| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ständig neue Trojaner-Funde in C:User/user/AppDataWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.07.2012, 15:19
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  ständig neue Trojaner-Funde in C:User/user/AppData Mach wieder ein neues OTL-Log wie o.g.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.07.2012, 09:51
| #17 |
 | ständig neue Trojaner-Funde in C:User/user/AppData Soooo......jetzt aber
__________________ Die OTL-Log: Code:
ATTFilter OTL logfile created on: 19.07.2012 10:27:19 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = c:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,59% Memory free
4,23 Gb Paging File | 2,57 Gb Available in Paging File | 60,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,19 Gb Total Space | 45,29 Gb Free Space | 41,48% Space Free | Partition Type: NTFS
Drive D: | 105,69 Gb Total Space | 105,14 Gb Free Space | 99,48% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.16 15:44:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- c:\Users\user\Downloads\OTL (1).exe
PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
PRC - [2009.03.03 04:38:13 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2009.02.09 18:13:55 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.09.19 15:06:42 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Programme\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008.03.24 19:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.02.25 18:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.02.25 18:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.01.24 04:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.24 04:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2008.01.22 12:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.12.20 12:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.12.20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.11.27 19:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.11.22 10:01:00 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.11.22 10:01:00 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.11.14 10:51:06 | 001,216,512 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2007.10.10 07:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007.10.01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.09.28 20:18:24 | 000,233,472 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.09.20 14:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.09.10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.06 13:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.03.29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.03.27 13:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\acp2HID.exe
========== Modules (No Company Name) ==========
MOD - [2011.10.05 13:43:51 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.06.17 15:43:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.06.17 15:40:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.06.17 15:40:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.17 15:40:25 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011.06.17 15:40:23 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.06.17 15:39:46 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll
MOD - [2011.06.17 15:39:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.17 15:07:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.17 15:07:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.17 15:07:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.17 15:07:12 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011.06.17 15:06:07 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.17 15:05:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.01.21 04:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008.01.09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008.01.09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008.01.03 03:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007.12.20 14:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007.12.20 14:58:00 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2007.12.20 12:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007.12.19 19:09:40 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.12.19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.12.19 19:08:56 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.12.19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.12.19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.12.19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.10.10 07:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007.09.20 15:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007.09.11 12:12:08 | 000,475,136 | ---- | M] () -- C:\Programme\Acer\Acer VCM\AcerControl.dll
MOD - [2007.09.11 10:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007.04.17 11:43:22 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
MOD - [2007.03.29 14:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 13:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.03.22 12:51:56 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll
MOD - [2007.02.13 07:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.08.24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.02.25 18:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.11.27 19:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.11.22 10:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.10.01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.09.28 20:18:24 | 000,233,472 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.09.20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.09.10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DKbFltr.sys -- (DKbFltr)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.10.23 14:08:54 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008.10.09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.03.11 04:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.15 18:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.24 04:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008.01.24 04:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.04 18:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.10.31 04:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.03 11:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.06.12 11:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\URLSearchHook: {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.8
FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.0.601
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledItems: toolbar@web.de:2.1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.04.04 17:49:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.31 14:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.31 14:19:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\user\AppData\Roaming\01039 [2012.05.30 13:14:07 | 000,000,000 | ---D | M]
[2009.07.12 23:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009.03.31 15:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.06.04 12:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions
[2009.09.05 03:13:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:31:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.10 16:50:42 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.06.12 21:51:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.10 16:49:02 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009.08.04 22:14:06 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ChoiceGuard@Microsoft
[2011.08.01 14:32:18 | 000,000,000 | ---D | M] (ICQ Sparberater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ciuvo-extension@icq.de
[2012.06.04 12:56:55 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\toolbar@web.de
[2011.08.01 14:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ciuvo-extension@icq.de\chrome
[2012.05.30 13:18:49 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-1.xml
[2012.06.04 12:57:01 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-10.xml
[2011.08.20 12:07:41 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-2.xml
[2011.09.05 23:45:16 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-3.xml
[2011.09.30 01:38:13 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-4.xml
[2011.10.14 21:41:59 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-5.xml
[2011.10.14 21:58:34 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-6.xml
[2012.01.25 11:52:55 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-7.xml
[2012.03.12 14:01:58 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-8.xml
[2012.05.31 14:20:15 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-9.xml
[2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin.xml
[2011.10.05 13:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.23 14:08:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.02 15:30:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.10.05 13:38:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.10.05 13:38:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.05.30 13:14:07 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER\APPDATA\ROAMING\01039
[2011.10.05 13:38:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.01 14:32:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.01 14:32:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.01 14:32:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.01 14:32:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.01 14:32:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://search.babylon.com/home/?ai=14437
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&hl={language}&ai=14542
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/home/?ai=14437
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ICQ Sparberater = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.678_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\Toolbar\WebBrowser: (P2P Max DE Toolbar) - {E0007D18-BAA4-4573-AE78-8BEA0958C610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-829418231-901360401-729028706-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412C8A80-481B-4ABF-B391-4788D63B6DE5}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A52B213-239B-435A-8C13-CF998CB272E2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\Pictures\texas_holdem_poker-9529.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\Pictures\texas_holdem_poker-9529.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\Shell - "" = AutoRun
O33 - MountPoints2\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0606673-5f96-11e0-9074-001e101f6aa9}\Shell - "" = AutoRun
O33 - MountPoints2\{a0606673-5f96-11e0-9074-001e101f6aa9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.07.16 15:43:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.10 16:23:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Avira
[2012.07.10 16:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.10 16:17:52 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.10 16:17:40 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.10 16:17:40 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.10 16:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.10 16:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.07.08 18:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.08 15:17:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.07.08 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.08 15:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.08 15:17:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.08 15:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.19 10:23:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 10:20:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.19 10:20:39 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.19 10:20:39 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.19 10:20:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.19 10:16:38 | 000,002,299 | ---- | M] () -- C:\Users\user\AppData\Roaming\acervcmtmp.ini
[2012.07.19 10:16:06 | 000,027,744 | ---- | M] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2012.07.19 10:15:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 10:15:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 10:15:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 10:15:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 10:15:39 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 23:57:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.16 16:24:23 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.10 16:18:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.08 15:17:14 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.10 16:18:12 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.08 15:17:14 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 13:13:46 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res
[2010.09.29 11:12:24 | 000,007,592 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010.06.02 15:36:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.04.14 01:49:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.03.18 16:22:56 | 000,002,299 | ---- | C] () -- C:\Users\user\AppData\Roaming\acervcmtmp.ini
[2009.03.17 23:26:16 | 000,027,744 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2009.03.17 17:19:46 | 000,028,672 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.17 15:26:19 | 000,027,744 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.dat
[2008.02.27 10:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
========== LOP Check ==========
[2008.03.25 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.03.25 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009.05.28 23:19:54 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\.#
[2012.05.30 13:14:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\01039
[2010.08.10 14:54:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acer
[2008.03.25 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acer GameZone Console
[2011.04.04 17:50:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Bytemobile
[2011.08.13 01:09:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft
[2011.06.12 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.30 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock
[2009.09.18 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2009.11.13 01:48:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LimeWire
[2011.10.05 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2010.04.09 17:38:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Research In Motion
[2009.04.02 12:42:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RTPlayer
[2012.05.31 14:11:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs
[2011.04.04 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone
[2011.04.04 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone Mobile Connect
[2012.05.31 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm
[2012.01.15 01:59:59 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012.04.01 00:59:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.07.17 23:57:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.05.28 23:19:54 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\.#
[2012.05.30 13:14:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\01039
[2010.08.10 14:54:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acer
[2008.03.25 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acer GameZone Console
[2009.06.26 15:00:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2012.07.10 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avira
[2011.04.04 17:50:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Bytemobile
[2011.06.06 17:57:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CyberLink
[2010.04.09 17:42:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DivX
[2011.08.13 01:09:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft
[2011.06.12 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.04 18:02:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FLEXnet
[2009.02.09 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2011.10.05 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InstallShield
[2012.05.30 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock
[2009.09.18 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2009.11.13 01:48:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LimeWire
[2009.02.09 18:13:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2012.07.08 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2011.04.04 18:40:27 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2009.03.31 15:51:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2011.10.05 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2010.04.09 17:38:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Research In Motion
[2010.06.20 12:45:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Roxio
[2009.04.02 12:42:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RTPlayer
[2011.06.14 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\skypePM
[2012.05.31 14:11:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs
[2010.08.10 16:52:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
[2011.04.04 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone
[2011.04.04 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone Mobile Connect
[2012.05.31 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm
< %APPDATA%\*.exe /s >
[2009.03.31 15:51:13 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2009.03.31 15:51:14 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2009.03.31 15:51:14 | 000,014,848 | ---- | M] () -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2009.03.31 15:51:14 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.03.31 15:51:14 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2009.03.31 15:51:14 | 000,018,432 | ---- | M] () -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.03.31 15:51:14 | 000,014,336 | ---- | M] () -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2009.03.31 15:51:14 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.03.31 15:51:14 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\user\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
[2011.07.06 15:50:09 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
< %SYSTEMDRIVE%\*.exe >
[2005.08.16 09:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2007.11.22 10:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\DRV\Robson\Winall\Driver64\IaStor.sys
[2007.11.22 10:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.11.22 10:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_108fe68b\iaStor.sys
[2007.11.22 10:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4f0cb505\iaStor.sys
[2007.11.22 10:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\DRV\Robson\Winall\Driver\IaStor.sys
[2007.11.22 10:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.11.22 10:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.11.22 10:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.11.22 10:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\user\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\user\Documents\formular_pdf.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\user\Documents\Deutsch Übersich Abi.pdf:Roxio EMC Stream
< End of report >
|
|
19.07.2012, 18:53
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ständig neue Trojaner-Funde in C:User/user/AppData Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\URLSearchHook: {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-829418231-901360401-729028706-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.0.601
FF - prefs.js..extensions.enabledItems: toolbar@web.de:2.1.1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - user.js - File not found
[2009.09.05 03:13:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:31:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.10 16:50:42 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.06.12 21:51:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.10 16:49:02 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009.08.04 22:14:06 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ChoiceGuard@Microsoft
[2011.08.01 14:32:18 | 000,000,000 | ---D | M] (ICQ Sparberater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ciuvo-extension@icq.de
[2012.06.04 12:56:55 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\toolbar@web.de
[2011.08.01 14:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ciuvo-extension@icq.de\chrome
[2012.05.30 13:18:49 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-1.xml
[2012.06.04 12:57:01 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-10.xml
[2011.08.20 12:07:41 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-2.xml
[2011.09.05 23:45:16 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-3.xml
[2011.09.30 01:38:13 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-4.xml
[2011.10.14 21:41:59 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-5.xml
[2011.10.14 21:58:34 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-6.xml
[2012.01.25 11:52:55 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-7.xml
[2012.03.12 14:01:58 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-8.xml
[2012.05.31 14:20:15 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-9.xml
[2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin.xml
[2011.10.05 13:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.23 14:08:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
CHR - homepage: http://search.babylon.com/home/?ai=14437
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&hl={language}&ai=14542
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/home/?ai=14437
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - Extension: ICQ Sparberater = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.678_0\
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (P2P Max DE Toolbar) - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Programme\P2P_Max_DE\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\Shell - "" = AutoRun
O33 - MountPoints2\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0606673-5f96-11e0-9074-001e101f6aa9}\Shell - "" = AutoRun
O33 - MountPoints2\{a0606673-5f96-11e0-9074-001e101f6aa9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
:Files
C:\user.js
C:\Programme\P2P_Max_DE
C:\Users\user\AppData\Roaming\.#
C:\Users\user\AppData\Roaming\01039
C:\Users\user\AppData\Roaming\kock
C:\Users\user\AppData\Roaming\xmldm
C:\Users\user\AppData\Roaming\UAs
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
20.07.2012, 16:07
| #19 |
| | ständig neue Trojaner-Funde in C:User/user/AppData Also ich hab es jetzt echt 3 mal probiert....alles wie beschrieben...Text kopiert und eingefügt...alle Programme geschlossen....Virenscanner auch...und während dem Fixen kommt dann dauernd die Meldung "OTL funktioniert nicht mehr! Das Programm wird aufgrund eines Fehlers beendet usw...." und mein PC hängt sich komplett auf...ich seh nur noch mein Hintergrundbild und mein Mauszeiger, sonst alles weg und außer dem Task-Manager geht nix mehr...  |
|
21.07.2012, 13:27
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ständig neue Trojaner-Funde in C:User/user/AppData Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.07.2012, 20:31
| #21 |
| | ständig neue Trojaner-Funde in C:User/user/AppData Sodele......hier die OTL-Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e0007d18-baa4-4573-ae78-8bea0958c610} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0007d18-baa4-4573-ae78-8bea0958c610}\ not found.
File C:\Programme\P2P_Max_DE\tbP2P_.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-829418231-901360401-729028706-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-829418231-901360401-729028706-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-829418231-901360401-729028706-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-829418231-901360401-729028706-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e0007d18-baa4-4573-ae78-8bea0958c610} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0007d18-baa4-4573-ae78-8bea0958c610}\ not found.
File C:\Programme\P2P_Max_DE\tbP2P_.dll not found.
HKEY_USERS\S-1-5-21-829418231-901360401-729028706-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-829418231-901360401-729028706-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-829418231-901360401-729028706-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.8&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: ciuvo-extension@icq.de:1.0.601 removed from extensions.enabledItems
Prefs.js: toolbar@web.de:2.1.1 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ChoiceGuard@Microsoft\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ciuvo-extension@icq.de\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\toolbar@web.de\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o54cd2jf.default\extensions\ciuvo-extension@icq.de\chrome\ not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\searchplugins\icqplugin.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\ not found.
Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll not found.
File C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.678_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0007d18-baa4-4573-ae78-8bea0958c610}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0007d18-baa4-4573-ae78-8bea0958c610}\ not found.
File C:\Programme\P2P_Max_DE\tbP2P_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e0007d18-baa4-4573-ae78-8bea0958c610} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0007d18-baa4-4573-ae78-8bea0958c610}\ not found.
File C:\Programme\P2P_Max_DE\tbP2P_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c6e0a7f-5eca-11e0-aa94-9605b7d8fa1a}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c6e0a85-5eca-11e0-aa94-001e101fabdd}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0606673-5f96-11e0-9074-001e101f6aa9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0606673-5f96-11e0-9074-001e101f6aa9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0606673-5f96-11e0-9074-001e101f6aa9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0606673-5f96-11e0-9074-001e101f6aa9}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
========== FILES ==========
File\Folder C:\user.js not found.
File\Folder C:\Programme\P2P_Max_DE not found.
File\Folder C:\Users\user\AppData\Roaming\.# not found.
File\Folder C:\Users\user\AppData\Roaming\01039 not found.
File\Folder C:\Users\user\AppData\Roaming\kock not found.
File\Folder C:\Users\user\AppData\Roaming\xmldm not found.
File\Folder C:\Users\user\AppData\Roaming\UAs not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Journal
User: Public
User: RegBack
User: systemprofile
User: TxR
User: user
->Temp folder emptied: 970849 bytes
->Temporary Internet Files folder emptied: 2337195 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6449054 bytes
->Flash cache emptied: 2846 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64604288 bytes
RecycleBin emptied: 7888766 bytes
Total Files Cleaned = 78,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Journal
User: Public
User: RegBack
User: systemprofile
User: TxR
User: user
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07232012_210638
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Basti |
|
24.07.2012, 15:24
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ständig neue Trojaner-Funde in C:User/user/AppData Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2012, 12:55
| #23 |
| | ständig neue Trojaner-Funde in C:User/user/AppData Hier jetzt der Report vom TDSS-Killer: Code:
ATTFilter 13:48:10.0731 4084 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:48:11.0327 4084 ============================================================
13:48:11.0327 4084 Current date / time: 2012/07/25 13:48:11.0327
13:48:11.0327 4084 SystemInfo:
13:48:11.0327 4084
13:48:11.0327 4084 OS Version: 6.0.6001 ServicePack: 1.0
13:48:11.0327 4084 Product type: Workstation
13:48:11.0327 4084 ComputerName: USER-PC
13:48:11.0327 4084 UserName: user
13:48:11.0327 4084 Windows directory: C:\Windows
13:48:11.0327 4084 System windows directory: C:\Windows
13:48:11.0327 4084 Processor architecture: Intel x86
13:48:11.0327 4084 Number of processors: 2
13:48:11.0327 4084 Page size: 0x1000
13:48:11.0328 4084 Boot type: Normal boot
13:48:11.0328 4084 ============================================================
13:48:12.0029 4084 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:48:12.0031 4084 ============================================================
13:48:12.0031 4084 \Device\Harddisk0\DR0:
13:48:12.0032 4084 MBR partitions:
13:48:12.0032 4084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1D4B800, BlocksNum 0xDA62000
13:48:12.0032 4084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF7AD800, BlocksNum 0xD362000
13:48:12.0032 4084 ============================================================
13:48:12.0119 4084 C: <-> \Device\Harddisk0\DR0\Partition0
13:48:12.0197 4084 D: <-> \Device\Harddisk0\DR0\Partition1
13:48:12.0197 4084 ============================================================
13:48:12.0197 4084 Initialize success
13:48:12.0197 4084 ============================================================
13:49:11.0124 1040 ============================================================
13:49:11.0124 1040 Scan started
13:49:11.0124 1040 Mode: Manual; SigCheck; TDLFS;
13:49:11.0124 1040 ============================================================
13:49:12.0030 1040 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
13:49:12.0144 1040 ACPI - ok
13:49:12.0238 1040 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:49:12.0274 1040 adp94xx - ok
13:49:12.0331 1040 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:49:12.0360 1040 adpahci - ok
13:49:12.0396 1040 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:49:12.0407 1040 adpu160m - ok
13:49:12.0437 1040 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:49:12.0460 1040 adpu320 - ok
13:49:12.0507 1040 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:49:12.0656 1040 AeLookupSvc - ok
13:49:12.0733 1040 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
13:49:12.0844 1040 AFD - ok
13:49:12.0888 1040 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:49:12.0904 1040 agp440 - ok
13:49:12.0948 1040 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:49:12.0958 1040 aic78xx - ok
13:49:12.0990 1040 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:49:13.0133 1040 ALG - ok
13:49:13.0171 1040 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:49:13.0179 1040 aliide - ok
13:49:13.0199 1040 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:49:13.0207 1040 amdagp - ok
13:49:13.0221 1040 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:49:13.0228 1040 amdide - ok
13:49:13.0243 1040 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:49:13.0283 1040 AmdK7 - ok
13:49:13.0318 1040 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:49:13.0345 1040 AmdK8 - ok
13:49:13.0493 1040 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:49:13.0505 1040 AntiVirSchedulerService - ok
13:49:13.0570 1040 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:49:13.0578 1040 AntiVirService - ok
13:49:13.0649 1040 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:49:13.0691 1040 Appinfo - ok
13:49:13.0717 1040 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:49:13.0727 1040 arc - ok
13:49:13.0798 1040 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:49:13.0809 1040 arcsas - ok
13:49:13.0813 1040 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:49:13.0874 1040 AsyncMac - ok
13:49:13.0911 1040 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
13:49:13.0920 1040 atapi - ok
13:49:13.0977 1040 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:49:14.0014 1040 AudioEndpointBuilder - ok
13:49:14.0019 1040 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:49:14.0052 1040 Audiosrv - ok
13:49:14.0067 1040 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:49:14.0238 1040 avgntflt - ok
13:49:14.0287 1040 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:49:14.0312 1040 avipbb - ok
13:49:14.0332 1040 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
13:49:14.0346 1040 avkmgr - ok
13:49:14.0395 1040 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:49:14.0467 1040 b57nd60x - ok
13:49:14.0515 1040 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:49:14.0565 1040 Beep - ok
13:49:14.0644 1040 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
13:49:14.0681 1040 BFE - ok
13:49:14.0803 1040 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
13:49:14.0849 1040 BITS - ok
13:49:14.0899 1040 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:49:14.0938 1040 blbdrive - ok
13:49:15.0004 1040 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
13:49:15.0024 1040 BMLoad ( UnsignedFile.Multi.Generic ) - warning
13:49:15.0024 1040 BMLoad - detected UnsignedFile.Multi.Generic (1)
13:49:15.0064 1040 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
13:49:15.0118 1040 bowser - ok
13:49:15.0156 1040 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:49:15.0184 1040 BrFiltLo - ok
13:49:15.0212 1040 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:49:15.0231 1040 BrFiltUp - ok
13:49:15.0295 1040 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:49:15.0330 1040 Browser - ok
13:49:15.0365 1040 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:49:15.0545 1040 Brserid - ok
13:49:15.0560 1040 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:49:15.0612 1040 BrSerWdm - ok
13:49:15.0630 1040 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:49:15.0674 1040 BrUsbMdm - ok
13:49:15.0688 1040 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:49:15.0754 1040 BrUsbSer - ok
13:49:15.0866 1040 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
13:49:15.0900 1040 BthEnum - ok
13:49:15.0927 1040 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
13:49:15.0963 1040 BTHMODEM - ok
13:49:15.0993 1040 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
13:49:16.0051 1040 BthPan - ok
13:49:16.0119 1040 BthPort (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
13:49:16.0166 1040 BthPort - ok
13:49:16.0191 1040 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
13:49:16.0225 1040 BthServ - ok
13:49:16.0241 1040 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
13:49:16.0292 1040 BTHUSB - ok
13:49:16.0365 1040 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
13:49:16.0376 1040 btwaudio - ok
13:49:16.0413 1040 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
13:49:16.0424 1040 btwavdt - ok
13:49:16.0439 1040 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
13:49:16.0448 1040 btwrchid - ok
13:49:16.0488 1040 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:49:16.0565 1040 cdfs - ok
13:49:16.0604 1040 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
13:49:16.0636 1040 cdrom - ok
13:49:16.0699 1040 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:49:16.0718 1040 CertPropSvc - ok
13:49:16.0729 1040 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
13:49:16.0773 1040 circlass - ok
13:49:16.0812 1040 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
13:49:16.0838 1040 CLFS - ok
13:49:17.0002 1040 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:49:17.0011 1040 clr_optimization_v2.0.50727_32 - ok
13:49:17.0142 1040 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:49:17.0164 1040 clr_optimization_v4.0.30319_32 - ok
13:49:17.0223 1040 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:49:17.0256 1040 CmBatt - ok
13:49:17.0268 1040 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:49:17.0276 1040 cmdide - ok
13:49:17.0290 1040 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:49:17.0297 1040 Compbatt - ok
13:49:17.0300 1040 COMSysApp - ok
13:49:17.0306 1040 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:49:17.0314 1040 crcdisk - ok
13:49:17.0334 1040 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:49:17.0370 1040 Crusoe - ok
13:49:17.0414 1040 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
13:49:17.0447 1040 CryptSvc - ok
13:49:17.0542 1040 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
13:49:17.0644 1040 DcomLaunch - ok
13:49:17.0690 1040 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
13:49:17.0786 1040 DfsC - ok
13:49:18.0087 1040 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
13:49:18.0371 1040 DFSR - ok
13:49:18.0724 1040 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
13:49:18.0858 1040 Dhcp - ok
13:49:18.0972 1040 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
13:49:18.0984 1040 disk - ok
13:49:18.0987 1040 DKbFltr - ok
13:49:19.0046 1040 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
13:49:19.0137 1040 Dnscache - ok
13:49:19.0169 1040 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
13:49:19.0226 1040 dot3svc - ok
13:49:19.0269 1040 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:49:19.0297 1040 DPS - ok
13:49:19.0332 1040 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:49:19.0347 1040 drmkaud - ok
13:49:19.0427 1040 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
13:49:19.0538 1040 DXGKrnl - ok
13:49:19.0558 1040 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:49:19.0592 1040 E1G60 - ok
13:49:19.0647 1040 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:49:19.0675 1040 EapHost - ok
13:49:19.0718 1040 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
13:49:19.0740 1040 Ecache - ok
13:49:19.0881 1040 eDataSecurity Service (b84e1adec9618abd328ab6f8c9c7dc90) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
13:49:19.0920 1040 eDataSecurity Service ( UnsignedFile.Multi.Generic ) - warning
13:49:19.0920 1040 eDataSecurity Service - detected UnsignedFile.Multi.Generic (1)
13:49:19.0986 1040 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:49:20.0085 1040 ehRecvr - ok
13:49:20.0103 1040 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:49:20.0147 1040 ehSched - ok
13:49:20.0160 1040 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:49:20.0182 1040 ehstart - ok
13:49:20.0252 1040 eLockService (e28516fed46251119addaf4cf33ba401) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
13:49:20.0264 1040 eLockService ( UnsignedFile.Multi.Generic ) - warning
13:49:20.0264 1040 eLockService - detected UnsignedFile.Multi.Generic (1)
13:49:20.0468 1040 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:49:20.0506 1040 elxstor - ok
13:49:20.0613 1040 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
13:49:20.0733 1040 EMDMgmt - ok
13:49:20.0787 1040 eNet Service (44e8e86ceeb0d9f0f934b5edc21e0444) C:\Acer\Empowering Technology\eNet\eNet Service.exe
13:49:20.0822 1040 eNet Service ( UnsignedFile.Multi.Generic ) - warning
13:49:20.0822 1040 eNet Service - detected UnsignedFile.Multi.Generic (1)
13:49:20.0857 1040 eRecoveryService (59fccaf915ba89dd98cadf08da91afee) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
13:49:20.0886 1040 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
13:49:20.0886 1040 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
13:49:20.0938 1040 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:49:20.0991 1040 ErrDev - ok
13:49:21.0045 1040 eSettingsService (a9745687a57cdd71237915859aba8dac) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
13:49:21.0052 1040 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
13:49:21.0052 1040 eSettingsService - detected UnsignedFile.Multi.Generic (1)
13:49:21.0119 1040 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
13:49:21.0185 1040 EventSystem - ok
13:49:21.0248 1040 ewusbnet (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys
13:49:21.0299 1040 ewusbnet - ok
13:49:21.0357 1040 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
13:49:21.0427 1040 exfat - ok
13:49:21.0456 1040 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
13:49:21.0490 1040 fastfat - ok
13:49:21.0509 1040 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:49:21.0539 1040 fdc - ok
13:49:21.0574 1040 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:49:21.0616 1040 fdPHost - ok
13:49:21.0643 1040 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:49:21.0694 1040 FDResPub - ok
13:49:21.0729 1040 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:49:21.0738 1040 FileInfo - ok
13:49:21.0764 1040 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:49:21.0813 1040 Filetrace - ok
13:49:21.0823 1040 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:49:21.0852 1040 flpydisk - ok
13:49:21.0864 1040 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
13:49:21.0875 1040 FltMgr - ok
13:49:21.0973 1040 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:49:21.0981 1040 FontCache3.0.0.0 - ok
13:49:21.0997 1040 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:49:22.0032 1040 Fs_Rec - ok
13:49:22.0055 1040 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:49:22.0063 1040 gagp30kx - ok
13:49:22.0147 1040 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
13:49:22.0251 1040 gpsvc - ok
13:49:22.0397 1040 gupdate1ca04c38d267a9e (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:49:22.0404 1040 gupdate1ca04c38d267a9e - ok
13:49:22.0417 1040 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:49:22.0423 1040 gupdatem - ok
13:49:22.0459 1040 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:49:22.0523 1040 HdAudAddService - ok
13:49:22.0552 1040 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:49:22.0588 1040 HDAudBus - ok
13:49:22.0608 1040 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:49:22.0650 1040 HidBth - ok
13:49:22.0672 1040 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
13:49:22.0705 1040 HidIr - ok
13:49:22.0729 1040 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
13:49:22.0771 1040 hidserv - ok
13:49:22.0806 1040 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
13:49:22.0837 1040 HidUsb - ok
13:49:22.0875 1040 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:49:22.0915 1040 hkmsvc - ok
13:49:22.0939 1040 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:49:22.0947 1040 HpCISSs - ok
13:49:22.0992 1040 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:49:23.0034 1040 HSFHWAZL - ok
13:49:23.0153 1040 HSF_DPV (347385d69c15e3d045aa1cb46e4cb86d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:49:23.0240 1040 HSF_DPV - ok
13:49:23.0279 1040 HSXHWAZL (919337d853703267da203e79a0ac1f2b) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:49:23.0329 1040 HSXHWAZL - ok
13:49:23.0400 1040 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
13:49:23.0501 1040 HTTP - ok
13:49:23.0557 1040 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:49:23.0576 1040 hwdatacard - ok
13:49:23.0625 1040 hwusbfake (089085538885367e281686762a973eb5) C:\Windows\system32\DRIVERS\ewusbfake.sys
13:49:23.0659 1040 hwusbfake - ok
13:49:23.0686 1040 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:49:23.0694 1040 i2omp - ok
13:49:23.0749 1040 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:49:23.0778 1040 i8042prt - ok
13:49:23.0882 1040 IAANTMON (681ef6e0cc7bbaa0c09acabeb91f669e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:49:23.0986 1040 IAANTMON - ok
13:49:24.0046 1040 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
13:49:24.0054 1040 iaStor - ok
13:49:24.0092 1040 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:49:24.0109 1040 iaStorV - ok
13:49:24.0180 1040 ICQ Service (a4e43a7ab1202356bebeb6b798f15488) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
13:49:24.0197 1040 ICQ Service - ok
13:49:24.0310 1040 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:49:24.0327 1040 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0327 1040 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:49:24.0490 1040 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:49:24.0604 1040 idsvc - ok
13:49:24.0725 1040 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:49:24.0739 1040 iirsp - ok
13:49:24.0828 1040 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
13:49:24.0881 1040 IKEEXT - ok
13:49:24.0987 1040 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
13:49:24.0993 1040 int15 - ok
13:49:25.0198 1040 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
13:49:25.0309 1040 IntcAzAudAddService - ok
13:49:25.0462 1040 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:49:25.0470 1040 intelide - ok
13:49:25.0503 1040 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:49:25.0539 1040 intelppm - ok
13:49:25.0572 1040 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:49:25.0604 1040 IPBusEnum - ok
13:49:25.0643 1040 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:49:25.0687 1040 IpFilterDriver - ok
13:49:25.0742 1040 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
13:49:25.0832 1040 iphlpsvc - ok
13:49:25.0835 1040 IpInIp - ok
13:49:25.0855 1040 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:49:25.0880 1040 IPMIDRV - ok
13:49:25.0901 1040 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:49:25.0944 1040 IPNAT - ok
13:49:25.0963 1040 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:49:25.0991 1040 IRENUM - ok
13:49:26.0008 1040 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:49:26.0020 1040 isapnp - ok
13:49:26.0071 1040 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
13:49:26.0090 1040 iScsiPrt - ok
13:49:26.0112 1040 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:49:26.0120 1040 iteatapi - ok
13:49:26.0129 1040 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:49:26.0137 1040 iteraid - ok
13:49:26.0158 1040 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:49:26.0165 1040 kbdclass - ok
13:49:26.0172 1040 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
13:49:26.0210 1040 kbdhid - ok
13:49:26.0250 1040 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:49:26.0291 1040 KeyIso - ok
13:49:26.0339 1040 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
13:49:26.0362 1040 KSecDD - ok
13:49:26.0432 1040 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:49:26.0503 1040 KtmRm - ok
13:49:26.0555 1040 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
13:49:26.0605 1040 LanmanServer - ok
13:49:26.0681 1040 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
13:49:26.0726 1040 LanmanWorkstation - ok
13:49:26.0832 1040 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:49:26.0851 1040 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:49:26.0851 1040 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:49:26.0918 1040 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:49:26.0959 1040 lltdio - ok
13:49:27.0009 1040 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:49:27.0064 1040 lltdsvc - ok
13:49:27.0089 1040 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:49:27.0156 1040 lmhosts - ok
13:49:27.0184 1040 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:49:27.0198 1040 LSI_FC - ok
13:49:27.0221 1040 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:49:27.0235 1040 LSI_SAS - ok
13:49:27.0258 1040 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:49:27.0271 1040 LSI_SCSI - ok
13:49:27.0291 1040 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:49:27.0322 1040 luafv - ok
13:49:27.0362 1040 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
13:49:27.0374 1040 MBAMProtector - ok
13:49:27.0562 1040 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:49:27.0629 1040 MBAMService - ok
13:49:27.0688 1040 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:49:27.0718 1040 Mcx2Svc - ok
13:49:27.0738 1040 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:49:27.0763 1040 mdmxsdk - ok
13:49:27.0798 1040 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:49:27.0806 1040 megasas - ok
13:49:27.0874 1040 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:49:27.0908 1040 MegaSR - ok
13:49:27.0947 1040 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:49:27.0966 1040 MMCSS - ok
13:49:28.0013 1040 MobilityService - ok
13:49:28.0029 1040 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:49:28.0071 1040 Modem - ok
13:49:28.0091 1040 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:49:28.0123 1040 monitor - ok
13:49:28.0141 1040 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:49:28.0149 1040 mouclass - ok
13:49:28.0160 1040 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:49:28.0179 1040 mouhid - ok
13:49:28.0193 1040 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:49:28.0202 1040 MountMgr - ok
13:49:28.0222 1040 MPFP (447d50511a7aac23d4cbbe527e1ff1f2) C:\Windows\system32\Drivers\Mpfp.sys
13:49:28.0231 1040 MPFP - ok
13:49:28.0266 1040 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:49:28.0276 1040 mpio - ok
13:49:28.0316 1040 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:49:28.0348 1040 mpsdrv - ok
13:49:28.0421 1040 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
13:49:28.0454 1040 MpsSvc - ok
13:49:28.0473 1040 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:49:28.0482 1040 Mraid35x - ok
13:49:28.0501 1040 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
13:49:28.0527 1040 MRxDAV - ok
13:49:28.0576 1040 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:49:28.0635 1040 mrxsmb - ok
13:49:28.0679 1040 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:49:28.0732 1040 mrxsmb10 - ok
13:49:28.0760 1040 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:49:28.0782 1040 mrxsmb20 - ok
13:49:28.0827 1040 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:49:28.0836 1040 msahci - ok
13:49:28.0862 1040 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:49:28.0873 1040 msdsm - ok
13:49:28.0910 1040 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:49:28.0954 1040 MSDTC - ok
13:49:28.0969 1040 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:49:29.0013 1040 Msfs - ok
13:49:29.0050 1040 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:49:29.0061 1040 msisadrv - ok
13:49:29.0088 1040 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:49:29.0121 1040 MSiSCSI - ok
13:49:29.0124 1040 msiserver - ok
13:49:29.0151 1040 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:49:29.0170 1040 MSKSSRV - ok
13:49:29.0191 1040 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:49:29.0209 1040 MSPCLOCK - ok
13:49:29.0244 1040 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:49:29.0273 1040 MSPQM - ok
13:49:29.0303 1040 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
13:49:29.0324 1040 MsRPC - ok
13:49:29.0337 1040 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:49:29.0345 1040 mssmbios - ok
13:49:29.0361 1040 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:49:29.0379 1040 MSTEE - ok
13:49:29.0395 1040 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
13:49:29.0403 1040 Mup - ok
13:49:29.0453 1040 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
13:49:29.0501 1040 napagent - ok
13:49:29.0557 1040 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
13:49:29.0596 1040 NativeWifiP - ok
13:49:29.0669 1040 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
13:49:29.0708 1040 NDIS - ok
13:49:29.0730 1040 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:49:29.0765 1040 NdisTapi - ok
13:49:29.0791 1040 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:49:29.0811 1040 Ndisuio - ok
13:49:29.0844 1040 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
13:49:29.0884 1040 NdisWan - ok
13:49:29.0903 1040 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:49:29.0931 1040 NDProxy - ok
13:49:29.0942 1040 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:49:29.0980 1040 NetBIOS - ok
13:49:30.0017 1040 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
13:49:30.0053 1040 netbt - ok
13:49:30.0077 1040 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:49:30.0090 1040 Netlogon - ok
13:49:30.0139 1040 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:49:30.0166 1040 Netman - ok
13:49:30.0199 1040 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:49:30.0256 1040 netprofm - ok
13:49:30.0361 1040 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:49:30.0375 1040 NetTcpPortSharing - ok
13:49:30.0769 1040 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
13:49:30.0929 1040 NETw3v32 - ok
13:49:31.0256 1040 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
13:49:31.0498 1040 NETw4v32 - ok
13:49:31.0652 1040 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:49:31.0660 1040 nfrd960 - ok
13:49:31.0699 1040 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:49:31.0759 1040 NlaSvc - ok
13:49:31.0787 1040 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
13:49:31.0817 1040 Npfs - ok
13:49:31.0855 1040 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:49:31.0875 1040 nsi - ok
13:49:31.0945 1040 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:49:31.0973 1040 nsiproxy - ok
13:49:32.0076 1040 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
13:49:32.0175 1040 Ntfs - ok
13:49:32.0215 1040 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
13:49:32.0218 1040 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
13:49:32.0218 1040 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
13:49:32.0244 1040 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:49:32.0301 1040 ntrigdigi - ok
13:49:32.0306 1040 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:49:32.0364 1040 Null - ok
13:49:33.0123 1040 nvlddmkm (9e8222b2ef8130db3ea6669fda358453) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:49:33.0615 1040 nvlddmkm - ok
13:49:33.0803 1040 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:49:33.0813 1040 nvraid - ok
13:49:33.0847 1040 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:49:33.0857 1040 nvstor - ok
13:49:33.0881 1040 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:49:33.0892 1040 nv_agp - ok
13:49:33.0898 1040 NwlnkFlt - ok
13:49:33.0902 1040 NwlnkFwd - ok
13:49:34.0053 1040 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:49:34.0089 1040 odserv - ok
13:49:34.0128 1040 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:49:34.0169 1040 ohci1394 - ok
13:49:34.0218 1040 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:49:34.0231 1040 ose - ok
13:49:34.0316 1040 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:49:34.0482 1040 p2pimsvc - ok
13:49:34.0490 1040 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:49:34.0567 1040 p2psvc - ok
13:49:34.0636 1040 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:49:34.0724 1040 Parport - ok
13:49:34.0742 1040 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
13:49:34.0750 1040 partmgr - ok
13:49:34.0762 1040 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:49:34.0813 1040 Parvdm - ok
13:49:34.0835 1040 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:49:34.0862 1040 PcaSvc - ok
13:49:34.0888 1040 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
13:49:34.0898 1040 pci - ok
13:49:34.0913 1040 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:49:34.0921 1040 pciide - ok
13:49:34.0951 1040 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:49:34.0971 1040 pcmcia - ok
13:49:35.0072 1040 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:49:35.0172 1040 PEAUTH - ok
13:49:35.0349 1040 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:49:35.0551 1040 pla - ok
13:49:35.0767 1040 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
13:49:35.0816 1040 PlugPlay - ok
13:49:35.0897 1040 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:49:35.0925 1040 PNRPAutoReg - ok
13:49:35.0935 1040 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:49:35.0962 1040 PNRPsvc - ok
13:49:36.0027 1040 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
13:49:36.0082 1040 PolicyAgent - ok
13:49:36.0142 1040 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:49:36.0217 1040 PptpMiniport - ok
13:49:36.0241 1040 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:49:36.0300 1040 Processor - ok
13:49:36.0341 1040 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
13:49:36.0391 1040 ProfSvc - ok
13:49:36.0430 1040 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:49:36.0450 1040 ProtectedStorage - ok
13:49:36.0482 1040 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
13:49:36.0536 1040 PSched - ok
13:49:36.0550 1040 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
13:49:36.0562 1040 PSDFilter - ok
13:49:36.0574 1040 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
13:49:36.0584 1040 PSDNServ - ok
13:49:36.0599 1040 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
13:49:36.0612 1040 psdvdisk - ok
13:49:36.0657 1040 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
13:49:36.0671 1040 PxHelp20 - ok
13:49:36.0803 1040 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:49:36.0894 1040 ql2300 - ok
13:49:36.0915 1040 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:49:36.0927 1040 ql40xx - ok
13:49:36.0973 1040 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:49:37.0003 1040 QWAVE - ok
13:49:37.0035 1040 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:49:37.0045 1040 QWAVEdrv - ok
13:49:37.0059 1040 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:49:37.0093 1040 RasAcd - ok
13:49:37.0115 1040 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:49:37.0145 1040 RasAuto - ok
13:49:37.0168 1040 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:49:37.0208 1040 Rasl2tp - ok
13:49:37.0248 1040 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
13:49:37.0284 1040 RasMan - ok
13:49:37.0302 1040 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
13:49:37.0326 1040 RasPppoe - ok
13:49:37.0346 1040 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
13:49:37.0366 1040 RasSstp - ok
13:49:37.0389 1040 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
13:49:37.0435 1040 rdbss - ok
13:49:37.0453 1040 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:49:37.0482 1040 RDPCDD - ok
13:49:37.0519 1040 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:49:37.0574 1040 rdpdr - ok
13:49:37.0578 1040 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:49:37.0617 1040 RDPENCDD - ok
13:49:37.0653 1040 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
13:49:37.0708 1040 RDPWD - ok
13:49:37.0745 1040 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:49:37.0771 1040 RemoteAccess - ok
13:49:37.0809 1040 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
13:49:37.0858 1040 RemoteRegistry - ok
13:49:37.0885 1040 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
13:49:37.0910 1040 RFCOMM - ok
13:49:38.0001 1040 RichVideo (0a468612a19feb657d127e7c4810f6fc) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:49:38.0036 1040 RichVideo ( UnsignedFile.Multi.Generic ) - warning
13:49:38.0036 1040 RichVideo - detected UnsignedFile.Multi.Generic (1)
13:49:38.0068 1040 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:49:38.0105 1040 rimmptsk - ok
13:49:38.0131 1040 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:49:38.0170 1040 rimsptsk - ok
13:49:38.0212 1040 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
13:49:38.0264 1040 RimUsb - ok
13:49:38.0307 1040 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
13:49:38.0330 1040 RimVSerPort - ok
13:49:38.0337 1040 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:49:38.0392 1040 rismxdp - ok
13:49:38.0401 1040 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
13:49:38.0439 1040 ROOTMODEM - ok
13:49:38.0531 1040 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
13:49:38.0539 1040 Roxio UPnP Renderer 9 - ok
13:49:38.0590 1040 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
13:49:38.0612 1040 Roxio Upnp Server 9 - ok
13:49:38.0724 1040 RoxLiveShare9 (a440254f41e219aaaa1dff8d57dfe554) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
13:49:38.0756 1040 RoxLiveShare9 - ok
13:49:38.0876 1040 RoxMediaDB9 (d798b432c7440863a057b006f73e4b17) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
13:49:38.0937 1040 RoxMediaDB9 - ok
13:49:38.0983 1040 RoxWatch9 (9f335c21d8ff9f992cb7e73f59488d31) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
13:49:39.0001 1040 RoxWatch9 - ok
13:49:39.0120 1040 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:49:39.0178 1040 RpcLocator - ok
13:49:39.0255 1040 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
13:49:39.0276 1040 RpcSs - ok
13:49:39.0335 1040 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:49:39.0377 1040 rspndr - ok
13:49:39.0433 1040 RS_Service (a26a932d2248386c16b9012c384b9ab3) C:\Program Files\Acer\Acer VCM\RS_Service.exe
13:49:39.0447 1040 RS_Service ( UnsignedFile.Multi.Generic ) - warning
13:49:39.0447 1040 RS_Service - detected UnsignedFile.Multi.Generic (1)
13:49:39.0463 1040 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:49:39.0478 1040 SamSs - ok
13:49:39.0500 1040 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:49:39.0512 1040 sbp2port - ok
13:49:39.0546 1040 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
13:49:39.0578 1040 SCardSvr - ok
13:49:39.0662 1040 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
13:49:39.0739 1040 Schedule - ok
13:49:39.0763 1040 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:49:39.0781 1040 SCPolicySvc - ok
13:49:39.0826 1040 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:49:39.0846 1040 sdbus - ok
13:49:39.0868 1040 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:49:39.0941 1040 SDRSVC - ok
13:49:39.0945 1040 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:49:39.0994 1040 secdrv - ok
13:49:40.0006 1040 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:49:40.0034 1040 seclogon - ok
13:49:40.0073 1040 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:49:40.0108 1040 SENS - ok
13:49:40.0140 1040 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:49:40.0175 1040 Serenum - ok
13:49:40.0233 1040 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:49:40.0278 1040 Serial - ok
13:49:40.0305 1040 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:49:40.0325 1040 sermouse - ok
13:49:40.0392 1040 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:49:40.0419 1040 SessionEnv - ok
13:49:40.0436 1040 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
13:49:40.0463 1040 sffdisk - ok
13:49:40.0484 1040 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:49:40.0503 1040 sffp_mmc - ok
13:49:40.0509 1040 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:49:40.0528 1040 sffp_sd - ok
13:49:40.0539 1040 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:49:40.0572 1040 sfloppy - ok
13:49:40.0625 1040 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:49:40.0678 1040 SharedAccess - ok
13:49:40.0724 1040 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
13:49:40.0782 1040 ShellHWDetection - ok
13:49:40.0800 1040 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:49:40.0808 1040 sisagp - ok
13:49:40.0822 1040 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:49:40.0830 1040 SiSRaid2 - ok
13:49:40.0852 1040 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:49:40.0861 1040 SiSRaid4 - ok
13:49:41.0102 1040 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
13:49:41.0220 1040 slsvc - ok
13:49:41.0363 1040 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
13:49:41.0385 1040 SLUINotify - ok
13:49:41.0433 1040 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
13:49:41.0467 1040 Smb - ok
13:49:41.0506 1040 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:49:41.0516 1040 SNMPTRAP - ok
13:49:41.0688 1040 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:49:41.0829 1040 SNP2UVC - ok
13:49:41.0980 1040 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:49:41.0989 1040 spldr - ok
13:49:42.0042 1040 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
13:49:42.0087 1040 Spooler - ok
13:49:42.0154 1040 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
13:49:42.0212 1040 srv - ok
13:49:42.0266 1040 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
13:49:42.0305 1040 srv2 - ok
13:49:42.0360 1040 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
13:49:42.0376 1040 srvnet - ok
13:49:42.0418 1040 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:49:42.0480 1040 SSDPSRV - ok
13:49:42.0536 1040 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:49:42.0547 1040 ssmdrv - ok
13:49:42.0577 1040 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:49:42.0642 1040 SstpSvc - ok
13:49:42.0742 1040 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
13:49:42.0806 1040 stisvc - ok
13:49:42.0839 1040 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:49:42.0854 1040 swenum - ok
13:49:42.0893 1040 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
13:49:42.0968 1040 swprv - ok
13:49:42.0990 1040 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:49:43.0004 1040 Symc8xx - ok
13:49:43.0025 1040 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:49:43.0040 1040 Sym_hi - ok
13:49:43.0053 1040 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:49:43.0068 1040 Sym_u3 - ok
13:49:43.0102 1040 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
13:49:43.0126 1040 SynTP - ok
13:49:43.0189 1040 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
13:49:43.0271 1040 SysMain - ok
13:49:43.0313 1040 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:49:43.0370 1040 TabletInputService - ok
13:49:43.0408 1040 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
13:49:43.0442 1040 TapiSrv - ok
13:49:43.0473 1040 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:49:43.0506 1040 TBS - ok
13:49:43.0605 1040 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
13:49:43.0671 1040 Tcpip - ok
13:49:43.0680 1040 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
13:49:43.0738 1040 Tcpip6 - ok
13:49:43.0799 1040 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
13:49:43.0818 1040 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
13:49:43.0818 1040 tcpipBM - detected UnsignedFile.Multi.Generic (1)
13:49:43.0846 1040 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
13:49:43.0887 1040 tcpipreg - ok
13:49:43.0906 1040 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:49:43.0926 1040 TDPIPE - ok
13:49:43.0946 1040 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:49:43.0965 1040 TDTCP - ok
13:49:43.0974 1040 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
13:49:44.0010 1040 tdx - ok
13:49:44.0033 1040 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
13:49:44.0041 1040 TermDD - ok
13:49:44.0102 1040 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
13:49:44.0144 1040 TermService - ok
13:49:44.0197 1040 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
13:49:44.0209 1040 Themes - ok
13:49:44.0236 1040 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:49:44.0255 1040 THREADORDER - ok
13:49:44.0274 1040 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:49:44.0295 1040 TrkWks - ok
13:49:44.0344 1040 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
13:49:44.0363 1040 TrustedInstaller - ok
13:49:44.0384 1040 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:49:44.0403 1040 tssecsrv - ok
13:49:44.0422 1040 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:49:44.0443 1040 tunmp - ok
13:49:44.0482 1040 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
13:49:44.0491 1040 tunnel - ok
13:49:44.0520 1040 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:49:44.0529 1040 uagp35 - ok
13:49:44.0556 1040 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
13:49:44.0584 1040 udfs - ok
13:49:44.0601 1040 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:49:44.0636 1040 UI0Detect - ok
13:49:44.0658 1040 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:49:44.0666 1040 uliagpkx - ok
13:49:44.0697 1040 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:49:44.0713 1040 uliahci - ok
13:49:44.0730 1040 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:49:44.0742 1040 UlSata - ok
13:49:44.0770 1040 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:49:44.0781 1040 ulsata2 - ok
13:49:44.0808 1040 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:49:44.0871 1040 umbus - ok
13:49:44.0909 1040 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:49:44.0959 1040 upnphost - ok
13:49:45.0000 1040 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:49:45.0020 1040 usbccgp - ok
13:49:45.0043 1040 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:49:45.0096 1040 usbcir - ok
13:49:45.0129 1040 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
13:49:45.0159 1040 usbehci - ok
13:49:45.0187 1040 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
13:49:45.0229 1040 usbhub - ok
13:49:45.0251 1040 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:49:45.0320 1040 usbohci - ok
13:49:45.0337 1040 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
13:49:45.0370 1040 usbprint - ok
13:49:45.0395 1040 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:49:45.0429 1040 USBSTOR - ok
13:49:45.0447 1040 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:49:45.0481 1040 usbuhci - ok
13:49:45.0507 1040 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
13:49:45.0543 1040 UxSms - ok
13:49:45.0598 1040 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
13:49:45.0651 1040 vds - ok
13:49:45.0704 1040 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:49:45.0740 1040 vga - ok
13:49:45.0765 1040 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:49:45.0785 1040 VgaSave - ok
13:49:45.0812 1040 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:49:45.0821 1040 viaagp - ok
13:49:45.0839 1040 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:49:45.0859 1040 ViaC7 - ok
13:49:45.0873 1040 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:49:45.0880 1040 viaide - ok
13:49:45.0998 1040 VMCService (1b0d441d8ab264d39c2b09130cc28045) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
13:49:46.0002 1040 VMCService ( UnsignedFile.Multi.Generic ) - warning
13:49:46.0002 1040 VMCService - detected UnsignedFile.Multi.Generic (1)
13:49:46.0014 1040 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:49:46.0022 1040 volmgr - ok
13:49:46.0054 1040 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
13:49:46.0080 1040 volmgrx - ok
13:49:46.0115 1040 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
13:49:46.0129 1040 volsnap - ok
13:49:46.0161 1040 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:49:46.0173 1040 vsmraid - ok
13:49:46.0290 1040 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
13:49:46.0395 1040 VSS - ok
13:49:46.0444 1040 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
13:49:46.0491 1040 W32Time - ok
13:49:46.0552 1040 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:49:46.0619 1040 WacomPen - ok
13:49:46.0647 1040 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:49:46.0695 1040 Wanarp - ok
13:49:46.0699 1040 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:49:46.0726 1040 Wanarpv6 - ok
13:49:46.0770 1040 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
13:49:46.0795 1040 wcncsvc - ok
13:49:46.0826 1040 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:49:46.0856 1040 WcsPlugInService - ok
13:49:46.0874 1040 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:49:46.0882 1040 Wd - ok
13:49:46.0933 1040 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:49:46.0965 1040 Wdf01000 - ok
13:49:47.0007 1040 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:49:47.0026 1040 WdiServiceHost - ok
13:49:47.0029 1040 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:49:47.0049 1040 WdiSystemHost - ok
13:49:47.0075 1040 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
13:49:47.0099 1040 WebClient - ok
13:49:47.0142 1040 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:49:47.0182 1040 Wecsvc - ok
13:49:47.0194 1040 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:49:47.0211 1040 wercplsupport - ok
13:49:47.0246 1040 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
13:49:47.0277 1040 WerSvc - ok
13:49:47.0359 1040 winachsf (3344b5c3209e538291398ff12f895155) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:49:47.0392 1040 winachsf - ok
13:49:47.0450 1040 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
13:49:47.0501 1040 winbondcir - ok
13:49:47.0585 1040 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:49:47.0614 1040 WinDefend - ok
13:49:47.0618 1040 WinHttpAutoProxySvc - ok
13:49:47.0680 1040 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
13:49:47.0718 1040 Winmgmt - ok
13:49:47.0864 1040 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:49:48.0009 1040 WinRM - ok
13:49:48.0077 1040 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
13:49:48.0162 1040 Wlansvc - ok
13:49:48.0227 1040 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:49:48.0257 1040 WmiAcpi - ok
13:49:48.0325 1040 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
13:49:48.0378 1040 wmiApSrv - ok
13:49:48.0477 1040 WMIService (c8f8aac50b5b0bf821ab7d7126056b30) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
13:49:48.0530 1040 WMIService ( UnsignedFile.Multi.Generic ) - warning
13:49:48.0530 1040 WMIService - detected UnsignedFile.Multi.Generic (1)
13:49:48.0678 1040 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:49:48.0754 1040 WMPNetworkSvc - ok
13:49:48.0912 1040 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
13:49:48.0949 1040 WPCSvc - ok
13:49:48.0961 1040 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
13:49:49.0012 1040 WPDBusEnum - ok
13:49:49.0070 1040 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
13:49:49.0089 1040 WpdUsb - ok
13:49:49.0293 1040 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:49:49.0351 1040 WPFFontCache_v0400 - ok
13:49:49.0381 1040 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:49:49.0431 1040 ws2ifsl - ok
13:49:49.0477 1040 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
13:49:49.0511 1040 wscsvc - ok
13:49:49.0515 1040 WSearch - ok
13:49:49.0701 1040 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:49:49.0811 1040 wuauserv - ok
13:49:49.0980 1040 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:49:50.0014 1040 WUDFRd - ok
13:49:50.0055 1040 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:49:50.0100 1040 wudfsvc - ok
13:49:50.0137 1040 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
13:49:50.0146 1040 XAudio - ok
13:49:50.0192 1040 XAudioService (f82fc2c30a19442b95ae554215837c46) C:\Windows\system32\DRIVERS\xaudio.exe
13:49:50.0218 1040 XAudioService - ok
13:49:50.0286 1040 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
13:49:50.0292 1040 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
13:49:50.0362 1040 MBR (0x1B8) (0dce9a450e9979b9640d57e81152a29d) \Device\Harddisk0\DR0
13:49:51.0637 1040 \Device\Harddisk0\DR0 - ok
13:49:51.0671 1040 Boot (0x1200) (a4f0df2da8b05d13d529b843b837726c) \Device\Harddisk0\DR0\Partition0
13:49:51.0690 1040 \Device\Harddisk0\DR0\Partition0 - ok
13:49:51.0711 1040 Boot (0x1200) (1f0cb0815a13f63b9038ad41e051bf0e) \Device\Harddisk0\DR0\Partition1
13:49:51.0713 1040 \Device\Harddisk0\DR0\Partition1 - ok
13:49:51.0716 1040 ============================================================
13:49:51.0716 1040 Scan finished
13:49:51.0716 1040 ============================================================
13:49:51.0724 6104 Detected object count: 14
13:49:51.0724 6104 Actual detected object count: 14
13:50:36.0676 6104 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0677 6104 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0677 6104 eDataSecurity Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0677 6104 eDataSecurity Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0679 6104 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0679 6104 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0680 6104 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0680 6104 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0682 6104 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0682 6104 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0683 6104 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0684 6104 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0685 6104 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0685 6104 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0687 6104 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0687 6104 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0688 6104 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0688 6104 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0690 6104 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0690 6104 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0691 6104 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0691 6104 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0693 6104 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0693 6104 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0694 6104 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0695 6104 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:36.0696 6104 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:36.0696 6104 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Basti |
|
25.07.2012, 13:25
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ständig neue Trojaner-Funde in C:User/user/AppData Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2012, 17:30
| #25 |
| | ständig neue Trojaner-Funde in C:User/user/AppData So jetzt hier der Report vom ComboFix: Code:
ATTFilter ComboFix 12-07-26.03 - user 25.07.2012 18:09:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1179 [GMT 2:00]
ausgeführt von:: c:\users\user\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\60a7806a-0eea-424c-a464-20f4730cd631
c:\users\user\AppData\Roaming\AcroIEHelpe.txt
c:\users\user\AppData\Roaming\srvblck5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-25 bis 2012-07-25 ))))))))))))))))))))))))))))))
.
.
2012-07-25 16:16 . 2012-07-25 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 17:34 . 2012-07-25 11:16 -------- d-----w- c:\users\user\AppData\Roaming\ICQ
2012-07-22 17:33 . 2012-07-22 17:36 -------- d-----w- c:\program files\ICQ7M
2012-07-20 14:05 . 2012-07-20 14:05 -------- d-----w- C:\_OTL
2012-07-10 14:23 . 2012-07-10 14:23 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2012-07-10 14:17 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-10 14:17 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-10 14:17 . 2012-07-10 14:17 -------- d-----w- c:\programdata\Avira
2012-07-10 14:17 . 2012-07-10 14:17 -------- d-----w- c:\program files\Avira
2012-07-08 16:00 . 2012-07-08 16:00 -------- d-----w- c:\program files\ESET
2012-07-08 13:17 . 2012-07-08 13:17 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-07-08 13:17 . 2012-07-08 13:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-08 13:17 . 2012-07-24 08:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 13:17 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-07-22 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-05-07 160840]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-9 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 02174426
*Deregistered* - 02174426
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 20:41]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-14 20:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
mLocal Page =
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o54cd2jf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E0007D18-BAA4-4573-AE78-8BEA0958C610} - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
AddRemove-myBabylon_English Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-25 18:16
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\bmnet.dll
.
Zeit der Fertigstellung: 2012-07-25 18:18:47
ComboFix-quarantined-files.txt 2012-07-25 16:18
.
Vor Suchlauf: 12 Verzeichnis(se), 48.020.635.648 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 50.918.256.640 Bytes frei
.
- - End Of File - - B3512348C0F8E9030CAE3C9ABE6E87B7
Basti |
|
26.07.2012, 11:07
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ständig neue Trojaner-Funde in C:User/user/AppData Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.08.2012, 11:49
| #27 |
| | ständig neue Trojaner-Funde in C:User/user/AppData Wow also sind ja echt viele Scans was man da so machen muss =P Hier jetzt erst mal die Log mit GMER : Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-01 12:47:49
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: x7wbr6g7.exe; Driver: C:\Users\user\AppData\Local\Temp\kgldapob.sys
---- System - GMER 1.0.15 ----
SSDT 911E9FC6 ZwCreateSection
SSDT 911E9FD0 ZwRequestWaitReplyPort
SSDT 911E9FCB ZwSetContextThread
SSDT 911E9FD5 ZwSetSecurityObject
SSDT 911E9FDA ZwSystemDebugControl
SSDT 911E9F67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 448 820D5A6C 4 Bytes [C6, 9F, 1E, 91]
.text ntkrnlpa.exe!KeSetTimerEx + 76C 820D5D90 4 Bytes [D0, 9F, 1E, 91]
.text ntkrnlpa.exe!KeSetTimerEx + 7A0 820D5DC4 4 Bytes [CB, 9F, 1E, 91] {RETF ; LAHF ; PUSH DS; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 804 820D5E28 4 Bytes [D5, 9F, 1E, 91] {AAD 0x9f; PUSH DS; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 84C 820D5E70 4 Bytes [DA, 9F, 1E, 91]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC02340, 0x3A08F7, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0x8CBEC000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0x8CBED000, 0x1000, 0x00000000]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject] [881C2FE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject] [881C2FE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [881C2FE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74558864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74599855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7455B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7454FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74557A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7454EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7458B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7455BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74550756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745506BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745471B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745DD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74577329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7454E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7454697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745469A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74552475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[2652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001dd9ff533e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001dd9ff533e@00249f4799e1 0x10 0x70 0xE1 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001dd9ff533e@f8d0bd80a447 0x46 0x3A 0x20 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001dd9ff533e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001dd9ff533e@00249f4799e1 0x10 0x70 0xE1 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001dd9ff533e@f8d0bd80a447 0x46 0x3A 0x20 0x2C ...
---- EOF - GMER 1.0.15 ----
Und hier die Log mit OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:58:57 on 01.08.2012 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.27 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\Users\user\AppData\Local\Temp\catchme.sys (File not found) "Dritek Keyboard Filter Driver" (DKbFltr) - ? - C:\Windows\System32\DRIVERS\DKbFltr.sys (File not found) "int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kgldapob" (kgldapob) - ? - C:\Users\user\AppData\Local\Temp\kgldapob.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} "PixiePack Codec Pack 0.10.6.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {71A068F3-2DC9-438D-8944-6B4FF540D2F5} "QContextMenu Class" - ? - C:\Program Files\Quintessential Media Player\QMPShell.dll (File not found) {71A466B0-65CC-4B41-9043-6090F2C830D3} "QIconHandler Class" - ? - C:\Program Files\Quintessential Media Player\QMPShell.dll (File not found) {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7M" - "ICQ, LLC." - C:\Program Files\ICQ7M\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - ? - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (File not found) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Acer VCM.lnk" - "Acer Inc." - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) "SETAUDIO.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE "SETRES.EXE" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4 "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BlackBerryAutoUpdate" - "Research In Motion Limited" - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent "PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe "PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "RoxWatchTray" - "Sonic Solutions" - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "Google Update Service (gupdate1ca04c38d267a9e)" (gupdate1ca04c38d267a9e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "LiveShare P2P Server 9" (RoxLiveShare9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Raw Socket Service" (RS_Service) - "Acer Inc." - C:\Program Files\Acer\Acer VCM\RS_Service.exe "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "Roxio UPnP Renderer 9" (Roxio UPnP Renderer 9) - "Sonic Solutions" - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe "Roxio Upnp Server 9" (Roxio Upnp Server 9) - "Sonic Solutions" - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll "BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll "BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru So und hier als Letztes jetzt noch die Log mit aswMBR.exe: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 13:03:08
-----------------------------
13:03:08.354 OS Version: Windows 6.0.6001 Service Pack 1
13:03:08.354 Number of processors: 2 586 0x1706
13:03:08.355 ComputerName: USER-PC UserName: user
13:03:09.422 Initialize success
13:05:30.203 AVAST engine defs: 12080100
13:06:17.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:06:17.281 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
13:06:17.571 Disk 0 MBR read successfully
13:06:17.573 Disk 0 MBR scan
13:06:17.576 Disk 0 unknown MBR code
13:06:17.635 Disk 0 Partition 1 00 12 Compaq diag NTFS 14998 MB offset 63
13:06:17.738 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 111812 MB offset 30717952
13:06:17.812 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108228 MB offset 259708928
13:06:17.890 Disk 0 Partition 4 00 12 Compaq diag NTFS 3435 MB offset 481359872
13:06:18.119 Disk 0 scanning sectors +488394752
13:06:18.561 Disk 0 scanning C:\Windows\system32\drivers
13:07:55.656 Service scanning
13:08:17.868 Modules scanning
13:10:10.319 Disk 0 trace - called modules:
13:10:10.356 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys HSX_CNXT.sys
13:10:10.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85721ac8]
13:10:10.365 3 CLASSPNP.SYS[8819d745] -> nt!IofCallDriver -> [0x84c298b0]
13:10:10.370 5 acpi.sys[8269c6a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84c2d028]
13:10:11.062 AVAST engine scan C:\Windows
13:11:11.376 AVAST engine scan C:\Windows\system32
13:16:42.222 AVAST engine scan C:\Windows\system32\drivers
13:16:53.320 AVAST engine scan C:\Users\user
13:26:28.031 AVAST engine scan C:\ProgramData
13:28:38.773 Scan finished successfully
13:36:32.118 Disk 0 MBR has been saved successfully to "C:\Users\user\Downloads\MBR.dat"
13:36:32.124 The log file has been saved successfully to "C:\Users\user\Downloads\aswMBR.txt"
13:37:17.941 Disk 0 MBR has been saved successfully to "C:\Users\user\Downloads\MBR.dat"
13:37:17.956 The log file has been saved successfully to "C:\Users\user\Downloads\aswMBR Log.txt"
Basti Geändert von koseba (01.08.2012 um 12:43 Uhr) |
|
02.08.2012, 11:44
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ständig neue Trojaner-Funde in C:User/user/AppData Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2012, 21:08
| #29 |
| | ständig neue Trojaner-Funde in C:User/user/AppData so jetz komm ich endlich mal dazu das zu machen....kann es sein, dass das Fixen echt nur paar Sekunden dauert? meinst du mit neuem Log mit aswMBR einen Scan durchführen? |
|
16.08.2012, 09:14
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ständig neue Trojaner-Funde in C:User/user/AppData Ja das dauert nicht lang und genau, nach dem MBR-Fix sollst du wieder ein neues Log mit aswMBR machen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu ständig neue Trojaner-Funde in C:User/user/AppData |
| .dll, antiviren-programm, appdata, audiodg.exe, avg, avira, desktop, dringend, e-banking, fehler, firefox, internet, löschen, modul, mozilla, neustart, nt.dll, pdf, prozesse, quelldatei, registry, rundll, scan, services.exe, svchost.exe, tr/crypt.xpack.ge, trojaner, verweise, vista, warnung, windows, winlogon.exe, wuauclt.exe |
Linear-Darstellung
