse und Auswertung - 14.07.2013 (11)
  7. TR/Spy.ZBot.mvxj (und andere) von Avira Antivirus gefunden
    Log-Analyse und Auswertung - 12.07.2013 (15)
  8. Avira findet TR/Spy.ZBot.ale
    Log-Analyse und Auswertung - 10.07.2013 (11)
  9. TR/Spy.ZBot.akt durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (7)
  10. TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden
    Log-Analyse und Auswertung - 10.06.2013 (4)
  11. Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden
    Log-Analyse und Auswertung - 24.05.2013 (9)
  12. Avira Virenmeldung TR/Spy.ZBot.kirx
    Log-Analyse und Auswertung - 23.04.2013 (12)
  13. (JAVA/Lamar.FI) & (TR/Spy.ZBOT.caw) & (TR/Kazy.160053.1) mit AVIRA gefunden
    Log-Analyse und Auswertung - 05.04.2013 (33)
  14. Avira meldet Infizierung mit TR/Spy.zbot
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (47)
  15. Avira findet TR/PSW.Zbot.3325
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (13)
  16. TR Spy.Zbot.eshb.1 und EXP/ CVE 2012-0507 von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  17. Avira meldet Malware gefunden (TR/Spy.ZBot.29.8)
    Plagegeister aller Art und deren Bekämpfung - 26.12.2010 (3)

Zum Thema TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden - Hallo, Avira hat auf meinem Rechner folgenden Trojaner gefunden: 'TR/Spy.ZBot.mhlv.2' in der Datei C:\Users\XXX\AppData\Local\Temp\tmp143c9259\gw01.exe. Der zugriff wurde durch Avira verweigert, der Trojaner taucht immer wieder auf. Was soll ich tun? - TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden...
Archiv
Du betrachtest: TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.