| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschicke Spam-EmailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.06.2012, 13:26
| #1 |
| |  Verschicke Spam-Emails Hallo liebe Trojaner-Boardler, Von vornherein: Ich benutze Outlook 2010 mit einer E-Mail Adresse bei GMX. Gestern Abend (09.06.2012) um 22:18:32 wurden von meinem E-Mail Account Spammails gesendet (Es sah danach aus, dass die Vorgeschlagenen Kontakte benutzt wurden, kann dies aber nicht sicher sagen). Dabei waren auch Adressen betroffen, welche nicht existieren (also mal falsch geschrieben wurden) und welche die schon älter als 2 Jahre sind. Aufmerksam darauf wurde ich durch Bekannte, die diese Mails bekommen haben und dem "Mail Delivery System", welches die Mails von den nicht existierenden Adressen nicht verschicken konnte. Die gesendeten Mails befinden sich nicht im Postausgang, weder in Outlook noch bei GMX. Hinzuzufügen ist, dass mein Computer zu dieser Zeit aus war. Was ich bisher unternommen habe(zeitlich in Reihenfolge) : - Die betroffenen E-Mail Adressen gewarnt - Systemscan mit Bitdefender 2012 (1 Cookie wurde gefunden) - Hijackthis (eine gefährliche Datei wurde entfernt) - Spybot search and destroy (10 Cookies gelöscht) - Malwarebytes Anti-Malware (nichts) - SuperAntiSpyware (315 Cookies entfernt) - Alle Kontakte (bis auf eine Fakeadresse) gelöscht um weiteres Senden dieser Mails zu verhindern Defogger hat keine Fehlermeldung wiedergegeben. Hier die OTL.txt: OTL logfile created on: 10.06.2012 13:11:39 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 61,09% Memory free 7,35 Gb Paging File | 5,84 Gb Available in Paging File | 79,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 150,51 Gb Free Space | 66,93% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 187,98 Gb Free Space | 83,49% Space Free | Partition Type: NTFS Computer Name: BÄM | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.10 12:37:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- D:\Sony-Reader\appHelper\ReaderAppHelper.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.10.21 06:24:14 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.29 01:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.29 01:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.06.25 16:38:02 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe PRC - [2010.03.11 08:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 08:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.05.10 18:08:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll MOD - [2012.05.08 21:56:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.08 21:56:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll MOD - [2012.05.08 21:56:01 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll MOD - [2012.05.08 21:55:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.08 21:55:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.08 21:55:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.08 21:55:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.02.28 20:15:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.02.28 20:15:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- D:\Sony-Reader\appHelper\fsk.dll MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- D:\Sony-Reader\appHelper\readerAppHelper.dll MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- D:\Sony-Reader\appHelper\USBDetector.dll MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- D:\Sony-Reader\appHelper\FskNetInterface.dll MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- D:\Sony-Reader\appHelper\FskPower.dll MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- D:\Sony-Reader\appHelper\FskinLocalize.dll MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- D:\Sony-Reader\appHelper\FskTimeHardware.dll MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- D:\Sony-Reader\appHelper\ticket.dll MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- D:\Sony-Reader\appHelper\ebookDeviceNotifier.dll MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- D:\Sony-Reader\appHelper\FskDocumentViewer.dll MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- D:\Sony-Reader\appHelper\Fskin.dll MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- D:\Sony-Reader\appHelper\FskMobileMediaDevice.dll MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- D:\Sony-Reader\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- D:\Sony-Reader\appHelper\FskSecurity.dll MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- D:\Sony-Reader\appHelper\ebookUsb.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.06.29 01:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2012.04.06 12:58:55 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2012.04.06 12:58:47 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV:64bit: - [2010.10.20 23:26:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.04 20:01:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.12 05:56:08 | 000,204,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2) SRV - [2012.03.01 21:05:05 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.07.01 06:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.07.01 06:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.06.29 01:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.25 10:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.11 15:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.22 20:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.02.20 01:44:18 | 000,046,592 | ---- | M] (Dassault Systemes) [Auto | Running] -- D:\Catia\win_b64\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.12 17:14:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 12:58:48 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2012.03.01 21:04:02 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox) DRV:64bit: - [2012.03.01 21:03:56 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2012.03.01 21:03:12 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2012.03.01 20:59:01 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2012.03.01 20:53:01 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.10.21 00:02:30 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.20 23:10:52 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.10.20 22:52:08 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.25 04:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.25 04:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.25 04:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.25 04:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.25 04:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.19 20:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2009.12.01 19:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.01.02 14:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2012.03.01 21:05:43 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: D:\Sony-Reader\npreaderdetectmoz.dll (Sony Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.02.28 11:54:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.03 00:58:39 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Reader Application Detector (Enabled) = D:\Sony-Reader\npreaderdetectmoz.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.09 23:41:04 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15214 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [Reader Application Helper] D:\Sony-Reader\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5849EECF-20BB-438B-97C8-70375B895C94}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB34A0AD-FA18-4806-8B25-162234B5E3D1}: DhcpNameServer = 10.57.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.10 09:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.06.10 01:59:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.10 01:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.09 23:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.06.07 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Java [2012.06.06 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\libimobiledevice [2012.06.06 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\absinthe [2012.06.06 01:39:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\redsn0w [2012.06.06 01:35:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\redsn0w_win_0.9.12b1 [2012.06.05 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Jailbreak to do [2012.05.26 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MATLAB2 [2012.05.11 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Skyrim [2012.05.11 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games ========== Files - Modified Within 30 Days ========== [2012.06.10 13:18:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 13:18:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 13:10:14 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.06.10 13:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.10 13:09:24 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 12:45:04 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001UA.job [2012.06.10 12:37:02 | 000,000,154 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.10 12:30:13 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.10 12:30:13 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.10 12:30:13 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.10 12:30:13 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.10 12:30:13 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.09 23:41:04 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.09 23:28:34 | 000,001,266 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.09 11:27:59 | 000,000,084 | ---- | M] () -- C:\Users\***\Desktop\SPLITREASON.COM - - design - Man at Work.url [2012.06.08 22:18:05 | 000,000,116 | ---- | M] () -- C:\Users\***\Desktop\Alternative zu Spire oder Spite iOS 5.1.1 -.url [2012.06.08 21:45:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001Core.job [2012.06.07 15:41:13 | 000,000,130 | ---- | M] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url [2012.05.26 09:48:10 | 000,000,075 | ---- | M] () -- C:\Users\***\Desktop\HANFBURG GROWSHOP - HANFANBAU & HANFZUCHT LEHRGÄNGE.url [2012.05.24 13:55:40 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2012.05.24 08:37:35 | 000,000,097 | ---- | M] () -- C:\Users\***\Desktop\Pizza Hut Pizzateig (Rezept mit Bild) von claudi77 - Chefkoch.de.url [2012.05.12 23:44:26 | 000,001,091 | ---- | M] () -- C:\Users\***\Desktop\SkyrimLauncher - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.06.10 12:37:02 | 000,000,154 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.09 23:28:34 | 000,001,266 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.09 11:27:59 | 000,000,084 | ---- | C] () -- C:\Users\***\Desktop\SPLITREASON.COM - - design - Man at Work.url [2012.06.08 22:18:05 | 000,000,116 | ---- | C] () -- C:\Users\***\Desktop\Alternative zu Spire oder Spite iOS 5.1.1 -.url [2012.06.07 15:41:13 | 000,000,130 | ---- | C] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url [2012.05.26 09:48:10 | 000,000,075 | ---- | C] () -- C:\Users\***\Desktop\HANFBURG GROWSHOP - HANFANBAU & HANFZUCHT LEHRGÄNGE.url [2012.05.24 08:37:35 | 000,000,097 | ---- | C] () -- C:\Users\***\Desktop\Pizza Hut Pizzateig (Rezept mit Bild) von claudi77 - Chefkoch.de.url [2012.05.12 23:44:26 | 000,001,091 | ---- | C] () -- C:\Users\***\Desktop\SkyrimLauncher - Verknüpfung.lnk [2012.05.12 18:13:12 | 1204,746,239 | ---- | C] () -- C:\Users\***\Desktop\de-essky.iso [2012.04.12 17:15:02 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini [2012.04.06 19:28:50 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI [2012.03.01 19:53:01 | 000,415,635 | ---- | C] () -- C:\ProgramData\1330623337.bdinstall.bin [2012.02.28 11:46:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.02.28 11:46:52 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll [2012.02.28 11:46:52 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2012.02.28 11:46:52 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe [2012.02.28 11:46:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2012.02.28 11:46:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2012.02.28 11:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.28 11:26:21 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.11.10 17:50:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.11.10 17:20:12 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.11.10 17:20:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.11.10 17:20:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.11.10 17:20:12 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.11.10 17:20:12 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.11.10 17:20:11 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.03.01 19:52:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bitdefender [2012.04.06 16:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.12 17:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.16 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Deckadance19 [2012.03.08 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2012.04.17 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.04.29 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.04.17 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2012.03.03 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012.03.01 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.06.06 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SongManager [2012.06.10 13:10:14 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.04.18 08:40:54 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt: OTL Extras logfile created on: 10.06.2012 12:59:59 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,88% Memory free 7,35 Gb Paging File | 5,67 Gb Available in Paging File | 77,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 150,52 Gb Free Space | 66,94% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 187,98 Gb Free Space | 83,49% Space Free | Partition Type: NTFS Computer Name: BÄM | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E604C60-CB03-4E52-995D-E79E8634AB11}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{251ACAC2-D903-4286-964C-A880FB3F9B34}" = lport=10243 | protocol=6 | dir=in | app=system | "{268955CF-8F65-405A-A09C-C6E04ED7652C}" = rport=10243 | protocol=6 | dir=out | app=system | "{2AFCE442-BFE2-4E4A-AA1C-17ED418DD7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3B389085-19E1-46FF-AB6A-D9091D617FA3}" = lport=445 | protocol=6 | dir=in | app=system | "{4BF1178A-BB19-4067-B5DE-B1BC15DCD18F}" = lport=138 | protocol=17 | dir=in | app=system | "{53E9EBB5-0F1A-467B-91CD-6C291FD5CE25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{57EB7827-1CC2-406F-8A8D-C99EDF87A662}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5C0B89F6-7E35-4E8A-8ACA-D0A500AEE227}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{671278A9-737A-4DEF-B7D6-9AC09EC7CC61}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{86F9B09C-82DA-4009-991A-1FAE0F173759}" = rport=445 | protocol=6 | dir=out | app=system | "{9479E519-8757-4EBC-8BD9-1753797B88F0}" = rport=137 | protocol=17 | dir=out | app=system | "{976ABAA3-D42E-4AE7-A1D7-CD18B8081CDA}" = rport=138 | protocol=17 | dir=out | app=system | "{A66E75EB-A9B5-4E91-B728-39B88B67F48C}" = lport=2869 | protocol=6 | dir=in | app=system | "{A9B37970-AA45-4AA4-8C65-225E6F7AAF4A}" = lport=137 | protocol=17 | dir=in | app=system | "{B30DA8E9-EF2E-473F-8601-A0854629DF85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B744F1BC-7DAF-42CF-B482-D50EA752F0E5}" = lport=2869 | protocol=6 | dir=in | app=system | "{B8D5CC8B-C084-445E-8CE4-EB4DB0477AFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C4152E36-FC97-445B-917A-491D3BFC7A86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEDC279A-6D30-4BF4-8ED1-621C21AB8F17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E5AC5870-F191-44DE-AB59-A23B83742A08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E7BD7A90-D98E-44B0-8346-7692D012E202}" = lport=139 | protocol=6 | dir=in | app=system | "{EACC6CFC-66E2-4952-8F56-5CABC7DEF698}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F11B7233-F318-4CCB-9F64-156A1696F9F0}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BCA2755-A618-4866-B668-4B97864A02B0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | "{0BEFF176-2CFC-498B-B5B5-8A0DBD0D6171}" = dir=in | app=d:\itunes\itunes.exe | "{162BD845-ED66-4D1E-AEA3-02EA596B296B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1C197AC1-D259-430C-8A43-E167EF8FC7D0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | "{1E385960-D782-4F1F-ABF3-348A9ADB09A2}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{1EE7F67C-6772-4594-96AD-0FED9D099D52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{22994C4A-27F4-4AB1-BE51-CEA13275DB93}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{23FABF43-16B4-4A41-94D2-907523A412A3}" = protocol=17 | dir=in | app=d:\steam\steamapps\crisperz1\counter-strike source\hl2.exe | "{2641AA79-1673-4957-A77E-19002AF22D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{26A26828-DE4F-4FFF-9181-F8E71356371A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | "{27BB22AD-7C52-42F0-B718-CF82A044EE24}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{28F41CF5-3CA8-4849-BB23-7588205768E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{29DDBE38-E317-4F0D-BD76-F4397B547C32}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{403C25BB-EC6B-487A-AFCA-A93FB6FB9106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5A45AA48-1E85-4522-B993-AF25D1202A73}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{5C64D854-C9AB-4111-8970-72E556F46C3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5D9C1BD8-E2F0-487E-BA54-D5FDC23394B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75A5DDE7-79E4-4DFE-9021-2761B8CC9525}" = protocol=6 | dir=in | app=d:\steam\steamapps\crisperz1\counter-strike source\hl2.exe | "{7935E4CF-24AE-45B0-BC6F-621A6CAAA9DF}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | "{80A03DA7-BA40-44F1-B69C-952DD319940C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{82BF7F19-E3F9-4DD8-89B5-0AE2BC56B10A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{832C37EA-0873-459E-A6CC-BDD406FDB463}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{868DA542-0CD9-4CEB-BB1E-2F4780A06B61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{915E99F4-D29C-4F92-8804-2C7B709A76B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9558C2FC-06F4-4EEE-9C36-547FB91FB38B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{95FBC384-838E-413F-B223-82F84EADBC06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{961FA9CD-A33A-4BDE-824E-702B57AFD6F7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9BEB2345-CC8D-458B-A318-D75336616978}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{9F0684CF-6831-48B2-9E74-6C860A113203}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | "{A133E428-86FB-401A-A80E-E87280CC649B}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{A19976D3-5D84-4D32-95E4-B1DDDDDF9D89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6E3D7D8-6DB4-4715-B392-62A52448CBC6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{A7D82905-2D0A-4153-B5C0-E97EC797AFFB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A9948276-859F-4C6C-851D-3639ACE34E98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C034A782-1F1C-45B8-9A0A-226424B4FFCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{C2EFF68B-6F6F-476E-9093-EB3E77EE07B6}" = protocol=6 | dir=out | app=system | "{CB4C87DC-A47B-4DE1-8425-37545F4CCE0C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{CB5DF051-91AC-4F57-87B0-8E7E51853A31}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CB99B471-5A60-4573-BD6F-F9DF470B457D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DB3DBD9E-4EB7-4668-9046-19435A4FF0BF}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{DE88650C-FC0B-4DD6-90B4-74CDBDE0CDEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E03BBF8D-7447-463C-A194-9A0B42B3DB82}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E1773F32-B7D3-47C4-BCD6-801A6185FAF3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | "{E3B0A80F-FE1C-49B1-ABA9-43FC11B49948}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E9FAC1C0-4EC5-4046-8AC5-11787301CEAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EA4861BF-CCCB-4017-90B2-7EB88F9203BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFC78122-89AD-43E1-BD0B-8133C81DC907}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F8FAE1E8-4708-4FBA-A906-D9C98B2483BE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FD4E85E1-E012-483C-B504-23C76C3809C1}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{FD7D420A-FC8F-4790-BDC9-FEE2E77A8475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FEEBCE98-411D-481D-B5E3-F37106393410}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{FEEF2795-4370-451D-921C-874130A70F73}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "TCP Query User{0BCA16A4-5148-4F9A-B2EB-97BB117FCE9C}D:\catia\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\orbixd.exe | "TCP Query User{B8DD8E27-1D22-4878-8823-FC14429FAB8C}D:\catia\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "TCP Query User{D6991E80-187B-478D-AC27-C800351A7036}D:\catia\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "UDP Query User{23121440-C7FF-45D0-A3AD-E56A247A8E21}D:\catia\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "UDP Query User{908C2632-3944-4D0C-B8A6-5DDFB896D810}D:\catia\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "UDP Query User{E32E0070-9111-41B4-AC73-8444690B377A}D:\catia\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\orbixd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012 "{2B0B6950-2F09-4351-8638-DC6E163DE8FF}" = Nitro Pro 7 "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{6DBD1CB9-C0FB-86FC-D25A-52B9CA6F6E82}" = ccc-utility64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D360EAD-35A6-238B-9790-94408681FC5D}" = ATI Catalyst Install Manager "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Bitdefender" = Bitdefender Antivirus Plus 2012 "Dassault Systemes B20_0" = Dassault Systemes Software B20 "Matlab R2011b" = MATLAB R2011b "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{093C7142-1E6A-C1B8-12C7-D784676488A9}" = CCC Help Chinese Traditional "{0D41D56D-3952-B85B-FA41-D09934AC6DD1}" = CCC Help Chinese Standard "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13AD742D-ADB6-B3DB-89B0-96AE2F79B81D}" = ccc-core-static "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18EDC8AB-D0CF-8678-A828-3D18F21E5264}" = Catalyst Control Center InstallProxy "{1A2422A8-6D49-1734-67FF-EC4F544170DB}" = CCC Help Polish "{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{223E728C-D2B1-333B-81F8-32017DC2CCDA}" = CCC Help Norwegian "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28EA0358-478B-5C81-D070-245CE678D75B}" = CCC Help Thai "{302B0B7E-7A19-50E1-99F7-D08FB9160973}" = CCC Help Italian "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F639515-0E53-DCF5-135C-C39B5AA42EC7}" = CCC Help Russian "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{48785B21-D8D8-48F9-3404-4CCC9AC7C375}" = CCC Help Spanish "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{776AF279-0720-227B-7A74-AA5292C9D53A}" = CCC Help Swedish "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{84C92FC5-74D0-BFF9-36C9-880C02AE9ABE}" = CCC Help Dutch "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC "{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{954BC3C0-F0A4-A48A-2585-3C059B9A2772}" = CCC Help Japanese "{981DEDC9-B1DE-DC6E-891F-E82553FBA979}" = Catalyst Control Center Graphics Previews Vista "{9959AE7D-447C-204F-F4FF-3837B5A74AEC}" = CCC Help German "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F5819DF-44D2-BE6D-8AC3-A3365FE5C49E}" = CCC Help Czech "{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English "{A28678E9-585E-FA4A-FB5C-D507AF25D1A7}" = Catalyst Control Center Localization All "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B1B5FCCC-F7AC-AE3E-6E8C-6B3407DE0B04}" = CCC Help Korean "{B2B3A9F8-2186-2999-B766-A0EDB8299174}" = CCC Help Finnish "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D53192-1D62-3E07-15F1-27AE2519C5FC}" = CCC Help Greek "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b) "{BF9B92A9-4B53-9178-D0E4-10159D640EC1}" = CCC Help Hungarian "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C8D48524-5390-F032-C6A1-A5B7463B4CE2}" = CCC Help French "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCA523EE-7458-4D0D-1DB3-3A4C51A5EA14}" = CCC Help English "{CE76F39C-556B-C5E5-0909-E04200DB65FF}" = CCC Help Turkish "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E5405C62-539F-3774-10D3-FAC8F4CA1B4C}" = PX Profile Update "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4AD2F84-F76A-703F-4F5E-E91FDEE35B5A}" = CCC Help Portuguese "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F96602AD-82B9-B7F4-8614-E13F3D198791}" = CCC Help Danish "{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ASIO4ALL" = ASIO4ALL "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0 "DAEMON Tools Lite" = DAEMON Tools Lite "Deckadance" = Deckadance "DivX Setup" = DivX-Setup "ESET Online Scanner" = ESET Online Scanner v3 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "LManager" = Launch Manager "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Steam App 240" = Counter-Strike: Source "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.04.2012 08:40:25 | Computer Name = Bäm | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 17.04.2012 13:27:25 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pdf24-Editor.exe, Version: 4.4.3.0, Zeitstempel: 0x4f7b2404 Name des fehlerhaften Moduls: pdf24-Editor.exe, Version: 4.4.3.0, Zeitstempel: 0x4f7b2404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002d785 ID des fehlerhaften Prozesses: 0x390 Startzeit der fehlerhaften Anwendung: 0x01cd1cbf5a243a7b Pfad der fehlerhaften Anwendung: D:\PDF24\pdf24-Editor.exe Pfad des fehlerhaften Moduls: D:\PDF24\pdf24-Editor.exe Berichtskennung: 9870e7ec-88b2-11e1-9006-60eb69957375 Error - 22.04.2012 03:08:23 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6117.5001, Zeitstempel: 0x4f3e2d20 Name des fehlerhaften Moduls: wwlib.dll, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e39d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029fd3 ID des fehlerhaften Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01cd20562b5749a0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office14\wwlib.dll Berichtskennung: f249ef2f-8c49-11e1-82c1-60eb69957375 Error - 24.04.2012 16:19:22 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: reader.exe, Version: 1.1.5.13310, Zeitstempel: 0x4f28b13e Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.3.0, Zeitstempel: 0x4d92c65a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020366 ID des fehlerhaften Prozesses: 0x14d4 Startzeit der fehlerhaften Anwendung: 0x01cd225738c2440d Pfad der fehlerhaften Anwendung: D:\Sony-Reader\reader.exe Pfad des fehlerhaften Moduls: D:\Sony-Reader\QtCore4.dll Berichtskennung: c71ac2b9-8e4a-11e1-9695-60eb69957375 Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 138669 Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 138669 Error - 28.04.2012 11:05:43 | Computer Name = Bäm | Source = Application Hang | ID = 1002 Description = Programm reader.exe, Version 1.1.5.13310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cf8 Startzeit: 01cd254debba944e Endzeit: 32 Anwendungspfad: D:\Sony-Reader\reader.exe Berichts-ID: 9d856c77-9143-11e1-9b19-60eb69957375 Error - 12.05.2012 06:22:15 | Computer Name = Bäm | Source = Application Hang | ID = 1002 Description = Programm steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 874 Startzeit: 01cd302903e70b13 Endzeit: 0 Anwendungspfad: D:\Steam\steam.exe Berichts-ID: 559422ba-9c1c-11e1-b96d-60eb69957375 Error - 15.05.2012 02:20:25 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.1.21.0, Zeitstempel: 0x4ea9b052 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000029 Fehleroffset: 0x00090746 ID des fehlerhaften Prozesses: 0xcbc Startzeit der fehlerhaften Anwendung: 0x01cd324dfc36c506 Pfad der fehlerhaften Anwendung: D:\The Elder Scrolls V- Skyrim\TESV.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0e4e64d4-9e56-11e1-b4a7-60eb69957375 [ System Events ] Error - 09.06.2012 17:55:50 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos Error - 09.06.2012 19:32:30 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 09.06.2012 19:32:30 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 09.06.2012 19:33:54 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 09.06.2012 19:33:54 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 10.06.2012 03:43:56 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos Error - 10.06.2012 04:04:24 | Computer Name = Bäm | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 10.06.2012 04:05:00 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos Error - 10.06.2012 06:52:09 | Computer Name = Bäm | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 10.06.2012 06:52:59 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos < End of report > Und zu guter Letzt noch die Mail, welche vom Mail Delivery System zurück gegeben wurde: --- The header of the original message is following. --- Received: from msvc021.dlan.cinetic.de (msvc021.dlan.cinetic.de [172.19.126.63]) by mrelay.gmx.net (node=mrgmx001) with ESMTP (Nemesis) id 0LymHf-1RrEkh1s8t-015UUs; Sat, 09 Jun 2012 22:18:32 +0200 Received: from [65.255.61.228] by msvc021.dlan.cinetic.de with HTTP; Sat Jun 09 22:18:32 CEST 2012 MIME-Version: 1.0 Message-ID: <trinity-56510f93-cf64-426b-9fa3-65426b502380-1339273112229@msvc021.dlan.cinetic.de> From: *** To:*** Subject: Hey Friend How are you?!! Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Importance: normal Date: Sat, 9 Jun 2012 22:18:32 +0200 (CEST) X-Priority: 3 X-Provags-ID: V02:K0:rnO2Ca12sSlqg2F66osy3KHonyyW7/h5YI9KITc8r4s jCodEz3CC7+IO/uDWb/QoxGri4C9DcGH7Dv9Fv6VYwZ9RLvWwK MWx7WzWB6AFMpSfXAVU4iMcjsGpELGXokYpGBuw5nRfiD38rbA PEbUq6TyrgMCaf8gVPH+iflW4CxTVjqVAsZoTcB4P0Ol11eTXZ gXLy5kO8Nl5BqQrzVeB8YYZrEwRD9Qf0Unb+eIHSaI/d6H0gwe K/qCOlkC/4rfH7ZM7u6IT02+YJZta9B3c9QE1TKNvamNR2c3wz us5CDYNJxOp77LgM8gnsJRpfPPqhEffCb3JV/0K2NdKTf1V2EQ bz2HQ1x2Pkniyk+YGDfAEgQ/TT65USJoapR2j/eBLxFHDDaZBC OYpI2iQw+UQ5hC9If02N2RP0b4xm4xHcBGpGPgDRzOCsvRYOdW iArhJ Danke fürs Lesen und Gruß, Crisperz |
|
12.06.2012, 14:59
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschicke Spam-EmailsZitat:
Warum kommst du zu so einer Aussage? Wer hat dir gesagt da war eine verdächtige Datei und warum postest du nicht welche Datei da ngeblich gefährlich ist? Zitat:
In so einem Log stehen schon ein paar mehr Infos drin als nur Fund oder kein Fund! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
12.06.2012, 20:01
| #3 |
| | Verschicke Spam-Emails Hallo Cosinus ,
__________________also ich habe (bevor ich von eurem Forum hier Wind bekommen habe :P) Hijackthis drüber laufen lassen, danach auf der Seite hijackthis.de eine Logfileauswertung gemacht und dort wurde eine Datei (weiß leider nicht mehr welche) als schädigend eingestuft. Habe diese daraufhin gelöscht. Den Tipp mit HijackThis habe ich von einem Bekannten bekommen. Entschuldige, das mit dem CODE-Tag wusste ich nicht. Hier die Logfile von Malwarebytes Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.10.01 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jan Kriegel :: BÄM [Administrator] Schutz: Aktiviert 10.06.2012 10:07:08 mbam-log-2012-06-10 (10-07-08).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 639172 Laufzeit: 2 Stunde(n), 30 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 10.06.2012 13:11:39 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 61,09% Memory free 7,35 Gb Paging File | 5,84 Gb Available in Paging File | 79,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 150,51 Gb Free Space | 66,93% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 187,98 Gb Free Space | 83,49% Space Free | Partition Type: NTFS Computer Name: BÄM | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.10 12:37:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- D:\Sony-Reader\appHelper\ReaderAppHelper.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.10.21 06:24:14 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.29 01:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.29 01:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.06.25 16:38:02 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe PRC - [2010.03.11 08:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 08:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.05.10 18:08:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll MOD - [2012.05.08 21:56:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.08 21:56:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll MOD - [2012.05.08 21:56:01 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll MOD - [2012.05.08 21:55:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.08 21:55:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.08 21:55:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.08 21:55:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.02.28 20:15:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.02.28 20:15:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- D:\Sony-Reader\appHelper\fsk.dll MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- D:\Sony-Reader\appHelper\readerAppHelper.dll MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- D:\Sony-Reader\appHelper\USBDetector.dll MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- D:\Sony-Reader\appHelper\FskNetInterface.dll MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- D:\Sony-Reader\appHelper\FskPower.dll MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- D:\Sony-Reader\appHelper\FskinLocalize.dll MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- D:\Sony-Reader\appHelper\FskTimeHardware.dll MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- D:\Sony-Reader\appHelper\ticket.dll MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- D:\Sony-Reader\appHelper\ebookDeviceNotifier.dll MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- D:\Sony-Reader\appHelper\FskDocumentViewer.dll MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- D:\Sony-Reader\appHelper\Fskin.dll MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- D:\Sony-Reader\appHelper\FskMobileMediaDevice.dll MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- D:\Sony-Reader\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- D:\Sony-Reader\appHelper\FskSecurity.dll MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- D:\Sony-Reader\appHelper\ebookUsb.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.06.29 01:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2012.04.06 12:58:55 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2012.04.06 12:58:47 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV:64bit: - [2010.10.20 23:26:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.04 20:01:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.12 05:56:08 | 000,204,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2) SRV - [2012.03.01 21:05:05 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.07.01 06:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.07.01 06:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.06.29 01:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.25 10:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.11 15:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.22 20:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.02.20 01:44:18 | 000,046,592 | ---- | M] (Dassault Systemes) [Auto | Running] -- D:\Catia\win_b64\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.12 17:14:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 12:58:48 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2012.03.01 21:04:02 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox) DRV:64bit: - [2012.03.01 21:03:56 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2012.03.01 21:03:12 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2012.03.01 20:59:01 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2012.03.01 20:53:01 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.10.21 00:02:30 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.20 23:10:52 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.10.20 22:52:08 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.25 04:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.25 04:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.25 04:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.25 04:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.25 04:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.19 20:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2009.12.01 19:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.01.02 14:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2012.03.01 21:05:43 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: D:\Sony-Reader\npreaderdetectmoz.dll (Sony Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.02.28 11:54:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.03 00:58:39 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Reader Application Detector (Enabled) = D:\Sony-Reader\npreaderdetectmoz.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.09 23:41:04 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15214 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [Reader Application Helper] D:\Sony-Reader\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5849EECF-20BB-438B-97C8-70375B895C94}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB34A0AD-FA18-4806-8B25-162234B5E3D1}: DhcpNameServer = 10.57.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.10 09:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.06.10 01:59:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.10 01:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.09 23:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.06.07 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Java [2012.06.06 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\libimobiledevice [2012.06.06 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\absinthe [2012.06.06 01:39:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\redsn0w [2012.06.06 01:35:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\redsn0w_win_0.9.12b1 [2012.06.05 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Jailbreak to do [2012.05.26 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MATLAB2 [2012.05.11 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Skyrim [2012.05.11 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games ========== Files - Modified Within 30 Days ========== [2012.06.10 13:18:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 13:18:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 13:10:14 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.06.10 13:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.10 13:09:24 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 12:45:04 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001UA.job [2012.06.10 12:37:02 | 000,000,154 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.10 12:30:13 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.10 12:30:13 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.10 12:30:13 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.10 12:30:13 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.10 12:30:13 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.09 23:41:04 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.09 23:28:34 | 000,001,266 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.09 11:27:59 | 000,000,084 | ---- | M] () -- C:\Users\***\Desktop\SPLITREASON.COM - - design - Man at Work.url [2012.06.08 22:18:05 | 000,000,116 | ---- | M] () -- C:\Users\***\Desktop\Alternative zu Spire oder Spite iOS 5.1.1 -.url [2012.06.08 21:45:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001Core.job [2012.06.07 15:41:13 | 000,000,130 | ---- | M] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url [2012.05.26 09:48:10 | 000,000,075 | ---- | M] () -- C:\Users\***\Desktop\HANFBURG GROWSHOP - HANFANBAU & HANFZUCHT LEHRGÄNGE.url [2012.05.24 13:55:40 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2012.05.24 08:37:35 | 000,000,097 | ---- | M] () -- C:\Users\***\Desktop\Pizza Hut Pizzateig (Rezept mit Bild) von claudi77 - Chefkoch.de.url [2012.05.12 23:44:26 | 000,001,091 | ---- | M] () -- C:\Users\***\Desktop\SkyrimLauncher - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.06.10 12:37:02 | 000,000,154 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.09 23:28:34 | 000,001,266 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.09 11:27:59 | 000,000,084 | ---- | C] () -- C:\Users\***\Desktop\SPLITREASON.COM - - design - Man at Work.url [2012.06.08 22:18:05 | 000,000,116 | ---- | C] () -- C:\Users\***\Desktop\Alternative zu Spire oder Spite iOS 5.1.1 -.url [2012.06.07 15:41:13 | 000,000,130 | ---- | C] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url [2012.05.26 09:48:10 | 000,000,075 | ---- | C] () -- C:\Users\***\Desktop\HANFBURG GROWSHOP - HANFANBAU & HANFZUCHT LEHRGÄNGE.url [2012.05.24 08:37:35 | 000,000,097 | ---- | C] () -- C:\Users\***\Desktop\Pizza Hut Pizzateig (Rezept mit Bild) von claudi77 - Chefkoch.de.url [2012.05.12 23:44:26 | 000,001,091 | ---- | C] () -- C:\Users\***\Desktop\SkyrimLauncher - Verknüpfung.lnk [2012.05.12 18:13:12 | 1204,746,239 | ---- | C] () -- C:\Users\***\Desktop\de-essky.iso [2012.04.12 17:15:02 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini [2012.04.06 19:28:50 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI [2012.03.01 19:53:01 | 000,415,635 | ---- | C] () -- C:\ProgramData\1330623337.bdinstall.bin [2012.02.28 11:46:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.02.28 11:46:52 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll [2012.02.28 11:46:52 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2012.02.28 11:46:52 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe [2012.02.28 11:46:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2012.02.28 11:46:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2012.02.28 11:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.28 11:26:21 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.11.10 17:50:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.11.10 17:20:12 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.11.10 17:20:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.11.10 17:20:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.11.10 17:20:12 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.11.10 17:20:12 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.11.10 17:20:11 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.03.01 19:52:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bitdefender [2012.04.06 16:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.12 17:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.16 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Deckadance19 [2012.03.08 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2012.04.17 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.04.29 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.04.17 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2012.03.03 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012.03.01 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.06.06 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SongManager [2012.06.10 13:10:14 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.04.18 08:40:54 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.06.2012 12:59:59 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,88% Memory free
7,35 Gb Paging File | 5,67 Gb Available in Paging File | 77,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,87 Gb Total Space | 150,52 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
Drive D: | 225,17 Gb Total Space | 187,98 Gb Free Space | 83,49% Space Free | Partition Type: NTFS
Computer Name: BÄM | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E604C60-CB03-4E52-995D-E79E8634AB11}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{251ACAC2-D903-4286-964C-A880FB3F9B34}" = lport=10243 | protocol=6 | dir=in | app=system |
"{268955CF-8F65-405A-A09C-C6E04ED7652C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2AFCE442-BFE2-4E4A-AA1C-17ED418DD7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B389085-19E1-46FF-AB6A-D9091D617FA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{4BF1178A-BB19-4067-B5DE-B1BC15DCD18F}" = lport=138 | protocol=17 | dir=in | app=system |
"{53E9EBB5-0F1A-467B-91CD-6C291FD5CE25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57EB7827-1CC2-406F-8A8D-C99EDF87A662}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C0B89F6-7E35-4E8A-8ACA-D0A500AEE227}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{671278A9-737A-4DEF-B7D6-9AC09EC7CC61}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86F9B09C-82DA-4009-991A-1FAE0F173759}" = rport=445 | protocol=6 | dir=out | app=system |
"{9479E519-8757-4EBC-8BD9-1753797B88F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{976ABAA3-D42E-4AE7-A1D7-CD18B8081CDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A66E75EB-A9B5-4E91-B728-39B88B67F48C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9B37970-AA45-4AA4-8C65-225E6F7AAF4A}" = lport=137 | protocol=17 | dir=in | app=system |
"{B30DA8E9-EF2E-473F-8601-A0854629DF85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B744F1BC-7DAF-42CF-B482-D50EA752F0E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8D5CC8B-C084-445E-8CE4-EB4DB0477AFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4152E36-FC97-445B-917A-491D3BFC7A86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEDC279A-6D30-4BF4-8ED1-621C21AB8F17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5AC5870-F191-44DE-AB59-A23B83742A08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E7BD7A90-D98E-44B0-8346-7692D012E202}" = lport=139 | protocol=6 | dir=in | app=system |
"{EACC6CFC-66E2-4952-8F56-5CABC7DEF698}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F11B7233-F318-4CCB-9F64-156A1696F9F0}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCA2755-A618-4866-B668-4B97864A02B0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{0BEFF176-2CFC-498B-B5B5-8A0DBD0D6171}" = dir=in | app=d:\itunes\itunes.exe |
"{162BD845-ED66-4D1E-AEA3-02EA596B296B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C197AC1-D259-430C-8A43-E167EF8FC7D0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{1E385960-D782-4F1F-ABF3-348A9ADB09A2}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{1EE7F67C-6772-4594-96AD-0FED9D099D52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22994C4A-27F4-4AB1-BE51-CEA13275DB93}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{23FABF43-16B4-4A41-94D2-907523A412A3}" = protocol=17 | dir=in | app=d:\steam\steamapps\crisperz1\counter-strike source\hl2.exe |
"{2641AA79-1673-4957-A77E-19002AF22D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{26A26828-DE4F-4FFF-9181-F8E71356371A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{27BB22AD-7C52-42F0-B718-CF82A044EE24}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{28F41CF5-3CA8-4849-BB23-7588205768E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29DDBE38-E317-4F0D-BD76-F4397B547C32}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{403C25BB-EC6B-487A-AFCA-A93FB6FB9106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A45AA48-1E85-4522-B993-AF25D1202A73}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5C64D854-C9AB-4111-8970-72E556F46C3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D9C1BD8-E2F0-487E-BA54-D5FDC23394B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75A5DDE7-79E4-4DFE-9021-2761B8CC9525}" = protocol=6 | dir=in | app=d:\steam\steamapps\crisperz1\counter-strike source\hl2.exe |
"{7935E4CF-24AE-45B0-BC6F-621A6CAAA9DF}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{80A03DA7-BA40-44F1-B69C-952DD319940C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82BF7F19-E3F9-4DD8-89B5-0AE2BC56B10A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{832C37EA-0873-459E-A6CC-BDD406FDB463}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{868DA542-0CD9-4CEB-BB1E-2F4780A06B61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{915E99F4-D29C-4F92-8804-2C7B709A76B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9558C2FC-06F4-4EEE-9C36-547FB91FB38B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95FBC384-838E-413F-B223-82F84EADBC06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{961FA9CD-A33A-4BDE-824E-702B57AFD6F7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BEB2345-CC8D-458B-A318-D75336616978}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9F0684CF-6831-48B2-9E74-6C860A113203}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{A133E428-86FB-401A-A80E-E87280CC649B}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{A19976D3-5D84-4D32-95E4-B1DDDDDF9D89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6E3D7D8-6DB4-4715-B392-62A52448CBC6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A7D82905-2D0A-4153-B5C0-E97EC797AFFB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A9948276-859F-4C6C-851D-3639ACE34E98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C034A782-1F1C-45B8-9A0A-226424B4FFCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C2EFF68B-6F6F-476E-9093-EB3E77EE07B6}" = protocol=6 | dir=out | app=system |
"{CB4C87DC-A47B-4DE1-8425-37545F4CCE0C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CB5DF051-91AC-4F57-87B0-8E7E51853A31}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CB99B471-5A60-4573-BD6F-F9DF470B457D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB3DBD9E-4EB7-4668-9046-19435A4FF0BF}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{DE88650C-FC0B-4DD6-90B4-74CDBDE0CDEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E03BBF8D-7447-463C-A194-9A0B42B3DB82}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E1773F32-B7D3-47C4-BCD6-801A6185FAF3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{E3B0A80F-FE1C-49B1-ABA9-43FC11B49948}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E9FAC1C0-4EC5-4046-8AC5-11787301CEAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA4861BF-CCCB-4017-90B2-7EB88F9203BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFC78122-89AD-43E1-BD0B-8133C81DC907}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F8FAE1E8-4708-4FBA-A906-D9C98B2483BE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD4E85E1-E012-483C-B504-23C76C3809C1}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{FD7D420A-FC8F-4790-BDC9-FEE2E77A8475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEEBCE98-411D-481D-B5E3-F37106393410}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FEEF2795-4370-451D-921C-874130A70F73}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{0BCA16A4-5148-4F9A-B2EB-97BB117FCE9C}D:\catia\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\orbixd.exe |
"TCP Query User{B8DD8E27-1D22-4878-8823-FC14429FAB8C}D:\catia\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe |
"TCP Query User{D6991E80-187B-478D-AC27-C800351A7036}D:\catia\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe |
"UDP Query User{23121440-C7FF-45D0-A3AD-E56A247A8E21}D:\catia\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe |
"UDP Query User{908C2632-3944-4D0C-B8A6-5DDFB896D810}D:\catia\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe |
"UDP Query User{E32E0070-9111-41B4-AC73-8444690B377A}D:\catia\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\orbixd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012
"{2B0B6950-2F09-4351-8638-DC6E163DE8FF}" = Nitro Pro 7
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{6DBD1CB9-C0FB-86FC-D25A-52B9CA6F6E82}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D360EAD-35A6-238B-9790-94408681FC5D}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bitdefender" = Bitdefender Antivirus Plus 2012
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{093C7142-1E6A-C1B8-12C7-D784676488A9}" = CCC Help Chinese Traditional
"{0D41D56D-3952-B85B-FA41-D09934AC6DD1}" = CCC Help Chinese Standard
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13AD742D-ADB6-B3DB-89B0-96AE2F79B81D}" = ccc-core-static
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18EDC8AB-D0CF-8678-A828-3D18F21E5264}" = Catalyst Control Center InstallProxy
"{1A2422A8-6D49-1734-67FF-EC4F544170DB}" = CCC Help Polish
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{223E728C-D2B1-333B-81F8-32017DC2CCDA}" = CCC Help Norwegian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28EA0358-478B-5C81-D070-245CE678D75B}" = CCC Help Thai
"{302B0B7E-7A19-50E1-99F7-D08FB9160973}" = CCC Help Italian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F639515-0E53-DCF5-135C-C39B5AA42EC7}" = CCC Help Russian
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{48785B21-D8D8-48F9-3404-4CCC9AC7C375}" = CCC Help Spanish
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{776AF279-0720-227B-7A74-AA5292C9D53A}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{84C92FC5-74D0-BFF9-36C9-880C02AE9ABE}" = CCC Help Dutch
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954BC3C0-F0A4-A48A-2585-3C059B9A2772}" = CCC Help Japanese
"{981DEDC9-B1DE-DC6E-891F-E82553FBA979}" = Catalyst Control Center Graphics Previews Vista
"{9959AE7D-447C-204F-F4FF-3837B5A74AEC}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F5819DF-44D2-BE6D-8AC3-A3365FE5C49E}" = CCC Help Czech
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A28678E9-585E-FA4A-FB5C-D507AF25D1A7}" = Catalyst Control Center Localization All
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1B5FCCC-F7AC-AE3E-6E8C-6B3407DE0B04}" = CCC Help Korean
"{B2B3A9F8-2186-2999-B766-A0EDB8299174}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D53192-1D62-3E07-15F1-27AE2519C5FC}" = CCC Help Greek
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BF9B92A9-4B53-9178-D0E4-10159D640EC1}" = CCC Help Hungarian
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8D48524-5390-F032-C6A1-A5B7463B4CE2}" = CCC Help French
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA523EE-7458-4D0D-1DB3-3A4C51A5EA14}" = CCC Help English
"{CE76F39C-556B-C5E5-0909-E04200DB65FF}" = CCC Help Turkish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5405C62-539F-3774-10D3-FAC8F4CA1B4C}" = PX Profile Update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4AD2F84-F76A-703F-4F5E-E91FDEE35B5A}" = CCC Help Portuguese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F96602AD-82B9-B7F4-8614-E13F3D198791}" = CCC Help Danish
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASIO4ALL" = ASIO4ALL
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deckadance" = Deckadance
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Steam App 240" = Counter-Strike: Source
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2012 08:40:25 | Computer Name = Bäm | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 17.04.2012 13:27:25 | Computer Name = Bäm | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pdf24-Editor.exe, Version: 4.4.3.0,
Zeitstempel: 0x4f7b2404 Name des fehlerhaften Moduls: pdf24-Editor.exe, Version:
4.4.3.0, Zeitstempel: 0x4f7b2404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002d785
ID
des fehlerhaften Prozesses: 0x390 Startzeit der fehlerhaften Anwendung: 0x01cd1cbf5a243a7b
Pfad
der fehlerhaften Anwendung: D:\PDF24\pdf24-Editor.exe Pfad des fehlerhaften Moduls:
D:\PDF24\pdf24-Editor.exe Berichtskennung: 9870e7ec-88b2-11e1-9006-60eb69957375
Error - 22.04.2012 03:08:23 | Computer Name = Bäm | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6117.5001,
Zeitstempel: 0x4f3e2d20 Name des fehlerhaften Moduls: wwlib.dll, Version: 14.0.6024.1000,
Zeitstempel: 0x4d83e39d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029fd3 ID des fehlerhaften
Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01cd20562b5749a0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office14\wwlib.dll
Berichtskennung:
f249ef2f-8c49-11e1-82c1-60eb69957375
Error - 24.04.2012 16:19:22 | Computer Name = Bäm | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: reader.exe, Version: 1.1.5.13310,
Zeitstempel: 0x4f28b13e Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.3.0,
Zeitstempel: 0x4d92c65a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020366 ID des fehlerhaften
Prozesses: 0x14d4 Startzeit der fehlerhaften Anwendung: 0x01cd225738c2440d Pfad der
fehlerhaften Anwendung: D:\Sony-Reader\reader.exe Pfad des fehlerhaften Moduls:
D:\Sony-Reader\QtCore4.dll Berichtskennung: c71ac2b9-8e4a-11e1-9695-60eb69957375
Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 138669
Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 138669
Error - 28.04.2012 11:05:43 | Computer Name = Bäm | Source = Application Hang | ID = 1002
Description = Programm reader.exe, Version 1.1.5.13310 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cf8 Startzeit:
01cd254debba944e Endzeit: 32 Anwendungspfad: D:\Sony-Reader\reader.exe Berichts-ID:
9d856c77-9143-11e1-9b19-60eb69957375
Error - 12.05.2012 06:22:15 | Computer Name = Bäm | Source = Application Hang | ID = 1002
Description = Programm steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 874 Startzeit:
01cd302903e70b13 Endzeit: 0 Anwendungspfad: D:\Steam\steam.exe Berichts-ID: 559422ba-9c1c-11e1-b96d-60eb69957375
Error - 15.05.2012 02:20:25 | Computer Name = Bäm | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.1.21.0, Zeitstempel:
0x4ea9b052 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec49d10 Ausnahmecode: 0xc0000029 Fehleroffset: 0x00090746 ID des fehlerhaften Prozesses:
0xcbc Startzeit der fehlerhaften Anwendung: 0x01cd324dfc36c506 Pfad der fehlerhaften
Anwendung: D:\The Elder Scrolls V- Skyrim\TESV.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0e4e64d4-9e56-11e1-b4a7-60eb69957375
[ System Events ]
Error - 09.06.2012 17:55:50 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 09.06.2012 19:32:30 | Computer Name = Bäm | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 09.06.2012 19:32:30 | Computer Name = Bäm | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 09.06.2012 19:33:54 | Computer Name = Bäm | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 09.06.2012 19:33:54 | Computer Name = Bäm | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 10.06.2012 03:43:56 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 10.06.2012 04:04:24 | Computer Name = Bäm | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 10.06.2012 04:05:00 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
Error - 10.06.2012 06:52:09 | Computer Name = Bäm | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 10.06.2012 06:52:59 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
trufos
< End of report >
|
|
12.06.2012, 22:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam-EmailsZitat:
- Datei nicht notiert - die Funktion der angeblichen Datei (wohl eher meinst du eine Zeile im Hijackthis-Log) ist dir nicht bekannt - nur weil die automatische Auswertung mit all ihren Fehlern meint da wäre was böse fixt du gleich etwas Bitte mach solche u.ä. Dinge auf KEINEN FALL OHNE Absprache! Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.06.2012, 18:47
| #5 |
| | Verschicke Spam-EmailsCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=03348c3af5ca13418c31ceb4daf8ed04
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 10:49:14
# local_time=2012-06-10 12:49:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 8695329 90945873 0 0
# compatibility_mode=8192 67108863 100 0 1446 1446 0 0
# scanned=60954
# found=0
# cleaned=0
# scan_time=9332
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=03348c3af5ca13418c31ceb4daf8ed04
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-14 05:03:05
# local_time=2012-06-14 07:03:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 9063695 91314239 0 0
# compatibility_mode=8192 67108863 100 0 369812 369812 0 0
# scanned=445855
# found=0
# cleaned=0
# scan_time=8996
|
|
15.06.2012, 12:00
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam-Emails Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Verschicke Spam-Emails |
|
05.07.2012, 19:41
| #7 |
| | Verschicke Spam-EmailsCode:
ATTFilter OTL logfile created on: 05.07.2012 20:22:03 - Run 4 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 54,70% Memory free 7,35 Gb Paging File | 5,46 Gb Available in Paging File | 74,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 153,63 Gb Free Space | 68,32% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 187,97 Gb Free Space | 83,48% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BÄM | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Sony-Reader\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - D:\Sony-Reader\appHelper\fsk.dll () MOD - D:\Sony-Reader\appHelper\readerAppHelper.dll () MOD - D:\Sony-Reader\appHelper\USBDetector.dll () MOD - D:\Sony-Reader\appHelper\FskNetInterface.dll () MOD - D:\Sony-Reader\appHelper\FskPower.dll () MOD - D:\Sony-Reader\appHelper\FskinLocalize.dll () MOD - D:\Sony-Reader\appHelper\FskTimeHardware.dll () MOD - D:\Sony-Reader\appHelper\ticket.dll () MOD - D:\Sony-Reader\appHelper\ebookDeviceNotifier.dll () MOD - D:\Sony-Reader\appHelper\FskDocumentViewer.dll () MOD - D:\Sony-Reader\appHelper\Fskin.dll () MOD - D:\Sony-Reader\appHelper\FskMobileMediaDevice.dll () MOD - D:\Sony-Reader\appHelper\FskMediaPlayers.dll () MOD - D:\Sony-Reader\appHelper\FskSecurity.dll () MOD - D:\Sony-Reader\appHelper\ebookUsb.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender) SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Update Server) -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender) SRV - (NitroDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (BBDemon) -- D:\Catia\win_b64\code\bin\CATSysDemon.exe (Dassault Systemes) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.) DRV:64bit: - (bdsandbox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL) DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender) DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender) DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender) DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM) DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3034614752-1738423758-3299665760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-3034614752-1738423758-3299665760-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-3034614752-1738423758-3299665760-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3034614752-1738423758-3299665760-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3034614752-1738423758-3299665760-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: D:\Sony-Reader\npreaderdetectmoz.dll (Sony Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.02.28 11:54:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.03 00:58:39 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Reader Application Detector (Enabled) = D:\Sony-Reader\npreaderdetectmoz.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.09 23:41:04 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15214 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [Reader Application Helper] D:\Sony-Reader\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3034614752-1738423758-3299665760-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [{90140000-001A-0407-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [{90140000-001A-0407-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5849EECF-20BB-438B-97C8-70375B895C94}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB34A0AD-FA18-4806-8B25-162234B5E3D1}: DhcpNameServer = 10.57.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe - (Acer Incorporated) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Outlook 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe - () MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BDAgent - hkey= - key= - C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Deamon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - D:\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - D:\PDF24\pdf24.exe (Geek Software GmbH) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: McMPFSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 19:53:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wohnung fn [2012.06.25 20:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast [2012.06.25 20:44:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2012.06.25 20:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2012.06.25 20:44:03 | 000,000,000 | ---D | C] -- C:\Users\***\Neuer Ordner [2012.06.14 19:55:37 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2012.06.14 19:55:22 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys [2012.06.14 19:55:12 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2012.06.14 19:55:02 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2012.06.14 19:51:36 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2012.06.14 19:51:23 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys [2012.06.14 19:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012 [2012.06.13 19:25:49 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.06.10 13:25:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\troj board [2012.06.10 09:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.06.10 01:59:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.10 01:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.09 23:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.06.07 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Java [2012.06.06 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\libimobiledevice [2012.06.06 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\absinthe [2012.06.06 01:39:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\redsn0w ========== Files - Modified Within 30 Days ========== [2012.07.05 19:45:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001UA.job [2012.07.05 18:02:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 18:02:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:55:09 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.07.05 17:54:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 17:54:20 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2012.07.04 21:45:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001Core.job [2012.06.27 20:06:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.27 20:06:47 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.27 20:06:47 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.27 20:06:47 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.27 20:06:47 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.25 20:56:50 | 000,000,999 | ---- | M] () -- C:\Users\***\Desktop\SopCast.lnk [2012.06.14 19:55:37 | 000,329,800 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2012.06.14 19:55:22 | 000,079,952 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys [2012.06.14 19:55:12 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2012.06.14 19:55:02 | 000,258,736 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2012.06.14 19:51:36 | 000,545,064 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2012.06.14 19:51:23 | 000,442,088 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys [2012.06.14 19:50:38 | 000,290,433 | ---- | M] () -- C:\ProgramData\1339695481.bdinstall.bin [2012.06.14 19:50:08 | 000,000,262 | -H-- | M] () -- C:\bdr-conf [2012.06.14 19:49:45 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2012.lnk [2012.06.14 16:27:47 | 000,141,550 | ---- | M] () -- C:\ProgramData\1339683897.bdinstall.bin [2012.06.14 00:09:53 | 000,428,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.10 12:37:02 | 000,000,154 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.09 23:41:04 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.09 23:28:34 | 000,001,266 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.07 15:41:13 | 000,000,130 | ---- | M] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url ========== Files Created - No Company Name ========== [2012.06.25 20:44:26 | 000,000,999 | ---- | C] () -- C:\Users\***\Desktop\SopCast.lnk [2012.06.14 19:50:38 | 000,290,433 | ---- | C] () -- C:\ProgramData\1339695481.bdinstall.bin [2012.06.14 19:50:08 | 026,550,299 | -H-- | C] () -- C:\bdrescue.gz [2012.06.14 19:50:08 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm [2012.06.14 19:50:08 | 000,217,769 | -H-- | C] () -- C:\bdrescue [2012.06.14 19:50:08 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr [2012.06.14 19:50:08 | 000,000,262 | -H-- | C] () -- C:\bdr-conf [2012.06.14 19:49:45 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2012.lnk [2012.06.14 16:27:47 | 000,141,550 | ---- | C] () -- C:\ProgramData\1339683897.bdinstall.bin [2012.06.10 12:37:02 | 000,000,154 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.09 23:28:34 | 000,001,266 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.07 15:41:13 | 000,000,130 | ---- | C] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url [2012.04.12 17:15:02 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini [2012.04.06 19:28:50 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI [2012.03.01 19:53:01 | 000,415,635 | ---- | C] () -- C:\ProgramData\1330623337.bdinstall.bin [2012.02.28 11:46:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.02.28 11:46:52 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll [2012.02.28 11:46:52 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2012.02.28 11:46:52 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe [2012.02.28 11:46:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2012.02.28 11:46:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2012.02.28 11:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.28 11:26:21 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.11.10 17:50:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.11.10 17:20:12 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.11.10 17:20:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.11.10 17:20:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.11.10 17:20:12 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.11.10 17:20:12 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.11.10 17:20:11 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.03.01 19:52:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bitdefender [2012.04.06 16:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.12 17:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.16 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Deckadance19 [2012.03.08 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2012.04.17 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.04.29 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.04.17 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2012.03.03 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012.03.01 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.06.06 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SongManager [2012.07.05 17:55:09 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.06.23 10:38:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.04 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.03.08 23:08:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2012.06.10 05:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2012.03.01 19:52:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bitdefender [2012.04.06 16:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.03.03 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2012.04.12 17:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.16 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Deckadance19 [2012.03.08 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2012.03.07 19:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2012.04.17 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.04.29 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.03.01 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2012.03.01 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel Corporation [2012.03.01 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.06.10 01:59:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.04.12 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.21 00:49:26 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.04.17 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2012.03.03 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012.03.01 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.06.06 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2012.07.04 20:47:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SongManager [2012.04.17 17:24:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation [2012.04.17 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.04.29 17:26:03 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe [2012.04.29 17:26:03 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe [2012.04.29 17:26:03 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2012.06.14 19:51:32 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\lib\eventlog.dll < MD5 for: IASTOR.SYS > [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys < MD5 for: IASTORV.SYS > [2011.05.16 17:23:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.05.16 17:23:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.05.16 17:23:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.05.16 17:23:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report >  |
|
05.07.2012, 20:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam-Emails Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell - "" = AutoRun
O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell - "" = AutoRun
O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 21:24
| #9 |
| | Verschicke Spam-EmailsCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0496327a-848e-11e1-95bf-60eb69957375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0496327a-848e-11e1-95bf-60eb69957375}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35679a60-6d21-11e1-b62d-60eb69957375}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35679a60-6d21-11e1-b62d-60eb69957375}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bc627a8-61f3-11e1-a798-806e6f6e6963}\ not found.
File E:\autorun.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 303042448 bytes
->Temporary Internet Files folder emptied: 164440431 bytes
->Google Chrome cache emptied: 384665202 bytes
->Flash cache emptied: 7477 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45727892 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 19620354 bytes
Total Files Cleaned = 875,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.48.0 log created on 07052012_221312
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP00000001CC2B7B4C2A63B441 not found!
Registry entries deleted on Reboot...
|
|
05.07.2012, 21:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam-Emails Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 21:45
| #11 |
| | Verschicke Spam-EmailsCode:
ATTFilter 22:41:20.0505 4144 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
22:41:20.0723 4144 ============================================================
22:41:20.0723 4144 Current date / time: 2012/07/05 22:41:20.0723
22:41:20.0723 4144 SystemInfo:
22:41:20.0723 4144
22:41:20.0723 4144 OS Version: 6.1.7600 ServicePack: 0.0
22:41:20.0723 4144 Product type: Workstation
22:41:20.0723 4144 ComputerName: BÄM
22:41:20.0723 4144 UserName: ***
22:41:20.0723 4144 Windows directory: C:\Windows
22:41:20.0723 4144 System windows directory: C:\Windows
22:41:20.0723 4144 Running under WOW64
22:41:20.0723 4144 Processor architecture: Intel x64
22:41:20.0723 4144 Number of processors: 4
22:41:20.0723 4144 Page size: 0x1000
22:41:20.0723 4144 Boot type: Normal boot
22:41:20.0723 4144 ============================================================
22:41:21.0113 4144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:41:21.0113 4144 ============================================================
22:41:21.0113 4144 \Device\Harddisk0\DR0:
22:41:21.0113 4144 MBR partitions:
22:41:21.0113 4144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000
22:41:21.0113 4144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x1C1BE000
22:41:21.0113 4144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E131000, BlocksNum 0x1C254800
22:41:21.0113 4144 ============================================================
22:41:21.0129 4144 C: <-> \Device\Harddisk0\DR0\Partition1
22:41:21.0160 4144 D: <-> \Device\Harddisk0\DR0\Partition2
22:41:21.0160 4144 ============================================================
22:41:21.0160 4144 Initialize success
22:41:21.0160 4144 ============================================================
22:41:27.0010 4072 ============================================================
22:41:27.0010 4072 Scan started
22:41:27.0025 4072 Mode: Manual; SigCheck; TDLFS;
22:41:27.0025 4072 ============================================================
22:41:27.0400 4072 !SASCORE - ok
22:41:27.0540 4072 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:41:27.0603 4072 1394ohci - ok
22:41:27.0649 4072 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:41:27.0681 4072 ACPI - ok
22:41:27.0696 4072 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:41:27.0743 4072 AcpiPmi - ok
22:41:27.0790 4072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:41:27.0837 4072 adp94xx - ok
22:41:27.0883 4072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:41:27.0899 4072 adpahci - ok
22:41:27.0915 4072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:41:27.0930 4072 adpu320 - ok
22:41:27.0977 4072 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:41:28.0024 4072 AeLookupSvc - ok
22:41:28.0102 4072 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:41:28.0133 4072 AFD - ok
22:41:28.0180 4072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:41:28.0180 4072 agp440 - ok
22:41:28.0227 4072 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:41:28.0242 4072 ALG - ok
22:41:28.0258 4072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:41:28.0273 4072 aliide - ok
22:41:28.0320 4072 AMD External Events Utility (893d2125996bb8b92054d743d75fdc09) C:\Windows\system32\atiesrxx.exe
22:41:28.0351 4072 AMD External Events Utility - ok
22:41:28.0398 4072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:41:28.0414 4072 amdide - ok
22:41:28.0429 4072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:41:28.0461 4072 AmdK8 - ok
22:41:28.0866 4072 amdkmdag (6aa57c2c6b586cac8910a142928a79c7) C:\Windows\system32\DRIVERS\atikmdag.sys
22:41:29.0053 4072 amdkmdag - ok
22:41:29.0241 4072 amdkmdap (2705b5af991eff9396109fbe63635fc9) C:\Windows\system32\DRIVERS\atikmpag.sys
22:41:29.0272 4072 amdkmdap - ok
22:41:29.0303 4072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:41:29.0334 4072 AmdPPM - ok
22:41:29.0365 4072 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
22:41:29.0381 4072 amdsata - ok
22:41:29.0428 4072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:41:29.0443 4072 amdsbs - ok
22:41:29.0459 4072 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
22:41:29.0475 4072 amdxata - ok
22:41:29.0506 4072 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:41:29.0521 4072 AppID - ok
22:41:29.0553 4072 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:41:29.0599 4072 AppIDSvc - ok
22:41:29.0631 4072 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:41:29.0662 4072 Appinfo - ok
22:41:29.0771 4072 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:41:29.0787 4072 Apple Mobile Device - ok
22:41:29.0818 4072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:41:29.0833 4072 arc - ok
22:41:29.0849 4072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:41:29.0865 4072 arcsas - ok
22:41:29.0896 4072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:41:29.0943 4072 AsyncMac - ok
22:41:30.0005 4072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:41:30.0005 4072 atapi - ok
22:41:30.0067 4072 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
22:41:30.0083 4072 AtiHdmiService - ok
22:41:30.0161 4072 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:41:30.0223 4072 AudioEndpointBuilder - ok
22:41:30.0239 4072 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:41:30.0270 4072 AudioSrv - ok
22:41:30.0333 4072 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:41:30.0348 4072 AxInstSV - ok
22:41:30.0411 4072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:41:30.0442 4072 b06bdrv - ok
22:41:30.0489 4072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:41:30.0535 4072 b57nd60a - ok
22:41:30.0769 4072 BBDemon (b29c7589d02f1e65b9ed806b2c55d546) D:\Catia\win_b64\code\bin\CATSysDemon.exe
22:41:40.0597 4072 BBDemon ( UnsignedFile.Multi.Generic ) - warning
22:41:40.0597 4072 BBDemon - detected UnsignedFile.Multi.Generic (1)
22:41:40.0863 4072 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:41:40.0941 4072 BCM43XX - ok
22:41:41.0065 4072 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:41:41.0097 4072 BDESVC - ok
22:41:41.0190 4072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:41:41.0237 4072 Beep - ok
22:41:41.0331 4072 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:41:41.0409 4072 BFE - ok
22:41:41.0502 4072 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
22:41:41.0611 4072 BITS - ok
22:41:41.0658 4072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:41:41.0689 4072 blbdrive - ok
22:41:41.0783 4072 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:41:41.0814 4072 Bonjour Service - ok
22:41:41.0861 4072 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:41:41.0892 4072 bowser - ok
22:41:41.0923 4072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:41:41.0939 4072 BrFiltLo - ok
22:41:41.0955 4072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:41:41.0970 4072 BrFiltUp - ok
22:41:42.0001 4072 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:41:42.0064 4072 Browser - ok
22:41:42.0079 4072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:41:42.0126 4072 Brserid - ok
22:41:42.0126 4072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:41:42.0157 4072 BrSerWdm - ok
22:41:42.0173 4072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:41:42.0189 4072 BrUsbMdm - ok
22:41:42.0220 4072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:41:42.0235 4072 BrUsbSer - ok
22:41:42.0282 4072 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
22:41:42.0298 4072 BthEnum - ok
22:41:42.0329 4072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:41:42.0345 4072 BTHMODEM - ok
22:41:42.0376 4072 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:41:42.0407 4072 BthPan - ok
22:41:42.0516 4072 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
22:41:42.0563 4072 BTHPORT - ok
22:41:42.0610 4072 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:41:42.0657 4072 bthserv - ok
22:41:42.0657 4072 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
22:41:42.0672 4072 BTHUSB - ok
22:41:42.0719 4072 btwampfl (73a1c54749fe4f0019241e36c796ab86) C:\Windows\system32\drivers\btwampfl.sys
22:41:42.0750 4072 btwampfl - ok
22:41:42.0781 4072 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
22:41:42.0797 4072 btwaudio - ok
22:41:42.0813 4072 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
22:41:42.0828 4072 btwavdt - ok
22:41:42.0953 4072 btwdins (4e6ac6475ef653bdffda67a74b9591d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:41:43.0000 4072 btwdins - ok
22:41:43.0031 4072 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:41:43.0047 4072 btwl2cap - ok
22:41:43.0062 4072 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
22:41:43.0062 4072 btwrchid - ok
22:41:43.0093 4072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:41:43.0156 4072 cdfs - ok
22:41:43.0187 4072 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:41:43.0218 4072 cdrom - ok
22:41:43.0249 4072 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:41:43.0296 4072 CertPropSvc - ok
22:41:43.0312 4072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:41:43.0343 4072 circlass - ok
22:41:43.0390 4072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:41:43.0421 4072 CLFS - ok
22:41:43.0483 4072 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:41:43.0499 4072 clr_optimization_v2.0.50727_32 - ok
22:41:43.0530 4072 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:41:43.0546 4072 clr_optimization_v2.0.50727_64 - ok
22:41:43.0624 4072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:41:43.0624 4072 clr_optimization_v4.0.30319_32 - ok
22:41:43.0686 4072 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:41:43.0686 4072 clr_optimization_v4.0.30319_64 - ok
22:41:43.0733 4072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:41:43.0749 4072 CmBatt - ok
22:41:43.0764 4072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:41:43.0780 4072 cmdide - ok
22:41:43.0827 4072 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
22:41:43.0873 4072 CNG - ok
22:41:43.0920 4072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:41:43.0936 4072 Compbatt - ok
22:41:43.0951 4072 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:41:43.0983 4072 CompositeBus - ok
22:41:43.0983 4072 COMSysApp - ok
22:41:43.0998 4072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:41:44.0014 4072 crcdisk - ok
22:41:44.0061 4072 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
22:41:44.0092 4072 CryptSvc - ok
22:41:44.0139 4072 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:41:44.0201 4072 DcomLaunch - ok
22:41:44.0248 4072 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:41:44.0310 4072 defragsvc - ok
22:41:44.0357 4072 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:41:44.0357 4072 DfsC - ok
22:41:44.0404 4072 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:41:44.0435 4072 Dhcp - ok
22:41:44.0482 4072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:41:44.0529 4072 discache - ok
22:41:44.0575 4072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:41:44.0575 4072 Disk - ok
22:41:44.0607 4072 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:41:44.0638 4072 Dnscache - ok
22:41:44.0747 4072 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:41:44.0809 4072 dot3svc - ok
22:41:44.0825 4072 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:41:44.0872 4072 DPS - ok
22:41:44.0934 4072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:41:44.0950 4072 drmkaud - ok
22:41:45.0059 4072 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:41:45.0090 4072 DsiWMIService - ok
22:41:45.0153 4072 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:41:45.0153 4072 dtsoftbus01 - ok
22:41:45.0215 4072 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
22:41:45.0246 4072 DXGKrnl - ok
22:41:45.0293 4072 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:41:45.0309 4072 E1G60 - ok
22:41:45.0340 4072 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:41:45.0402 4072 EapHost - ok
22:41:45.0605 4072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:41:45.0730 4072 ebdrv - ok
22:41:45.0839 4072 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:41:45.0870 4072 EFS - ok
22:41:45.0948 4072 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:41:46.0011 4072 ehRecvr - ok
22:41:46.0042 4072 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:41:46.0057 4072 ehSched - ok
22:41:46.0151 4072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:41:46.0182 4072 elxstor - ok
22:41:46.0307 4072 ePowerSvc (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
22:41:46.0354 4072 ePowerSvc - ok
22:41:46.0447 4072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:41:46.0479 4072 ErrDev - ok
22:41:46.0525 4072 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:41:46.0588 4072 EventSystem - ok
22:41:46.0635 4072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:41:46.0713 4072 exfat - ok
22:41:46.0744 4072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:41:46.0806 4072 fastfat - ok
22:41:46.0900 4072 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:41:46.0962 4072 Fax - ok
22:41:46.0993 4072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:41:47.0025 4072 fdc - ok
22:41:47.0071 4072 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:41:47.0118 4072 fdPHost - ok
22:41:47.0134 4072 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:41:47.0165 4072 FDResPub - ok
22:41:47.0181 4072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:41:47.0196 4072 FileInfo - ok
22:41:47.0196 4072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:41:47.0243 4072 Filetrace - ok
22:41:47.0274 4072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:41:47.0274 4072 flpydisk - ok
22:41:47.0305 4072 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:41:47.0337 4072 FltMgr - ok
22:41:47.0399 4072 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
22:41:47.0477 4072 FontCache - ok
22:41:47.0571 4072 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:41:47.0586 4072 FontCache3.0.0.0 - ok
22:41:47.0617 4072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:41:47.0633 4072 FsDepends - ok
22:41:47.0664 4072 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:41:47.0680 4072 Fs_Rec - ok
22:41:47.0711 4072 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:41:47.0742 4072 fvevol - ok
22:41:47.0773 4072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:41:47.0789 4072 gagp30kx - ok
22:41:47.0836 4072 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:41:47.0851 4072 GEARAspiWDM - ok
22:41:47.0929 4072 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:41:47.0976 4072 gpsvc - ok
22:41:48.0054 4072 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:41:48.0070 4072 GREGService - ok
22:41:48.0085 4072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:41:48.0101 4072 hcw85cir - ok
22:41:48.0163 4072 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:41:48.0210 4072 HdAudAddService - ok
22:41:48.0273 4072 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:41:48.0288 4072 HDAudBus - ok
22:41:48.0335 4072 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:41:48.0335 4072 HECIx64 - ok
22:41:48.0351 4072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:41:48.0366 4072 HidBatt - ok
22:41:48.0382 4072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:41:48.0413 4072 HidBth - ok
22:41:48.0429 4072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:41:48.0460 4072 HidIr - ok
22:41:48.0491 4072 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:41:48.0538 4072 hidserv - ok
22:41:48.0569 4072 Scan interrupted by user!
22:41:48.0569 4072 Scan interrupted by user!
22:41:48.0569 4072 Scan interrupted by user!
22:41:48.0569 4072 ============================================================
22:41:48.0569 4072 Scan finished
22:41:48.0569 4072 ============================================================
22:41:48.0569 1348 Detected object count: 1
22:41:48.0569 1348 Actual detected object count: 1
22:41:55.0417 1348 BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:55.0417 1348 BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:41:57.0321 1940 ============================================================
22:41:57.0321 1940 Scan started
22:41:57.0321 1940 Mode: Manual; SigCheck; TDLFS;
22:41:57.0321 1940 ============================================================
22:41:57.0555 1940 !SASCORE - ok
22:41:57.0648 1940 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:41:57.0664 1940 1394ohci - ok
22:41:57.0695 1940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:41:57.0711 1940 ACPI - ok
22:41:57.0711 1940 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:41:57.0726 1940 AcpiPmi - ok
22:41:57.0773 1940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:41:57.0789 1940 adp94xx - ok
22:41:57.0835 1940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:41:57.0851 1940 adpahci - ok
22:41:57.0882 1940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:41:57.0882 1940 adpu320 - ok
22:41:57.0945 1940 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:41:57.0976 1940 AeLookupSvc - ok
22:41:58.0023 1940 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:41:58.0038 1940 AFD - ok
22:41:58.0132 1940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:41:58.0147 1940 agp440 - ok
22:41:58.0147 1940 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:41:58.0163 1940 ALG - ok
22:41:58.0163 1940 Scan interrupted by user!
22:41:58.0163 1940 Scan interrupted by user!
22:41:58.0163 1940 Scan interrupted by user!
22:41:58.0163 1940 ============================================================
22:41:58.0163 1940 Scan finished
22:41:58.0163 1940 ============================================================
22:41:58.0163 3796 Detected object count: 0
22:41:58.0163 3796 Actual detected object count: 0
22:42:00.0955 3032 ============================================================
22:42:00.0955 3032 Scan started
22:42:00.0955 3032 Mode: Manual; SigCheck; TDLFS;
22:42:00.0955 3032 ============================================================
22:42:01.0049 3032 !SASCORE - ok
22:42:01.0096 3032 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:42:01.0111 3032 1394ohci - ok
22:42:01.0143 3032 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:42:01.0158 3032 ACPI - ok
22:42:01.0158 3032 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:42:01.0174 3032 AcpiPmi - ok
22:42:01.0221 3032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:42:01.0236 3032 adp94xx - ok
22:42:01.0267 3032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:42:01.0283 3032 adpahci - ok
22:42:01.0314 3032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:42:01.0330 3032 adpu320 - ok
22:42:01.0361 3032 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:42:01.0392 3032 AeLookupSvc - ok
22:42:01.0439 3032 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:42:01.0455 3032 AFD - ok
22:42:01.0486 3032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:42:01.0501 3032 agp440 - ok
22:42:01.0501 3032 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:42:01.0517 3032 ALG - ok
22:42:01.0517 3032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:42:01.0533 3032 aliide - ok
22:42:01.0564 3032 AMD External Events Utility (893d2125996bb8b92054d743d75fdc09) C:\Windows\system32\atiesrxx.exe
22:42:01.0579 3032 AMD External Events Utility - ok
22:42:01.0595 3032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:42:01.0595 3032 amdide - ok
22:42:01.0611 3032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:42:01.0626 3032 AmdK8 - ok
22:42:02.0001 3032 amdkmdag (6aa57c2c6b586cac8910a142928a79c7) C:\Windows\system32\DRIVERS\atikmdag.sys
22:42:02.0079 3032 amdkmdag - ok
22:42:02.0219 3032 amdkmdap (2705b5af991eff9396109fbe63635fc9) C:\Windows\system32\DRIVERS\atikmpag.sys
22:42:02.0235 3032 amdkmdap - ok
22:42:02.0266 3032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:42:02.0281 3032 AmdPPM - ok
22:42:02.0313 3032 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\DRIVERS\amdsata.sys
22:42:02.0328 3032 amdsata - ok
22:42:02.0344 3032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:42:02.0359 3032 amdsbs - ok
22:42:02.0391 3032 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\DRIVERS\amdxata.sys
22:42:02.0406 3032 amdxata - ok
22:42:02.0406 3032 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:42:02.0422 3032 AppID - ok
22:42:02.0453 3032 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:42:02.0484 3032 AppIDSvc - ok
22:42:02.0500 3032 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:42:02.0515 3032 Appinfo - ok
22:42:02.0625 3032 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:42:02.0640 3032 Apple Mobile Device - ok
22:42:02.0656 3032 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:42:02.0671 3032 arc - ok
22:42:02.0687 3032 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:42:02.0703 3032 arcsas - ok
22:42:02.0718 3032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:02.0749 3032 AsyncMac - ok
22:42:02.0765 3032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:42:02.0765 3032 atapi - ok
22:42:02.0796 3032 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
22:42:02.0812 3032 AtiHdmiService - ok
22:42:02.0874 3032 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:42:02.0921 3032 AudioEndpointBuilder - ok
22:42:02.0921 3032 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:42:02.0968 3032 AudioSrv - ok
22:42:02.0983 3032 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:42:02.0999 3032 AxInstSV - ok
22:42:03.0046 3032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:42:03.0061 3032 b06bdrv - ok
22:42:03.0093 3032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:42:03.0108 3032 b57nd60a - ok
22:42:03.0108 3032 BBDemon (b29c7589d02f1e65b9ed806b2c55d546) D:\Catia\win_b64\code\bin\CATSysDemon.exe
22:42:03.0124 3032 BBDemon ( UnsignedFile.Multi.Generic ) - warning
22:42:03.0124 3032 BBDemon - detected UnsignedFile.Multi.Generic (1)
22:42:03.0389 3032 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:42:03.0451 3032 BCM43XX - ok
22:42:03.0576 3032 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:42:03.0576 3032 BDESVC - ok
22:42:03.0607 3032 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:42:03.0654 3032 Beep - ok
22:42:03.0701 3032 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:42:03.0748 3032 BFE - ok
22:42:03.0826 3032 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
22:42:03.0873 3032 BITS - ok
22:42:03.0919 3032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:42:03.0919 3032 blbdrive - ok
22:42:03.0997 3032 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:42:04.0013 3032 Bonjour Service - ok
22:42:04.0029 3032 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:42:04.0044 3032 bowser - ok
22:42:04.0060 3032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:42:04.0075 3032 BrFiltLo - ok
22:42:04.0075 3032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:42:04.0091 3032 BrFiltUp - ok
22:42:04.0122 3032 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:42:04.0153 3032 Browser - ok
22:42:04.0185 3032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:42:04.0200 3032 Brserid - ok
22:42:04.0216 3032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:42:04.0231 3032 BrSerWdm - ok
22:42:04.0231 3032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:42:04.0247 3032 BrUsbMdm - ok
22:42:04.0247 3032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:42:04.0263 3032 BrUsbSer - ok
22:42:04.0294 3032 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
22:42:04.0309 3032 BthEnum - ok
22:42:04.0325 3032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:42:04.0325 3032 BTHMODEM - ok
22:42:04.0372 3032 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:42:04.0387 3032 BthPan - ok
22:42:04.0434 3032 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
22:42:04.0450 3032 BTHPORT - ok
22:42:04.0481 3032 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:42:04.0512 3032 bthserv - ok
22:42:04.0543 3032 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
22:42:04.0559 3032 BTHUSB - ok
22:42:04.0606 3032 btwampfl (73a1c54749fe4f0019241e36c796ab86) C:\Windows\system32\drivers\btwampfl.sys
22:42:04.0606 3032 btwampfl - ok
22:42:04.0637 3032 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
22:42:04.0653 3032 btwaudio - ok
22:42:04.0668 3032 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
22:42:04.0684 3032 btwavdt - ok
22:42:04.0777 3032 btwdins (4e6ac6475ef653bdffda67a74b9591d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:42:04.0793 3032 btwdins - ok
22:42:04.0840 3032 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:42:04.0840 3032 btwl2cap - ok
22:42:04.0871 3032 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
22:42:04.0871 3032 btwrchid - ok
22:42:04.0902 3032 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:42:04.0933 3032 cdfs - ok
22:42:04.0965 3032 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:42:04.0965 3032 cdrom - ok
22:42:04.0996 3032 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:42:05.0043 3032 CertPropSvc - ok
22:42:05.0043 3032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:42:05.0058 3032 circlass - ok
22:42:05.0121 3032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:42:05.0136 3032 CLFS - ok
22:42:05.0199 3032 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:42:05.0214 3032 clr_optimization_v2.0.50727_32 - ok
22:42:05.0230 3032 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:42:05.0245 3032 clr_optimization_v2.0.50727_64 - ok
22:42:05.0292 3032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:42:05.0292 3032 clr_optimization_v4.0.30319_32 - ok
22:42:05.0339 3032 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:42:05.0355 3032 clr_optimization_v4.0.30319_64 - ok
22:42:05.0370 3032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:42:05.0370 3032 CmBatt - ok
22:42:05.0386 3032 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:42:05.0401 3032 cmdide - ok
22:42:05.0448 3032 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
22:42:05.0464 3032 CNG - ok
22:42:05.0479 3032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:42:05.0495 3032 Compbatt - ok
22:42:05.0511 3032 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:42:05.0526 3032 CompositeBus - ok
22:42:05.0526 3032 COMSysApp - ok
22:42:05.0542 3032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:42:05.0557 3032 crcdisk - ok
22:42:05.0604 3032 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
22:42:05.0620 3032 CryptSvc - ok
22:42:05.0667 3032 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:42:05.0713 3032 DcomLaunch - ok
22:42:05.0776 3032 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:42:05.0807 3032 defragsvc - ok
22:42:05.0838 3032 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:42:05.0854 3032 DfsC - ok
22:42:05.0885 3032 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:42:05.0901 3032 Dhcp - ok
22:42:05.0932 3032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:42:05.0979 3032 discache - ok
22:42:05.0979 3032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:42:05.0994 3032 Disk - ok
22:42:06.0025 3032 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:42:06.0041 3032 Dnscache - ok
22:42:06.0072 3032 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:42:06.0119 3032 dot3svc - ok
22:42:06.0135 3032 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:42:06.0166 3032 DPS - ok
22:42:06.0197 3032 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:42:06.0197 3032 drmkaud - ok
22:42:06.0275 3032 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:42:06.0291 3032 DsiWMIService - ok
22:42:06.0322 3032 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:42:06.0337 3032 dtsoftbus01 - ok
22:42:06.0415 3032 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
22:42:06.0431 3032 DXGKrnl - ok
22:42:06.0447 3032 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:42:06.0462 3032 E1G60 - ok
22:42:06.0494 3032 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:42:06.0525 3032 EapHost - ok
22:42:06.0728 3032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:42:06.0774 3032 ebdrv - ok
22:42:06.0884 3032 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:42:06.0899 3032 EFS - ok
22:42:06.0977 3032 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:42:06.0993 3032 ehRecvr - ok
22:42:07.0040 3032 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:42:07.0055 3032 ehSched - ok
22:42:07.0133 3032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:42:07.0149 3032 elxstor - ok
22:42:07.0258 3032 ePowerSvc (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
22:42:07.0274 3032 ePowerSvc - ok
22:42:07.0398 3032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:42:07.0414 3032 ErrDev - ok
22:42:07.0461 3032 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:42:07.0508 3032 EventSystem - ok
22:42:07.0523 3032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:42:07.0570 3032 exfat - ok
22:42:07.0586 3032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:42:07.0617 3032 fastfat - ok
22:42:07.0679 3032 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:42:07.0695 3032 Fax - ok
22:42:07.0710 3032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:42:07.0710 3032 fdc - ok
22:42:07.0757 3032 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:42:07.0788 3032 fdPHost - ok
22:42:07.0804 3032 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:42:07.0851 3032 FDResPub - ok
22:42:07.0851 3032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:42:07.0866 3032 FileInfo - ok
22:42:07.0882 3032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:42:07.0913 3032 Filetrace - ok
22:42:07.0929 3032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:42:07.0944 3032 flpydisk - ok
22:42:07.0976 3032 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:42:07.0991 3032 FltMgr - ok
22:42:08.0069 3032 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
22:42:08.0116 3032 FontCache - ok
22:42:08.0210 3032 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:42:08.0210 3032 FontCache3.0.0.0 - ok
22:42:08.0256 3032 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:42:08.0272 3032 FsDepends - ok
22:42:08.0288 3032 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:42:08.0303 3032 Fs_Rec - ok
22:42:08.0334 3032 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:42:08.0350 3032 fvevol - ok
22:42:08.0381 3032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:42:08.0381 3032 gagp30kx - ok
22:42:08.0412 3032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:42:08.0428 3032 GEARAspiWDM - ok
22:42:08.0490 3032 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:42:08.0522 3032 gpsvc - ok
22:42:08.0584 3032 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:42:08.0584 3032 GREGService - ok
22:42:08.0615 3032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:42:08.0615 3032 hcw85cir - ok
22:42:08.0662 3032 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:42:08.0678 3032 HdAudAddService - ok
22:42:08.0709 3032 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:42:08.0724 3032 HDAudBus - ok
22:42:08.0756 3032 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:42:08.0756 3032 HECIx64 - ok
22:42:08.0771 3032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:42:08.0787 3032 HidBatt - ok
22:42:08.0802 3032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:42:08.0818 3032 HidBth - ok
22:42:08.0818 3032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:42:08.0834 3032 HidIr - ok
22:42:08.0865 3032 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:42:08.0896 3032 hidserv - ok
22:42:08.0912 3032 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:42:08.0943 3032 HidUsb - ok
22:42:08.0958 3032 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:42:09.0021 3032 hkmsvc - ok
22:42:09.0036 3032 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:42:09.0052 3032 HomeGroupListener - ok
22:42:09.0114 3032 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:42:09.0146 3032 HomeGroupProvider - ok
22:42:09.0177 3032 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:42:09.0192 3032 HpSAMD - ok
22:42:09.0270 3032 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:42:09.0333 3032 HTTP - ok
22:42:09.0364 3032 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:42:09.0380 3032 hwpolicy - ok
22:42:09.0395 3032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:42:09.0411 3032 i8042prt - ok
22:42:09.0458 3032 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
22:42:09.0473 3032 iaStor - ok
22:42:09.0582 3032 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:42:09.0598 3032 IAStorDataMgrSvc - ok
22:42:09.0660 3032 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\DRIVERS\iaStorV.sys
22:42:09.0692 3032 iaStorV - ok
22:42:09.0832 3032 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:42:09.0879 3032 idsvc - ok
22:42:09.0926 3032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:42:09.0926 3032 iirsp - ok
22:42:10.0004 3032 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:42:10.0050 3032 IKEEXT - ok
22:42:10.0097 3032 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
22:42:10.0113 3032 Impcd - ok
22:42:10.0269 3032 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
22:42:10.0316 3032 IntcAzAudAddService - ok
22:42:10.0456 3032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:42:10.0456 3032 intelide - ok
22:42:11.0080 3032 intelkmd (b744e1375cd1db3eb7b89781b8c93d9f) C:\Windows\system32\DRIVERS\igdpmd64.sys
22:42:11.0345 3032 intelkmd - ok
22:42:11.0486 3032 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:42:11.0501 3032 intelppm - ok
22:42:11.0532 3032 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:42:11.0595 3032 IPBusEnum - ok
22:42:11.0642 3032 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:11.0688 3032 IpFilterDriver - ok
22:42:11.0751 3032 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:42:11.0813 3032 iphlpsvc - ok
22:42:11.0829 3032 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:42:11.0844 3032 IPMIDRV - ok
22:42:11.0860 3032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:42:11.0907 3032 IPNAT - ok
22:42:12.0047 3032 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:42:12.0078 3032 iPod Service - ok
22:42:12.0110 3032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:42:12.0125 3032 IRENUM - ok
22:42:12.0188 3032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:42:12.0188 3032 isapnp - ok
22:42:12.0219 3032 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:42:12.0234 3032 iScsiPrt - ok
22:42:12.0266 3032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:12.0281 3032 kbdclass - ok
22:42:12.0297 3032 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:12.0328 3032 kbdhid - ok
22:42:12.0359 3032 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:12.0359 3032 KeyIso - ok
22:42:12.0375 3032 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
22:42:12.0390 3032 KSecDD - ok
22:42:12.0422 3032 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
22:42:12.0422 3032 KSecPkg - ok
22:42:12.0453 3032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:42:12.0500 3032 ksthunk - ok
22:42:12.0546 3032 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:42:12.0624 3032 KtmRm - ok
22:42:12.0656 3032 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:42:12.0671 3032 L1C - ok
22:42:12.0702 3032 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
22:42:12.0749 3032 LanmanServer - ok
22:42:12.0780 3032 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:42:12.0827 3032 LanmanWorkstation - ok
22:42:12.0858 3032 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:42:12.0890 3032 lltdio - ok
22:42:12.0921 3032 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:42:12.0983 3032 lltdsvc - ok
22:42:12.0999 3032 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:42:13.0030 3032 lmhosts - ok
22:42:13.0139 3032 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:42:13.0155 3032 LMS - ok
22:42:13.0186 3032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:42:13.0202 3032 LSI_FC - ok
22:42:13.0233 3032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:42:13.0248 3032 LSI_SAS - ok
22:42:13.0248 3032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:42:13.0264 3032 LSI_SAS2 - ok
22:42:13.0280 3032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:42:13.0295 3032 LSI_SCSI - ok
22:42:13.0326 3032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:42:13.0389 3032 luafv - ok
22:42:13.0451 3032 LUMDriver (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
22:42:13.0467 3032 LUMDriver - ok
22:42:13.0498 3032 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:42:13.0514 3032 Mcx2Svc - ok
22:42:13.0529 3032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:42:13.0545 3032 megasas - ok
22:42:13.0576 3032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:42:13.0592 3032 MegaSR - ok
22:42:13.0716 3032 Microsoft SharePoint Workspace Audit Service - ok
22:42:13.0748 3032 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:42:13.0794 3032 MMCSS - ok
22:42:13.0810 3032 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:42:13.0872 3032 Modem - ok
22:42:13.0904 3032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:42:13.0919 3032 monitor - ok
22:42:13.0966 3032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:42:13.0966 3032 mouclass - ok
22:42:13.0982 3032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:42:13.0997 3032 mouhid - ok
22:42:14.0028 3032 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:42:14.0044 3032 mountmgr - ok
22:42:14.0060 3032 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:42:14.0075 3032 mpio - ok
22:42:14.0106 3032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:42:14.0138 3032 mpsdrv - ok
22:42:14.0200 3032 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:42:14.0278 3032 MpsSvc - ok
22:42:14.0294 3032 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:42:14.0309 3032 MRxDAV - ok
22:42:14.0356 3032 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:14.0356 3032 mrxsmb - ok
22:42:14.0387 3032 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:14.0418 3032 mrxsmb10 - ok
22:42:14.0434 3032 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:14.0465 3032 mrxsmb20 - ok
22:42:14.0496 3032 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:42:14.0496 3032 msahci - ok
22:42:14.0512 3032 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:42:14.0528 3032 msdsm - ok
22:42:14.0559 3032 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:42:14.0574 3032 MSDTC - ok
22:42:14.0606 3032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:42:14.0637 3032 Msfs - ok
22:42:14.0652 3032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:42:14.0684 3032 mshidkmdf - ok
22:42:14.0699 3032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:42:14.0715 3032 msisadrv - ok
22:42:14.0746 3032 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:42:14.0793 3032 MSiSCSI - ok
22:42:14.0793 3032 msiserver - ok
22:42:14.0808 3032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:42:14.0871 3032 MSKSSRV - ok
22:42:14.0871 3032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:14.0918 3032 MSPCLOCK - ok
22:42:14.0918 3032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:42:14.0980 3032 MSPQM - ok
22:42:15.0011 3032 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:42:15.0042 3032 MsRPC - ok
22:42:15.0058 3032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:42:15.0058 3032 mssmbios - ok
22:42:15.0074 3032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:42:15.0120 3032 MSTEE - ok
22:42:15.0152 3032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:42:15.0167 3032 MTConfig - ok
22:42:15.0183 3032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:42:15.0198 3032 Mup - ok
22:42:15.0214 3032 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:42:15.0230 3032 mwlPSDFilter - ok
22:42:15.0230 3032 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:42:15.0245 3032 mwlPSDNServ - ok
22:42:15.0245 3032 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:42:15.0261 3032 mwlPSDVDisk - ok
22:42:15.0339 3032 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
22:42:15.0370 3032 MWLService - ok
22:42:15.0417 3032 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:42:15.0464 3032 napagent - ok
22:42:15.0510 3032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:42:15.0557 3032 NativeWifiP - ok
22:42:15.0651 3032 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:42:15.0713 3032 NDIS - ok
22:42:15.0729 3032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:42:15.0776 3032 NdisCap - ok
22:42:15.0791 3032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:15.0838 3032 NdisTapi - ok
22:42:15.0885 3032 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:15.0932 3032 Ndisuio - ok
22:42:15.0963 3032 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:15.0994 3032 NdisWan - ok
22:42:16.0025 3032 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:42:16.0072 3032 NDProxy - ok
22:42:16.0088 3032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:42:16.0134 3032 NetBIOS - ok
22:42:16.0166 3032 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:42:16.0212 3032 NetBT - ok
22:42:16.0244 3032 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:16.0259 3032 Netlogon - ok
22:42:16.0322 3032 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:42:16.0384 3032 Netman - ok
22:42:16.0431 3032 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:42:16.0478 3032 netprofm - ok
22:42:16.0571 3032 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:42:16.0587 3032 NetTcpPortSharing - ok
22:42:16.0634 3032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:42:16.0649 3032 nfrd960 - ok
22:42:16.0743 3032 NitroDriverReadSpool2 (a397db10e516b0cea8acf30a7be89645) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
22:42:16.0758 3032 NitroDriverReadSpool2 - ok
22:42:16.0805 3032 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:42:16.0868 3032 NlaSvc - ok
22:42:17.0102 3032 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
22:42:17.0195 3032 NOBU - ok
22:42:17.0304 3032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:42:17.0351 3032 Npfs - ok
22:42:17.0382 3032 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:42:17.0429 3032 nsi - ok
22:42:17.0460 3032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:42:17.0492 3032 nsiproxy - ok
22:42:17.0616 3032 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:42:17.0679 3032 Ntfs - ok
22:42:17.0772 3032 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:42:17.0804 3032 NTI IScheduleSvc - ok
22:42:17.0835 3032 NTIBackupSvc (28c59f594044cbf8598b18c927097091) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:42:17.0850 3032 NTIBackupSvc - ok
22:42:17.0960 3032 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
22:42:17.0960 3032 NTIDrvr - ok
22:42:18.0006 3032 NTISchedulerSvc (b8d903b2894ff9afbd99ca51c35590d7) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:42:18.0069 3032 NTISchedulerSvc - ok
22:42:18.0100 3032 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:42:18.0147 3032 Null - ok
22:42:18.0209 3032 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\DRIVERS\nvraid.sys
22:42:18.0225 3032 nvraid - ok
22:42:18.0240 3032 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\DRIVERS\nvstor.sys
22:42:18.0256 3032 nvstor - ok
22:42:18.0303 3032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:42:18.0318 3032 nv_agp - ok
22:42:18.0396 3032 ODDPwrSvc (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
22:42:18.0412 3032 ODDPwrSvc - ok
22:42:18.0412 3032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:42:18.0428 3032 ohci1394 - ok
22:42:18.0521 3032 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:42:18.0521 3032 ose - ok
22:42:18.0911 3032 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:42:19.0067 3032 osppsvc - ok
22:42:19.0208 3032 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:42:19.0254 3032 p2pimsvc - ok
22:42:19.0301 3032 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:42:19.0332 3032 p2psvc - ok
22:42:19.0395 3032 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:42:19.0410 3032 Parport - ok
22:42:19.0457 3032 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
22:42:19.0457 3032 partmgr - ok
22:42:19.0504 3032 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:42:19.0551 3032 PcaSvc - ok
22:42:19.0582 3032 PCDSRVC{4368CD8C-93337D26-06020200}_0 - ok
22:42:19.0613 3032 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:42:19.0629 3032 pci - ok
22:42:19.0644 3032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:42:19.0660 3032 pciide - ok
22:42:19.0691 3032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:42:19.0707 3032 pcmcia - ok
22:42:19.0738 3032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:42:19.0738 3032 pcw - ok
22:42:19.0800 3032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:42:19.0894 3032 PEAUTH - ok
22:42:19.0972 3032 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:42:19.0988 3032 PerfHost - ok
22:42:20.0081 3032 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:42:20.0175 3032 pla - ok
22:42:20.0222 3032 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:42:20.0268 3032 PlugPlay - ok
22:42:20.0300 3032 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:42:20.0315 3032 PNRPAutoReg - ok
22:42:20.0362 3032 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:42:20.0378 3032 PNRPsvc - ok
22:42:20.0440 3032 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:42:20.0502 3032 PolicyAgent - ok
22:42:20.0534 3032 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:42:20.0596 3032 Power - ok
22:42:20.0658 3032 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:42:20.0705 3032 PptpMiniport - ok
22:42:20.0721 3032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:42:20.0752 3032 Processor - ok
22:42:20.0783 3032 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
22:42:20.0830 3032 ProfSvc - ok
22:42:20.0846 3032 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:20.0861 3032 ProtectedStorage - ok
22:42:20.0892 3032 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:42:20.0939 3032 Psched - ok
22:42:21.0048 3032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:42:21.0095 3032 ql2300 - ok
22:42:21.0189 3032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:42:21.0204 3032 ql40xx - ok
22:42:21.0251 3032 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:42:21.0282 3032 QWAVE - ok
22:42:21.0298 3032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:42:21.0314 3032 QWAVEdrv - ok
22:42:21.0329 3032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:42:21.0376 3032 RasAcd - ok
22:42:21.0423 3032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:42:21.0454 3032 RasAgileVpn - ok
22:42:21.0485 3032 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:42:21.0548 3032 RasAuto - ok
22:42:21.0563 3032 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:21.0610 3032 Rasl2tp - ok
22:42:21.0641 3032 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:42:21.0704 3032 RasMan - ok
22:42:21.0735 3032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:21.0782 3032 RasPppoe - ok
22:42:21.0813 3032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:42:21.0860 3032 RasSstp - ok
22:42:21.0875 3032 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:42:21.0922 3032 rdbss - ok
22:42:21.0953 3032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:42:21.0969 3032 rdpbus - ok
22:42:21.0984 3032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:22.0016 3032 RDPCDD - ok
22:42:22.0031 3032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:42:22.0094 3032 RDPENCDD - ok
22:42:22.0109 3032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:42:22.0140 3032 RDPREFMP - ok
22:42:22.0187 3032 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
22:42:22.0203 3032 RDPWD - ok
22:42:22.0250 3032 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
22:42:22.0265 3032 rdyboost - ok
22:42:22.0296 3032 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:42:22.0359 3032 RemoteAccess - ok
22:42:22.0390 3032 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:42:22.0437 3032 RemoteRegistry - ok
22:42:22.0484 3032 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:42:22.0499 3032 RFCOMM - ok
22:42:22.0577 3032 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
22:42:22.0593 3032 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:42:22.0593 3032 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:42:22.0624 3032 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:42:22.0671 3032 RpcEptMapper - ok
22:42:22.0686 3032 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:42:22.0702 3032 RpcLocator - ok
22:42:22.0749 3032 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:42:22.0780 3032 RpcSs - ok
22:42:22.0827 3032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:42:22.0874 3032 rspndr - ok
22:42:22.0936 3032 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
22:42:22.0952 3032 RS_Service - ok
22:42:22.0967 3032 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:22.0983 3032 SamSs - ok
22:42:23.0014 3032 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:42:23.0030 3032 sbp2port - ok
22:42:23.0170 3032 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:42:23.0201 3032 SBSDWSCService - ok
22:42:23.0232 3032 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:42:23.0279 3032 SCardSvr - ok
22:42:23.0326 3032 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:42:23.0373 3032 scfilter - ok
22:42:23.0451 3032 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:42:23.0498 3032 Schedule - ok
22:42:23.0529 3032 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:42:23.0576 3032 SCPolicySvc - ok
22:42:23.0591 3032 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:42:23.0638 3032 SDRSVC - ok
22:42:23.0700 3032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:42:23.0732 3032 secdrv - ok
22:42:23.0747 3032 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:42:23.0794 3032 seclogon - ok
22:42:23.0810 3032 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:42:23.0856 3032 SENS - ok
22:42:23.0888 3032 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:42:23.0919 3032 SensrSvc - ok
22:42:23.0950 3032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:42:23.0966 3032 Serenum - ok
22:42:23.0997 3032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:42:24.0012 3032 Serial - ok
22:42:24.0044 3032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:42:24.0075 3032 sermouse - ok
22:42:24.0106 3032 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:42:24.0137 3032 SessionEnv - ok
22:42:24.0137 3032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:42:24.0153 3032 sffdisk - ok
22:42:24.0168 3032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:42:24.0184 3032 sffp_mmc - ok
22:42:24.0184 3032 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:42:24.0215 3032 sffp_sd - ok
22:42:24.0231 3032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:42:24.0231 3032 sfloppy - ok
22:42:24.0278 3032 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:42:24.0324 3032 SharedAccess - ok
22:42:24.0371 3032 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:42:24.0418 3032 ShellHWDetection - ok
22:42:24.0434 3032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:42:24.0449 3032 SiSRaid2 - ok
22:42:24.0480 3032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:42:24.0480 3032 SiSRaid4 - ok
22:42:24.0590 3032 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:42:24.0605 3032 SkypeUpdate - ok
22:42:24.0636 3032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:42:24.0668 3032 Smb - ok
22:42:24.0714 3032 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:42:24.0746 3032 SNMPTRAP - ok
22:42:24.0808 3032 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
22:42:24.0824 3032 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
22:42:24.0824 3032 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
22:42:24.0855 3032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:42:24.0855 3032 spldr - ok
22:42:24.0917 3032 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:42:24.0964 3032 Spooler - ok
22:42:25.0229 3032 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:42:25.0338 3032 sppsvc - ok
22:42:25.0463 3032 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:42:25.0510 3032 sppuinotify - ok
22:42:25.0557 3032 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:42:25.0588 3032 srv - ok
22:42:25.0635 3032 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:42:25.0666 3032 srv2 - ok
22:42:25.0697 3032 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:42:25.0728 3032 srvnet - ok
22:42:25.0760 3032 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:42:25.0822 3032 SSDPSRV - ok
22:42:25.0853 3032 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:42:25.0900 3032 SstpSvc - ok
22:42:25.0962 3032 Steam Client Service - ok
22:42:25.0978 3032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:42:25.0994 3032 stexstor - ok
22:42:26.0056 3032 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:42:26.0087 3032 stisvc - ok
22:42:26.0103 3032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:42:26.0103 3032 swenum - ok
22:42:26.0150 3032 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:42:26.0212 3032 swprv - ok
22:42:26.0274 3032 SynTP (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys
22:42:26.0290 3032 SynTP - ok
22:42:26.0399 3032 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:42:26.0477 3032 SysMain - ok
22:42:26.0586 3032 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:42:26.0602 3032 TabletInputService - ok
22:42:26.0649 3032 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:42:26.0696 3032 TapiSrv - ok
22:42:26.0742 3032 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:42:26.0789 3032 TBS - ok
22:42:26.0961 3032 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
22:42:27.0039 3032 Tcpip - ok
22:42:27.0257 3032 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
22:42:27.0288 3032 TCPIP6 - ok
22:42:27.0366 3032 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:42:27.0413 3032 tcpipreg - ok
22:42:27.0429 3032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:42:27.0444 3032 TDPIPE - ok
22:42:27.0460 3032 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:42:27.0491 3032 TDTCP - ok
22:42:27.0507 3032 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:42:27.0554 3032 tdx - ok
22:42:27.0585 3032 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:42:27.0585 3032 TermDD - ok
22:42:27.0647 3032 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:42:27.0725 3032 TermService - ok
22:42:27.0756 3032 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:42:27.0772 3032 Themes - ok
22:42:27.0803 3032 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:42:27.0850 3032 THREADORDER - ok
22:42:27.0866 3032 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:42:27.0928 3032 TrkWks - ok
22:42:27.0975 3032 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:42:27.0990 3032 TrustedInstaller - ok
22:42:28.0006 3032 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:42:28.0053 3032 tssecsrv - ok
22:42:28.0115 3032 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:42:28.0162 3032 tunnel - ok
22:42:28.0193 3032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:42:28.0209 3032 uagp35 - ok
22:42:28.0224 3032 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
22:42:28.0240 3032 UBHelper - ok
22:42:28.0271 3032 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:42:28.0334 3032 udfs - ok
22:42:28.0365 3032 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:42:28.0380 3032 UI0Detect - ok
22:42:28.0412 3032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:42:28.0427 3032 uliagpkx - ok
22:42:28.0458 3032 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:42:28.0474 3032 umbus - ok
22:42:28.0474 3032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:42:28.0490 3032 UmPass - ok
22:42:28.0739 3032 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:42:28.0833 3032 UNS - ok
22:42:28.0880 3032 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:42:28.0911 3032 Updater Service - ok
22:42:29.0036 3032 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:42:29.0082 3032 upnphost - ok
22:42:29.0129 3032 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:42:29.0145 3032 USBAAPL64 - ok
22:42:29.0192 3032 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
22:42:29.0223 3032 usbccgp - ok
22:42:29.0254 3032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:42:29.0285 3032 usbcir - ok
22:42:29.0301 3032 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
22:42:29.0316 3032 usbehci - ok
22:42:29.0348 3032 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:42:29.0379 3032 usbhub - ok
22:42:29.0394 3032 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
22:42:29.0410 3032 usbohci - ok
22:42:29.0441 3032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:42:29.0457 3032 usbprint - ok
22:42:29.0504 3032 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:42:29.0519 3032 usbscan - ok
22:42:29.0550 3032 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:42:29.0582 3032 USBSTOR - ok
22:42:29.0597 3032 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:42:29.0613 3032 usbuhci - ok
22:42:29.0660 3032 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
22:42:29.0691 3032 usbvideo - ok
22:42:29.0706 3032 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:42:29.0753 3032 UxSms - ok
22:42:29.0769 3032 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:29.0784 3032 VaultSvc - ok
22:42:29.0816 3032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:42:29.0831 3032 vdrvroot - ok
22:42:29.0878 3032 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:42:29.0909 3032 vds - ok
22:42:29.0940 3032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:42:29.0956 3032 vga - ok
22:42:29.0956 3032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:42:30.0018 3032 VgaSave - ok
22:42:30.0034 3032 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:42:30.0050 3032 vhdmp - ok
22:42:30.0065 3032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:42:30.0081 3032 viaide - ok
22:42:30.0096 3032 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:42:30.0112 3032 volmgr - ok
22:42:30.0128 3032 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:42:30.0159 3032 volmgrx - ok
22:42:30.0174 3032 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:42:30.0190 3032 volsnap - ok
22:42:30.0237 3032 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
22:42:30.0252 3032 vpcbus - ok
22:42:30.0315 3032 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
22:42:30.0315 3032 vpcnfltr - ok
22:42:30.0346 3032 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
22:42:30.0362 3032 vpcusb - ok
22:42:30.0393 3032 vpcuxd (14578ff302b4c985c9740a0f327ae3c0) C:\Windows\system32\DRIVERS\vpcuxd.sys
22:42:30.0408 3032 vpcuxd - ok
22:42:30.0518 3032 vpcvmm (a5d16559d80cfa1dcb98f46410be5551) C:\Windows\system32\drivers\vpcvmm.sys
22:42:30.0533 3032 vpcvmm - ok
22:42:30.0564 3032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:42:30.0580 3032 vsmraid - ok
22:42:30.0689 3032 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:42:30.0767 3032 VSS - ok
22:42:30.0892 3032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:42:30.0908 3032 vwifibus - ok
22:42:30.0923 3032 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:42:30.0954 3032 vwififlt - ok
22:42:31.0032 3032 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:42:31.0079 3032 W32Time - ok
22:42:31.0110 3032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:42:31.0110 3032 WacomPen - ok
22:42:31.0157 3032 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:42:31.0204 3032 WANARP - ok
22:42:31.0235 3032 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:42:31.0266 3032 Wanarpv6 - ok
22:42:31.0376 3032 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:42:31.0438 3032 wbengine - ok
22:42:31.0563 3032 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:42:31.0578 3032 WbioSrvc - ok
22:42:31.0641 3032 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:42:31.0672 3032 wcncsvc - ok
22:42:31.0703 3032 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:42:31.0734 3032 WcsPlugInService - ok
22:42:31.0766 3032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:42:31.0781 3032 Wd - ok
22:42:31.0828 3032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:42:31.0875 3032 Wdf01000 - ok
22:42:31.0890 3032 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:42:31.0922 3032 WdiServiceHost - ok
22:42:31.0922 3032 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:42:31.0937 3032 WdiSystemHost - ok
22:42:31.0984 3032 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:42:32.0000 3032 WebClient - ok
22:42:32.0046 3032 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:42:32.0093 3032 Wecsvc - ok
22:42:32.0109 3032 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:42:32.0171 3032 wercplsupport - ok
22:42:32.0218 3032 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:42:32.0249 3032 WerSvc - ok
22:42:32.0312 3032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:42:32.0358 3032 WfpLwf - ok
22:42:32.0374 3032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:42:32.0390 3032 WIMMount - ok
22:42:32.0436 3032 WinDefend - ok
22:42:32.0436 3032 WinHttpAutoProxySvc - ok
22:42:32.0499 3032 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:42:32.0561 3032 Winmgmt - ok
22:42:32.0702 3032 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:42:32.0811 3032 WinRM - ok
22:42:32.0967 3032 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:42:32.0982 3032 WinUsb - ok
22:42:33.0060 3032 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:42:33.0107 3032 Wlansvc - ok
22:42:33.0138 3032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:42:33.0154 3032 WmiAcpi - ok
22:42:33.0216 3032 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:42:33.0248 3032 wmiApSrv - ok
22:42:33.0310 3032 WMPNetworkSvc - ok
22:42:33.0326 3032 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:42:33.0341 3032 WPCSvc - ok
22:42:33.0372 3032 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:42:33.0388 3032 WPDBusEnum - ok
22:42:33.0404 3032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:42:33.0450 3032 ws2ifsl - ok
22:42:33.0497 3032 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
22:42:33.0513 3032 wscsvc - ok
22:42:33.0513 3032 WSearch - ok
22:42:33.0700 3032 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:42:33.0778 3032 wuauserv - ok
22:42:33.0887 3032 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:42:33.0934 3032 WudfPf - ok
22:42:33.0965 3032 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:42:34.0012 3032 WUDFRd - ok
22:42:34.0043 3032 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:42:34.0090 3032 wudfsvc - ok
22:42:34.0106 3032 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:42:34.0152 3032 WwanSvc - ok
22:42:34.0184 3032 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:42:34.0605 3032 \Device\Harddisk0\DR0 - ok
22:42:34.0605 3032 Boot (0x1200) (d0d84bb9aee7f06b69e0dede2f8bca09) \Device\Harddisk0\DR0\Partition0
22:42:34.0605 3032 \Device\Harddisk0\DR0\Partition0 - ok
22:42:34.0620 3032 Boot (0x1200) (e6e66f7b79514a7c36ea1332ac150930) \Device\Harddisk0\DR0\Partition1
22:42:34.0620 3032 \Device\Harddisk0\DR0\Partition1 - ok
22:42:34.0652 3032 Boot (0x1200) (4383c5daddf758338ef42b4d758af45a) \Device\Harddisk0\DR0\Partition2
22:42:34.0652 3032 \Device\Harddisk0\DR0\Partition2 - ok
22:42:34.0652 3032 ============================================================
22:42:34.0652 3032 Scan finished
22:42:34.0652 3032 ============================================================
22:42:34.0667 3344 Detected object count: 3
22:42:34.0667 3344 Actual detected object count: 3
22:43:20.0090 3344 BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:20.0090 3344 BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:43:20.0106 3344 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:20.0107 3344 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:43:20.0108 3344 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:20.0108 3344 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.07.2012, 21:49
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam-Emails Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 22:05
| #13 |
| | Verschicke Spam-EmailsCode:
ATTFilter ComboFix 12-07-05.04 - *** 05.07.2012 22:56:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.2369 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1330623337.bdinstall.bin
c:\programdata\1339683897.bdinstall.bin
c:\programdata\1339695481.bdinstall.bin
c:\programdata\1341519068.bdinstall.bin
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-05 bis 2012-07-05 ))))))))))))))))))))))))))))))
.
.
2012-07-05 21:00 . 2012-07-05 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 20:13 . 2012-07-05 20:13 -------- d-----w- C:\_OTL
2012-06-25 18:56 . 2012-06-25 18:56 -------- d-----w- c:\program files (x86)\SopCast
2012-06-25 18:44 . 2012-06-25 18:44 -------- d-----w- c:\users\***\Neuer Ordner
2012-06-21 13:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 13:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 13:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 13:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 13:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 13:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 13:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 13:12 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 13:12 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 17:55 . 2012-06-14 17:55 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-06-14 17:51 . 2012-06-14 17:51 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-06-13 17:25 . 2012-06-13 17:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-13 15:02 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 15:02 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:02 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:02 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:02 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 15:02 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:02 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 15:02 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 15:02 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:02 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 15:02 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 15:01 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:01 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:01 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:01 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 15:01 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 15:01 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-10 07:49 . 2012-06-10 07:49 -------- d-----w- c:\program files (x86)\ESET
2012-06-10 03:24 . 2012-06-10 03:24 -------- d-----w- c:\users\***\AppData\Roaming\ATI
2012-06-10 03:24 . 2012-06-10 03:24 -------- d-----w- c:\users\***\AppData\Local\ATI
2012-06-10 03:24 . 2012-06-10 03:24 -------- d-----w- c:\programdata\ATI
2012-06-09 23:59 . 2012-06-09 23:59 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-06-09 23:56 . 2012-06-09 23:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-09 21:28 . 2012-06-09 21:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-09 21:28 . 2012-06-09 21:29 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-06 21:13 . 2012-06-06 22:48 -------- d-----w- c:\users\***\AppData\Local\libimobiledevice
2012-06-05 23:39 . 2012-06-05 23:39 -------- d-----w- c:\users\***\AppData\Roaming\redsn0w
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 15:14 . 2012-04-12 15:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-12 03:55 . 2012-04-17 18:40 29704 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-04-12 03:55 . 2012-04-17 18:40 17928 ----a-w- c:\windows\system32\nitrolocalui2.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-25 124136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Reader Application Helper"="d:\sony-reader\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2009-07-14 301568]
"{90140000-001A-0407-0000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2009-07-14 301568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-25 342056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 39464]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 PCDSRVC{4368CD8C-93337D26-06020200}_0;PCDSRVC{4368CD8C-93337D26-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\jqwxx6w79qb1\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-04-12 204296]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-12 283200]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2008-01-02 24848]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-20 203264]
S2 BBDemon;Backbone Service;d:\catia\win_b64\code\bin\CATSysDemon.exe [2010-02-19 46592]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6856704]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 264704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-20 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 09876365
*Deregistered* - 09876365
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-01 17:35]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-01 17:35]
.
2012-07-05 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\dhbw\Matlab\bin\win64\MATLABStartupAccelerator.exe [2012-04-12 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-20 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{4368CD8C-93337D26-06020200}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\jqwxx6w79qb1\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-05 23:02:30
ComboFix-quarantined-files.txt 2012-07-05 21:02
.
Vor Suchlauf: 9 Verzeichnis(se), 166.176.251.904 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 165.802.123.264 Bytes frei
.
- - End Of File - - 7CD7201DD60115B4455F8C8BFD9FF203
|
|
06.07.2012, 08:54
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam-Emails Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Verschicke Spam-Emails |
| alle kontakte, autorun, bho, bingbar, bonjour, browser, computer, e-mail, e-mail account, ebay, error, firefox, flash player, hijack, hijackthis, home, igdpmd64.sys, install.exe, launch, locker, logfile, mail delivery, microsoft office word, mywinlocker, nemesis, nicht sicher, ntdll.dll, outlook 2010, plug-in, realtek, registry, richtlinie, rundll, safer networking, searchscopes, senden, server, software, svchost.exe, symantec, system, warnung, windows |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
