| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FIWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.06.2012, 15:57
| #1 |
 |  Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Hallo, seit heute Vormittag meldet Avira dauernd Trojaner mit den o.g. Namen. Zuerst habe ich Avira scannen lassen. Die Reportdatei poste ich hier: Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 26. Juni 2012 11:37 Es wird nach 3870447 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : CLAUDIA-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 10:45:41 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 10:45:41 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 10:45:41 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 10:45:41 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 12:11:15 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 09:32:12 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:56:42 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:00:34 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 10:47:52 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 10:47:52 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 10:47:52 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 10:47:52 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 10:47:52 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 10:47:52 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 10:47:52 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 10:47:52 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 10:47:53 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 15:33:32 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 21:44:39 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 21:43:32 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 02:56:02 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 18:13:37 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 18:26:24 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 01:26:06 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 07:22:16 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 08:23:14 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 15:30:36 VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 03:25:19 VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 04:42:50 VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 08:05:23 VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 08:05:06 VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 06:58:36 VBASE029.VDF : 7.11.33.196 2048 Bytes 22.06.2012 06:58:37 VBASE030.VDF : 7.11.33.197 2048 Bytes 22.06.2012 06:58:37 VBASE031.VDF : 7.11.34.8 119808 Bytes 26.06.2012 07:58:55 Engineversion : 8.2.10.96 AEVDF.DLL : 8.1.2.8 106867 Bytes 02.06.2012 02:59:39 AESCRIPT.DLL : 8.1.4.28 455035 Bytes 25.06.2012 06:58:50 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 10:19:48 AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 08:06:25 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.16.22 807288 Bytes 25.06.2012 06:58:50 AEOFFICE.DLL : 8.1.2.38 201083 Bytes 25.06.2012 06:58:48 AEHEUR.DLL : 8.1.4.52 4923767 Bytes 25.06.2012 06:58:48 AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 12:11:11 AEGEN.DLL : 8.1.5.30 422261 Bytes 15.06.2012 08:05:24 AEEXP.DLL : 8.1.0.54 82293 Bytes 25.06.2012 06:58:51 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.25.10 201080 Bytes 01.06.2012 01:26:08 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 10:45:41 AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 10:45:41 AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 10:45:41 AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 10:45:41 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 10:45:41 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 10:45:41 AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 10:45:41 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 10:45:41 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 10:45:41 RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 10:45:41 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Dienstag, 26. Juni 2012 11:37 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'plugin-container.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '90' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '79' Modul(e) wurden durchsucht Durchsuche Prozess 'thunderbird.exe' - '120' Modul(e) wurden durchsucht Durchsuche Prozess 'javaw.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'smartclient.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'distnoted.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'visicom_antiphishing.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'EgisUpdate.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'NokiaMServer.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'DivXUpdate.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'LManager.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'PmmUpdate.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexingService.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'WZQKPICK.EXE' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'ubd.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'NokiaOviSuite.exe' - '197' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexStoreSvr.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'mwlDaemon.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Program Files (x86)\SoulseekNS\uninstall.exe [WARNUNG] Unerwartetes Dateiende erreicht Die Registry wurde durchsucht ( '2307' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Acer> C:\Program Files\WinRAR\rarnew.dat [WARNUNG] Das Archiv ist unbekannt oder defekt C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Help\webhelp.jar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Program Files (x86)\SoulseekNS\uninstall.exe [WARNUNG] Unerwartetes Dateiende erreicht C:\Users\Claudia\AppData\Local\Temp\jar_cache2860455301333008143.tmp [0] Archivtyp: ZIP --> eye.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0842 C:\Users\Claudia\AppData\Local\Temp\jar_cache3110634234547150380.tmp [WARNUNG] Unerwartetes Dateiende erreicht C:\Users\Claudia\AppData\Local\Temp\jar_cache4268548811592191967.tmp [WARNUNG] Unerwartetes Dateiende erreicht C:\Users\Claudia\AppData\Local\Temp\jar_cache5499231656582555552.tmp [0] Archivtyp: ZIP --> sic.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 C:\Users\Claudia\AppData\Local\Temp\rqD3M2Vl.zip.part [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Claudia\Desktop\Test2.zip [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Claudia\Documents\Downloads\wz81gev.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Claudia\Music\1\m.ZIP [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Claudia\Music\1\mm.zip [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Claudia\Music\1\mmm.zip [WARNUNG] Die Datei ist kennwortgeschützt C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@ [FUND] Ist das Trojanische Pferd TR/Small.FI C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 Beginne mit der Desinfektion: C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '559468ca.qua' verschoben! C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d03476d.qua' verschoben! C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@ [FUND] Ist das Trojanische Pferd TR/Small.FI [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f5c1d85.qua' verschoben! C:\Users\Claudia\AppData\Local\Temp\jar_cache5499231656582555552.tmp [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '79295294.qua' verschoben! C:\Users\Claudia\AppData\Local\Temp\jar_cache2860455301333008143.tmp [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0842 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3cad7faa.qua' verschoben! Ende des Suchlaufs: Dienstag, 26. Juni 2012 16:24 Benötigte Zeit: 1:53:59 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 31589 Verzeichnisse wurden überprüft 762475 Dateien wurden geprüft 5 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 5 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 762470 Dateien ohne Befall 5868 Archive wurden durchsucht 16 Warnungen 5 Hinweise 852528 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Danach habe ich das von Euch empfohlene Malwarebytes Anti-Malware heruntergeladen und den Laptop damit gescannt. Hier die Kopie der txt-Datei: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Claudia :: CLAUDIA-PC [Administrator] 26.06.2012 12:33:51 mbam-log-2012-06-26 (16-23-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 412493 Laufzeit: 1 Stunde(n), 37 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent) -> Daten: C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) Danach ging es mit dem Defogger weiter: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:25 on 26/06/2012 (Claudia) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Als nächstes hier die Dateien des OTL-Programmes: Extras.txt: OTL Extras logfile created on: 26.06.2012 16:28:06 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Claudia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,75% Memory free 7,73 Gb Paging File | 5,57 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,99 Gb Total Space | 206,55 Gb Free Space | 72,47% Space Free | Partition Type: NTFS Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit) "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A0B8EEF-41D4-FABD-BBC8-84397D53D1F2}" = ccc-utility64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BAF4695F-7867-D8B2-528A-A1EF2EE0A9EF}" = ATI Catalyst Install Manager "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite "{0B057B23-641D-3826-37E6-32659B2CD274}" = CCC Help Danish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D4464C2-F0AF-AE2A-3CDF-137687198FAF}" = CCC Help Japanese "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform "{1510560C-E9E1-4F79-9CDA-56E061B78C4B}" = Amfibas 01_2012 VB "{1B0BB33F-F7DD-5E48-D07A-FF3645D20D8E}" = CCC Help Chinese Standard "{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding "{1CDD5987-A25E-FDA6-FF67-13667183B935}" = CCC Help Finnish "{1D3CC42C-1F48-2CE4-65D9-ECA043A0A105}" = Catalyst Control Center InstallProxy "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21ED5CFB-6724-7485-F56E-16AE158B8D53}" = CCC Help Hungarian "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28849F27-E11E-F067-C4B5-7F4CDB75D473}" = ccc-core-static "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{31501D72-B6BB-145E-29D6-C144D6819A26}" = CCC Help Chinese Traditional "{32B28D14-04E6-2B5A-6D6B-394F0B2FC1B1}" = CCC Help Spanish "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3BDBB1B1-0DBE-6192-D674-6F4B438D7BE1}" = CCC Help Italian "{3D9601FE-48EE-488F-990B-2F5DB2BB0346}" = CCC Help Swedish "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E5CCE8D-65F2-86FA-C53D-2ECA4E8C6404}" = CCC Help Dutch "{43B2F1C5-1AAE-C4D0-93F8-C03F97CF8710}" = CCC Help French "{442BE853-E839-2A5D-1249-B36AF96AB486}" = CCC Help Norwegian "{488EF105-7A2A-1D7A-FB23-6CA41D0DB54B}" = CCC Help Korean "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D328ECC-B82B-381E-6570-B55192EA54E5}" = Catalyst Control Center Localization All "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3079E7-974F-56A0-162A-1B649F6C85D8}" = CCC Help Turkish "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{98A26988-E99C-2EA6-684A-3FFE6F3A90F9}" = PX Profile Update "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8AF728F-2EE8-4322-96B3-656CAD1F7805}" = Facebook Messenger 2.1.4554.0 "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4EF8AA-7EF4-A62A-0F80-7A828296A647}" = CCC Help Thai "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B902AB32-FE75-77BB-F54A-3A8E26D2D2DD}" = CCC Help English "{BA140B33-9533-C8D5-BA7E-4EF1E59AA6EA}" = CCC Help Portuguese "{BA97C7F2-82B0-5B0F-68CE-1C0EE2CB0609}" = CCC Help Czech "{C19CA0D5-3131-1222-3176-D60A04F56586}" = CCC Help German "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D68BBEA3-D1AC-F898-A22C-FB1D1244C852}" = CCC Help Polish "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.16 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E9B566E7-1591-D86B-2212-F3454EBE0087}" = CCC Help Greek "{EB378F1E-9484-F16E-6378-975CDD915A35}" = CCC Help Russian "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F177758C-B671-B885-A7DF-6BA84B51679C}" = Catalyst Control Center Graphics Previews Vista "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "5513-1208-7298-9440" = JDownloader 0.9 "Acer Registration" = Acer Registration "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor "AnyDVD" = AnyDVD "Avira AntiVir Desktop" = Avira Free Antivirus "blekkotb" = Spam Free Search Bar "CloneDVD2" = CloneDVD2 "DivX Setup.divx.com" = DivX-Setup "DVAG Online System" = DVAG Online-System "ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular-Update "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "Identity Card" = Identity Card "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.7.0 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nokia Ovi Suite" = Nokia Ovi Suite "Soulseek2" = SoulSeek 157 NS 13e "VLC media player" = VLC media player 1.1.6 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinZip" = WinZip ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Play65" = Play65 "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.06.2012 13:07:40 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2012 Error - 13.06.2012 13:07:41 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.06.2012 13:07:41 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3011 Error - 13.06.2012 13:07:41 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3011 Error - 13.06.2012 13:07:42 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.06.2012 13:07:42 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4025 Error - 13.06.2012 13:07:42 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4025 Error - 13.06.2012 13:07:43 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.06.2012 13:07:43 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5023 Error - 13.06.2012 13:07:43 | Computer Name = Claudia-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5023 [ System Events ] Error - 25.04.2012 06:09:52 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?25.?04.?2012 um 10:22:43 unerwartet heruntergefahren. Error - 26.04.2012 05:03:26 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?04.?2012 um 10:30:21 unerwartet heruntergefahren. Error - 13.05.2012 07:50:27 | Computer Name = Claudia-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 13.05.2012 07:50:27 | Computer Name = Claudia-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 13.05.2012 11:22:32 | Computer Name = Claudia-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 13.05.2012 11:22:32 | Computer Name = Claudia-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 13.05.2012 11:22:33 | Computer Name = Claudia-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 13.05.2012 11:22:33 | Computer Name = Claudia-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden. Error - 14.05.2012 11:33:29 | Computer Name = Claudia-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden. Error - 25.06.2012 02:53:17 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?21.?06.?2012 um 15:05:01 unerwartet heruntergefahren. < End of report > OTL.Txt: OTL logfile created on: 26.06.2012 16:28:06 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Claudia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,75% Memory free 7,73 Gb Paging File | 5,57 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,99 Gb Total Space | 206,55 Gb Free Space | 72,47% Space Free | Partition Type: NTFS Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.26 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe PRC - [2012.06.20 11:54:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.08 12:45:41 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 12:45:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 12:45:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.22 00:13:46 | 000,206,504 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe PRC - [2011.09.01 15:39:54 | 000,966,712 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2011.06.14 18:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.06.08 14:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2008.06.24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.20 11:54:09 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.09 23:50:53 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll MOD - [2012.06.08 07:54:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.06.08 07:53:44 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.06.08 07:53:39 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.06.08 07:53:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.06.08 07:53:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.06.08 07:53:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.06.08 07:53:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.06.08 07:53:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.12.22 21:50:33 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.09.01 15:38:32 | 000,931,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll MOD - [2011.09.01 15:37:50 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll MOD - [2011.09.01 15:37:50 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll MOD - [2011.09.01 15:37:50 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll MOD - [2011.09.01 15:37:50 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll MOD - [2011.09.01 15:37:50 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll MOD - [2011.09.01 15:37:48 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll MOD - [2011.09.01 15:37:48 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll MOD - [2011.09.01 15:37:48 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll MOD - [2011.09.01 15:37:48 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll MOD - [2011.09.01 15:37:48 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll MOD - [2011.09.01 15:37:48 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll MOD - [2011.09.01 15:37:48 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll MOD - [2011.09.01 15:37:48 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll MOD - [2011.09.01 15:37:48 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll MOD - [2011.09.01 15:08:58 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll MOD - [2011.09.01 15:08:56 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll MOD - [2011.09.01 15:08:18 | 000,378,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll MOD - [2011.09.01 15:08:18 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll MOD - [2011.09.01 15:08:16 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll MOD - [2011.09.01 15:08:14 | 000,392,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll MOD - [2011.09.01 15:08:14 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll MOD - [2011.09.01 15:08:14 | 000,058,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll MOD - [2011.09.01 15:07:04 | 000,727,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll MOD - [2005.07.20 12:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.08.25 16:41:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\SysNative\svchost.exe -- (SharedAccess) SRV - [2012.06.20 11:54:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 12:45:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 12:45:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.08 14:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.11.12 15:09:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 12:45:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 12:45:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.18 11:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 11:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 11:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 11:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.25 18:50:48 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.25 16:05:44 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.04.10 15:19:25 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.04.10 15:19:25 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2007.02.16 02:56:51 | 000,014,032 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys -- (ElbyDelay) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Claudia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Claudia\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.14 00:57:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.14 00:57:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 11:54:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.25 12:09:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.17 23:00:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.11 20:09:08 | 000,000,000 | ---D | M] [2011.01.29 16:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions [2011.01.29 16:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.16 20:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions [2012.01.29 11:34:39 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73} [2012.04.25 16:01:58 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions\2020Player_IKEA@2020Technologies.com [2012.05.16 20:31:32 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\gvgv42ae.default\extensions\ffxtlbra@softonic.com [2012.04.25 12:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.06 08:26:47 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GVGV42AE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.20 11:54:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.15 15:01:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.06.20 11:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 11:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.16 23:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml [2012.06.20 11:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.28 20:51:37 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.06.20 11:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 11:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 11:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: No name found = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: No name found = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media) O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE (McAfee, Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Claudia\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D926C3A-C841-4219-A372-B6379821BB4D}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D33B43C5-BADE-4DB1-B87D-597AECC8BA5F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d627caf1-48c5-11e0-9645-1c750832504b}\Shell - "" = AutoRun O33 - MountPoints2\{d627caf1-48c5-11e0-9645-1c750832504b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 16:25:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe [2012.06.26 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes [2012.06.26 12:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.26 12:16:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.26 12:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.26 12:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.26 12:15:01 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Claudia\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.26 11:36:45 | 000,127,488 | -H-- | C] (McAfee, Inc.) -- C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE [2012.06.26 06:20:10 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.06.26 06:19:37 | 000,493,512 | ---- | C] (Facebook Inc.) -- C:\Users\Claudia\Desktop\FacebookMessengerSetup.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2012.06.26 16:25:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe [2012.06.26 16:25:30 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable [2012.06.26 16:23:38 | 000,050,477 | ---- | M] () -- C:\Users\Claudia\Desktop\Defogger.exe [2012.06.26 16:22:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.26 13:22:07 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.26 12:24:07 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job [2012.06.26 12:16:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.26 12:15:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Claudia\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.26 11:36:38 | 000,127,488 | -H-- | M] (McAfee, Inc.) -- C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE [2012.06.26 11:35:27 | 000,215,502 | ---- | M] () -- C:\Users\Claudia\Desktop\Schorr Kfz.pdf [2012.06.26 06:24:07 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job [2012.06.26 06:20:10 | 000,001,340 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.06.25 14:22:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.25 09:02:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 09:02:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 08:57:46 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.25 08:57:46 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.25 08:57:46 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.25 08:57:46 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.25 08:57:46 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.25 08:53:14 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 12:18:24 | 000,218,938 | ---- | M] () -- C:\Users\Claudia\Desktop\Podzun Dieter SÜW-V 4780.pdf [2012.06.21 10:17:27 | 000,217,835 | ---- | M] () -- C:\Users\Claudia\Desktop\Schwarz Dominik.pdf [2012.06.08 07:48:02 | 000,413,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Claudia\Desktop\*.tmp files -> C:\Users\Claudia\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2012.06.26 16:32:57 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@ [2012.06.26 16:32:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@ [2012.06.26 16:28:26 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@ [2012.06.26 16:25:30 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable [2012.06.26 16:23:38 | 000,050,477 | ---- | C] () -- C:\Users\Claudia\Desktop\Defogger.exe [2012.06.26 12:16:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.26 11:35:27 | 000,215,502 | ---- | C] () -- C:\Users\Claudia\Desktop\Schorr Kfz.pdf [2012.06.26 06:20:10 | 000,001,340 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.06.21 12:18:24 | 000,218,938 | ---- | C] () -- C:\Users\Claudia\Desktop\Podzun Dieter SÜW-V 4780.pdf [2012.06.21 10:17:27 | 000,217,835 | ---- | C] () -- C:\Users\Claudia\Desktop\Schwarz Dominik.pdf [2012.06.20 14:17:17 | 000,162,602 | ---- | C] () -- C:\Users\Claudia\Desktop\Schiller Bernhard Gebäude Feuer Angebot.pdf [2012.06.20 11:30:42 | 000,065,121 | ---- | C] () -- C:\Users\Claudia\Desktop\Diehl Dieter EVB-Nummer Motorrad Saisonkennzeichen.pdf [2012.06.20 11:09:49 | 000,065,097 | ---- | C] () -- C:\Users\Claudia\Desktop\Diehl Dieter EVB-Nummer Motorrad.pdf [2012.06.20 11:09:11 | 000,065,206 | ---- | C] () -- C:\Users\Claudia\Desktop\Diehl Dieter EVB-Nummer Pkw.pdf [2012.06.19 13:14:06 | 000,065,215 | ---- | C] () -- C:\Users\Claudia\Desktop\EVB-Nummer Schwarz Dominik.pdf [2012.06.15 10:44:51 | 000,905,075 | ---- | C] () -- C:\Users\Claudia\Desktop\IMG_6624.JPG [2012.06.09 18:06:44 | 001,532,627 | ---- | C] () -- C:\Users\Claudia\Desktop\angebot_120530_111302_17663.pdf [2012.05.03 21:02:36 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\asdrawim.ini [2012.01.11 02:22:59 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@ [2012.01.11 02:22:59 | 000,002,048 | -HS- | C] () -- C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@ [2011.11.05 14:48:05 | 000,139,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.11.02 01:45:43 | 000,015,360 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.02 01:13:09 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.01 20:44:02 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.01.31 19:49:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.01.31 13:02:00 | 000,001,024 | ---- | C] () -- C:\Users\Claudia\.rnd [2011.01.29 16:36:53 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.01.29 16:36:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.01.29 16:36:50 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.01.29 16:36:50 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.01.29 16:36:50 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.01.29 16:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.11.12 15:12:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.12 14:57:35 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.09.08 10:03:09 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== LOP Check ========== [2012.05.03 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ASCON Installer [2012.05.03 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ASCON Programme [2012.01.31 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\elsterformular [2011.01.31 08:34:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\eSobi [2011.02.03 11:48:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\GetRightToGo [2012.06.05 14:32:27 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ICQ [2011.11.02 01:34:45 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Nokia [2011.11.02 01:34:46 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Nokia Ovi Suite [2011.11.02 01:34:24 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\PC Suite [2011.01.31 13:13:13 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TeamViewer [2011.01.29 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird [2012.06.26 06:24:07 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job [2012.06.26 12:24:07 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job [2009.07.14 07:08:49 | 000,028,834 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Mein Laptop hat ein 64-bit-System, daher habe ich GMER nicht darüberlaufen lassen. So, jetzt hoffe ich, dass ich alles richtig gemacht habe und wäre wahnsinnig dankbar, wenn mir jemand weiterhelfen könnt! Liebe Grüße noreia1978 |
|
27.06.2012, 11:15
| #2 |
| /// Malwareteam    | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ |
|
27.06.2012, 16:32
| #3 |
| | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Hi Marius,
__________________vielen Dank schon mal, dass du dich meinem Problem annimmst! Hier die Logfile vom TDSSKiller: Code:
ATTFilter 16:17:38.0222 4748 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
16:17:38.0522 4748 ============================================================
16:17:38.0522 4748 Current date / time: 2012/06/27 16:17:38.0522
16:17:38.0522 4748 SystemInfo:
16:17:38.0522 4748
16:17:38.0522 4748 OS Version: 6.1.7601 ServicePack: 1.0
16:17:38.0522 4748 Product type: Workstation
16:17:38.0522 4748 ComputerName: CLAUDIA-PC
16:17:38.0522 4748 UserName: Claudia
16:17:38.0522 4748 Windows directory: C:\Windows
16:17:38.0522 4748 System windows directory: C:\Windows
16:17:38.0522 4748 Running under WOW64
16:17:38.0522 4748 Processor architecture: Intel x64
16:17:38.0522 4748 Number of processors: 4
16:17:38.0522 4748 Page size: 0x1000
16:17:38.0522 4748 Boot type: Normal boot
16:17:38.0522 4748 ============================================================
16:17:39.0021 4748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:17:39.0026 4748 ============================================================
16:17:39.0026 4748 \Device\Harddisk0\DR0:
16:17:39.0026 4748 MBR partitions:
16:17:39.0026 4748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:17:39.0026 4748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
16:17:39.0026 4748 ============================================================
16:17:39.0057 4748 C: <-> \Device\Harddisk0\DR0\Partition1
16:17:39.0057 4748 ============================================================
16:17:39.0057 4748 Initialize success
16:17:39.0057 4748 ============================================================
16:18:00.0747 5892 ============================================================
16:18:00.0747 5892 Scan started
16:18:00.0747 5892 Mode: Manual; TDLFS;
16:18:00.0747 5892 ============================================================
16:18:01.0269 5892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:18:01.0308 5892 1394ohci - ok
16:18:01.0383 5892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:18:01.0422 5892 ACPI - ok
16:18:01.0469 5892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:18:01.0474 5892 AcpiPmi - ok
16:18:01.0632 5892 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:18:01.0634 5892 AdobeARMservice - ok
16:18:01.0722 5892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:18:01.0768 5892 adp94xx - ok
16:18:01.0805 5892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:18:01.0819 5892 adpahci - ok
16:18:01.0837 5892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:18:01.0847 5892 adpu320 - ok
16:18:01.0890 5892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:18:01.0891 5892 AeLookupSvc - ok
16:18:01.0973 5892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:18:01.0980 5892 AFD - ok
16:18:02.0002 5892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:18:02.0010 5892 agp440 - ok
16:18:02.0023 5892 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:18:02.0032 5892 ALG - ok
16:18:02.0069 5892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:18:02.0074 5892 aliide - ok
16:18:02.0128 5892 AMD External Events Utility (ff779f9de1cdf477033858b7681ceda8) C:\Windows\system32\atiesrxx.exe
16:18:02.0135 5892 AMD External Events Utility - ok
16:18:02.0154 5892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:18:02.0161 5892 amdide - ok
16:18:02.0169 5892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:18:02.0179 5892 AmdK8 - ok
16:18:02.0662 5892 amdkmdag (ef2b99dcee397b45f50594696d7b5339) C:\Windows\system32\DRIVERS\atikmdag.sys
16:18:02.0878 5892 amdkmdag - ok
16:18:03.0095 5892 amdkmdap (239dce60bee6e1576c803948ab4d54c5) C:\Windows\system32\DRIVERS\atikmpag.sys
16:18:03.0111 5892 amdkmdap - ok
16:18:03.0129 5892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:18:03.0131 5892 AmdPPM - ok
16:18:03.0195 5892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:18:03.0204 5892 amdsata - ok
16:18:03.0253 5892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:18:03.0267 5892 amdsbs - ok
16:18:03.0286 5892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:18:03.0292 5892 amdxata - ok
16:18:03.0432 5892 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:18:03.0433 5892 AntiVirSchedulerService - ok
16:18:03.0480 5892 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:18:03.0482 5892 AntiVirService - ok
16:18:03.0534 5892 AnyDVD (70ca1a9be42bdc702188333dd69ba4f7) C:\Windows\system32\Drivers\AnyDVD.sys
16:18:03.0547 5892 AnyDVD - ok
16:18:03.0605 5892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:18:03.0612 5892 AppID - ok
16:18:03.0648 5892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:18:03.0655 5892 AppIDSvc - ok
16:18:03.0716 5892 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:18:03.0724 5892 Appinfo - ok
16:18:03.0870 5892 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:18:03.0871 5892 Apple Mobile Device - ok
16:18:03.0882 5892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:18:03.0890 5892 arc - ok
16:18:03.0912 5892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:18:04.0010 5892 arcsas - ok
16:18:04.0035 5892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:18:04.0041 5892 AsyncMac - ok
16:18:04.0087 5892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:18:04.0093 5892 atapi - ok
16:18:04.0228 5892 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:18:04.0244 5892 AudioEndpointBuilder - ok
16:18:04.0253 5892 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:18:04.0259 5892 AudioSrv - ok
16:18:04.0308 5892 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:18:04.0309 5892 avgntflt - ok
16:18:04.0358 5892 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:18:04.0361 5892 avipbb - ok
16:18:04.0382 5892 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:18:04.0383 5892 avkmgr - ok
16:18:04.0448 5892 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:18:04.0458 5892 AxInstSV - ok
16:18:04.0544 5892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:18:04.0582 5892 b06bdrv - ok
16:18:04.0618 5892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:18:04.0631 5892 b57nd60a - ok
16:18:04.0971 5892 BCM43XX (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:18:05.0067 5892 BCM43XX - ok
16:18:05.0201 5892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:18:05.0211 5892 BDESVC - ok
16:18:05.0257 5892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:18:05.0261 5892 Beep - ok
16:18:05.0377 5892 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:18:05.0397 5892 BFE - ok
16:18:05.0513 5892 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:18:05.0535 5892 BITS - ok
16:18:05.0584 5892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:18:05.0591 5892 blbdrive - ok
16:18:05.0698 5892 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:18:05.0710 5892 Bonjour Service - ok
16:18:05.0760 5892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:18:05.0795 5892 bowser - ok
16:18:05.0813 5892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:18:05.0818 5892 BrFiltLo - ok
16:18:05.0836 5892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:18:05.0840 5892 BrFiltUp - ok
16:18:05.0889 5892 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:18:05.0901 5892 Browser - ok
16:18:05.0944 5892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:18:05.0966 5892 Brserid - ok
16:18:05.0989 5892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:18:05.0995 5892 BrSerWdm - ok
16:18:06.0016 5892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:18:06.0020 5892 BrUsbMdm - ok
16:18:06.0042 5892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:18:06.0047 5892 BrUsbSer - ok
16:18:06.0057 5892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:18:06.0065 5892 BTHMODEM - ok
16:18:06.0115 5892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:18:06.0124 5892 bthserv - ok
16:18:06.0135 5892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:18:06.0144 5892 cdfs - ok
16:18:06.0201 5892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:18:06.0220 5892 cdrom - ok
16:18:06.0270 5892 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:18:06.0280 5892 CertPropSvc - ok
16:18:06.0302 5892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:18:06.0311 5892 circlass - ok
16:18:06.0365 5892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:18:06.0371 5892 CLFS - ok
16:18:06.0443 5892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:18:06.0445 5892 clr_optimization_v2.0.50727_32 - ok
16:18:06.0495 5892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:18:06.0498 5892 clr_optimization_v2.0.50727_64 - ok
16:18:06.0587 5892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:18:06.0610 5892 clr_optimization_v4.0.30319_32 - ok
16:18:06.0668 5892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:18:06.0680 5892 clr_optimization_v4.0.30319_64 - ok
16:18:06.0698 5892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:18:06.0703 5892 CmBatt - ok
16:18:06.0744 5892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:18:06.0750 5892 cmdide - ok
16:18:06.0822 5892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:18:06.0835 5892 CNG - ok
16:18:06.0863 5892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:18:06.0869 5892 Compbatt - ok
16:18:06.0901 5892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:18:06.0914 5892 CompositeBus - ok
16:18:06.0919 5892 COMSysApp - ok
16:18:06.0943 5892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:18:06.0950 5892 crcdisk - ok
16:18:07.0028 5892 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:18:07.0038 5892 CryptSvc - ok
16:18:07.0106 5892 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:18:07.0116 5892 DcomLaunch - ok
16:18:07.0173 5892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:18:07.0185 5892 defragsvc - ok
16:18:07.0251 5892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:18:07.0260 5892 DfsC - ok
16:18:07.0328 5892 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:18:07.0339 5892 Dhcp - ok
16:18:07.0367 5892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:18:07.0368 5892 discache - ok
16:18:07.0394 5892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:18:07.0403 5892 Disk - ok
16:18:07.0470 5892 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:18:07.0479 5892 Dnscache - ok
16:18:07.0534 5892 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:18:07.0546 5892 dot3svc - ok
16:18:07.0589 5892 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:18:07.0599 5892 DPS - ok
16:18:07.0634 5892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:18:07.0638 5892 drmkaud - ok
16:18:07.0751 5892 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
16:18:07.0755 5892 DsiWMIService - ok
16:18:07.0863 5892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:18:07.0889 5892 DXGKrnl - ok
16:18:07.0941 5892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:18:07.0944 5892 EapHost - ok
16:18:08.0194 5892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:18:08.0324 5892 ebdrv - ok
16:18:08.0452 5892 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:18:08.0454 5892 EFS - ok
16:18:08.0547 5892 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:18:08.0566 5892 ehRecvr - ok
16:18:08.0605 5892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:18:08.0608 5892 ehSched - ok
16:18:08.0755 5892 ElbyCDIO (3836e2db9034543f63943cdbb52a691a) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:18:08.0762 5892 ElbyCDIO - ok
16:18:08.0814 5892 ElbyDelay (8015d36e5ab9b231507b2bcf0ceb0c73) C:\Windows\system32\Drivers\ElbyDelay.sys
16:18:08.0819 5892 ElbyDelay - ok
16:18:08.0894 5892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:18:08.0913 5892 elxstor - ok
16:18:09.0088 5892 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
16:18:09.0106 5892 ePowerSvc - ok
16:18:09.0303 5892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:18:09.0309 5892 ErrDev - ok
16:18:09.0371 5892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:18:09.0387 5892 EventSystem - ok
16:18:09.0416 5892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:18:09.0426 5892 exfat - ok
16:18:09.0459 5892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:18:09.0473 5892 fastfat - ok
16:18:09.0579 5892 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:18:09.0601 5892 Fax - ok
16:18:09.0608 5892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:18:09.0614 5892 fdc - ok
16:18:09.0631 5892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:18:09.0633 5892 fdPHost - ok
16:18:09.0644 5892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:18:09.0646 5892 FDResPub - ok
16:18:09.0670 5892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:18:09.0678 5892 FileInfo - ok
16:18:09.0690 5892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:18:09.0696 5892 Filetrace - ok
16:18:09.0843 5892 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:18:09.0865 5892 FLEXnet Licensing Service - ok
16:18:09.0871 5892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:18:09.0877 5892 flpydisk - ok
16:18:09.0930 5892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:18:09.0943 5892 FltMgr - ok
16:18:10.0053 5892 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:18:10.0071 5892 FontCache - ok
16:18:10.0145 5892 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:18:10.0147 5892 FontCache3.0.0.0 - ok
16:18:10.0174 5892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:18:10.0182 5892 FsDepends - ok
16:18:10.0226 5892 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:18:10.0233 5892 Fs_Rec - ok
16:18:10.0280 5892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:18:10.0285 5892 fvevol - ok
16:18:10.0310 5892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:18:10.0319 5892 gagp30kx - ok
16:18:10.0365 5892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:18:10.0371 5892 GEARAspiWDM - ok
16:18:10.0469 5892 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:18:10.0483 5892 gpsvc - ok
16:18:10.0509 5892 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
16:18:10.0510 5892 GREGService - ok
16:18:10.0590 5892 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:18:10.0592 5892 gupdate - ok
16:18:10.0618 5892 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:18:10.0621 5892 gupdatem - ok
16:18:10.0627 5892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:18:10.0635 5892 hcw85cir - ok
16:18:10.0704 5892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:18:10.0724 5892 HdAudAddService - ok
16:18:10.0763 5892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:18:10.0766 5892 HDAudBus - ok
16:18:10.0811 5892 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:18:10.0819 5892 HECIx64 - ok
16:18:10.0849 5892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:18:10.0854 5892 HidBatt - ok
16:18:10.0878 5892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:18:10.0885 5892 HidBth - ok
16:18:10.0893 5892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:18:10.0899 5892 HidIr - ok
16:18:10.0920 5892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:18:10.0927 5892 hidserv - ok
16:18:10.0974 5892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:18:10.0981 5892 HidUsb - ok
16:18:11.0026 5892 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:18:11.0035 5892 hkmsvc - ok
16:18:11.0090 5892 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:18:11.0107 5892 HomeGroupListener - ok
16:18:11.0157 5892 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:18:11.0162 5892 HomeGroupProvider - ok
16:18:11.0194 5892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:18:11.0202 5892 HpSAMD - ok
16:18:11.0304 5892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:18:11.0315 5892 HTTP - ok
16:18:11.0358 5892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:18:11.0359 5892 hwpolicy - ok
16:18:11.0419 5892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:18:11.0430 5892 i8042prt - ok
16:18:11.0485 5892 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
16:18:11.0490 5892 iaStor - ok
16:18:11.0591 5892 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:18:11.0592 5892 IAStorDataMgrSvc - ok
16:18:11.0638 5892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:18:11.0665 5892 iaStorV - ok
16:18:11.0780 5892 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:18:11.0801 5892 idsvc - ok
16:18:11.0831 5892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:18:11.0837 5892 iirsp - ok
16:18:11.0923 5892 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:18:11.0943 5892 IKEEXT - ok
16:18:12.0009 5892 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
16:18:12.0025 5892 Impcd - ok
16:18:12.0283 5892 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
16:18:12.0360 5892 IntcAzAudAddService - ok
16:18:12.0587 5892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:18:12.0593 5892 intelide - ok
16:18:12.0614 5892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:18:12.0616 5892 intelppm - ok
16:18:12.0647 5892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:18:12.0657 5892 IPBusEnum - ok
16:18:12.0710 5892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:18:12.0718 5892 IpFilterDriver - ok
16:18:12.0761 5892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:18:12.0770 5892 IPMIDRV - ok
16:18:12.0792 5892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:18:12.0801 5892 IPNAT - ok
16:18:12.0977 5892 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:18:12.0993 5892 iPod Service - ok
16:18:13.0032 5892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:18:13.0037 5892 IRENUM - ok
16:18:13.0055 5892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:18:13.0056 5892 isapnp - ok
16:18:13.0112 5892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:18:13.0136 5892 iScsiPrt - ok
16:18:13.0216 5892 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:18:13.0233 5892 k57nd60a - ok
16:18:13.0261 5892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:18:13.0269 5892 kbdclass - ok
16:18:13.0303 5892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:18:13.0309 5892 kbdhid - ok
16:18:13.0352 5892 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:13.0354 5892 KeyIso - ok
16:18:13.0378 5892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:18:13.0380 5892 KSecDD - ok
16:18:13.0406 5892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:18:13.0425 5892 KSecPkg - ok
16:18:13.0431 5892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:18:13.0437 5892 ksthunk - ok
16:18:13.0493 5892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:18:13.0513 5892 KtmRm - ok
16:18:13.0585 5892 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:18:13.0600 5892 LanmanServer - ok
16:18:13.0648 5892 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:18:13.0653 5892 LanmanWorkstation - ok
16:18:13.0707 5892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:18:13.0715 5892 lltdio - ok
16:18:13.0769 5892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:18:13.0788 5892 lltdsvc - ok
16:18:13.0812 5892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:18:13.0814 5892 lmhosts - ok
16:18:13.0947 5892 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:18:13.0962 5892 LMS - ok
16:18:14.0005 5892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:18:14.0014 5892 LSI_FC - ok
16:18:14.0033 5892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:18:14.0042 5892 LSI_SAS - ok
16:18:14.0051 5892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:18:14.0060 5892 LSI_SAS2 - ok
16:18:14.0083 5892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:18:14.0092 5892 LSI_SCSI - ok
16:18:14.0121 5892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:18:14.0130 5892 luafv - ok
16:18:14.0171 5892 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:18:14.0180 5892 Mcx2Svc - ok
16:18:14.0195 5892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:18:14.0201 5892 megasas - ok
16:18:14.0243 5892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:18:14.0284 5892 MegaSR - ok
16:18:14.0372 5892 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:18:14.0374 5892 Microsoft Office Groove Audit Service - ok
16:18:14.0402 5892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:18:14.0405 5892 MMCSS - ok
16:18:14.0422 5892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:18:14.0428 5892 Modem - ok
16:18:14.0457 5892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:18:14.0458 5892 monitor - ok
16:18:14.0508 5892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:18:14.0516 5892 mouclass - ok
16:18:14.0546 5892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:18:14.0552 5892 mouhid - ok
16:18:14.0592 5892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:18:14.0594 5892 mountmgr - ok
16:18:14.0704 5892 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:18:14.0706 5892 MozillaMaintenance - ok
16:18:14.0748 5892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:18:14.0766 5892 mpio - ok
16:18:14.0788 5892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:18:14.0795 5892 mpsdrv - ok
16:18:14.0824 5892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:18:14.0835 5892 MRxDAV - ok
16:18:14.0888 5892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:18:14.0898 5892 mrxsmb - ok
16:18:14.0936 5892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:18:14.0959 5892 mrxsmb10 - ok
16:18:14.0984 5892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:18:15.0001 5892 mrxsmb20 - ok
16:18:15.0028 5892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:18:15.0035 5892 msahci - ok
16:18:15.0055 5892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:18:15.0074 5892 msdsm - ok
16:18:15.0107 5892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:18:15.0128 5892 MSDTC - ok
16:18:15.0155 5892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:18:15.0161 5892 Msfs - ok
16:18:15.0183 5892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:18:15.0188 5892 mshidkmdf - ok
16:18:15.0200 5892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:18:15.0207 5892 msisadrv - ok
16:18:15.0244 5892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:18:15.0261 5892 MSiSCSI - ok
16:18:15.0265 5892 msiserver - ok
16:18:15.0299 5892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:18:15.0303 5892 MSKSSRV - ok
16:18:15.0325 5892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:18:15.0329 5892 MSPCLOCK - ok
16:18:15.0341 5892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:18:15.0345 5892 MSPQM - ok
16:18:15.0411 5892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:18:15.0429 5892 MsRPC - ok
16:18:15.0473 5892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:18:15.0474 5892 mssmbios - ok
16:18:15.0491 5892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:18:15.0495 5892 MSTEE - ok
16:18:15.0511 5892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:18:15.0513 5892 MTConfig - ok
16:18:15.0535 5892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:18:15.0537 5892 Mup - ok
16:18:15.0579 5892 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:18:15.0585 5892 mwlPSDFilter - ok
16:18:15.0592 5892 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:18:15.0598 5892 mwlPSDNServ - ok
16:18:15.0615 5892 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:18:15.0623 5892 mwlPSDVDisk - ok
16:18:15.0731 5892 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
16:18:15.0743 5892 MWLService - ok
16:18:15.0808 5892 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:18:15.0819 5892 napagent - ok
16:18:15.0869 5892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:18:15.0889 5892 NativeWifiP - ok
16:18:15.0982 5892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:18:15.0996 5892 NDIS - ok
16:18:16.0003 5892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:18:16.0010 5892 NdisCap - ok
16:18:16.0045 5892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:18:16.0050 5892 NdisTapi - ok
16:18:16.0089 5892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:18:16.0096 5892 Ndisuio - ok
16:18:16.0139 5892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:18:16.0157 5892 NdisWan - ok
16:18:16.0205 5892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:18:16.0213 5892 NDProxy - ok
16:18:16.0260 5892 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
16:18:16.0267 5892 Netaapl - ok
16:18:16.0286 5892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:18:16.0293 5892 NetBIOS - ok
16:18:16.0351 5892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:18:16.0355 5892 NetBT - ok
16:18:16.0385 5892 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:16.0387 5892 Netlogon - ok
16:18:16.0427 5892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:18:16.0434 5892 Netman - ok
16:18:16.0472 5892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:18:16.0479 5892 netprofm - ok
16:18:16.0574 5892 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:18:16.0577 5892 NetTcpPortSharing - ok
16:18:16.0611 5892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:18:16.0619 5892 nfrd960 - ok
16:18:16.0668 5892 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:18:16.0681 5892 NlaSvc - ok
16:18:16.0847 5892 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
16:18:16.0865 5892 NMIndexingService - ok
16:18:16.0915 5892 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
16:18:16.0922 5892 nmwcd - ok
16:18:16.0957 5892 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
16:18:16.0964 5892 nmwcdc - ok
16:18:16.0989 5892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:18:16.0996 5892 Npfs - ok
16:18:17.0014 5892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:18:17.0017 5892 nsi - ok
16:18:17.0041 5892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:18:17.0041 5892 nsiproxy - ok
16:18:17.0219 5892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:18:17.0306 5892 Ntfs - ok
16:18:17.0548 5892 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
16:18:17.0553 5892 NTIDrvr - ok
16:18:17.0568 5892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:18:17.0572 5892 Null - ok
16:18:17.0616 5892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:18:17.0632 5892 nvraid - ok
16:18:17.0671 5892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:18:17.0681 5892 nvstor - ok
16:18:17.0723 5892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:18:17.0734 5892 nv_agp - ok
16:18:17.0918 5892 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:18:17.0933 5892 odserv - ok
16:18:17.0972 5892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:18:17.0980 5892 ohci1394 - ok
16:18:18.0062 5892 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:18:18.0073 5892 ose - ok
16:18:18.0136 5892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:18:18.0148 5892 p2pimsvc - ok
16:18:18.0205 5892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:18:18.0226 5892 p2psvc - ok
16:18:18.0255 5892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:18:18.0263 5892 Parport - ok
16:18:18.0310 5892 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:18:18.0312 5892 partmgr - ok
16:18:18.0328 5892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:18:18.0333 5892 PcaSvc - ok
16:18:18.0392 5892 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:18:18.0398 5892 pccsmcfd - ok
16:18:18.0427 5892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:18:18.0430 5892 pci - ok
16:18:18.0448 5892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:18:18.0454 5892 pciide - ok
16:18:18.0491 5892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:18:18.0508 5892 pcmcia - ok
16:18:18.0527 5892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:18:18.0535 5892 pcw - ok
16:18:18.0601 5892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:18:18.0632 5892 PEAUTH - ok
16:18:18.0744 5892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:18:18.0746 5892 PerfHost - ok
16:18:18.0912 5892 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:18:18.0990 5892 pla - ok
16:18:19.0071 5892 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:18:19.0088 5892 PlugPlay - ok
16:18:19.0102 5892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:18:19.0110 5892 PNRPAutoReg - ok
16:18:19.0147 5892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:18:19.0152 5892 PNRPsvc - ok
16:18:19.0202 5892 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:18:19.0213 5892 PolicyAgent - ok
16:18:19.0252 5892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:18:19.0263 5892 Power - ok
16:18:19.0333 5892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:18:19.0343 5892 PptpMiniport - ok
16:18:19.0360 5892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:18:19.0369 5892 Processor - ok
16:18:19.0401 5892 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:18:19.0418 5892 ProfSvc - ok
16:18:19.0452 5892 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:19.0454 5892 ProtectedStorage - ok
16:18:19.0509 5892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:18:19.0511 5892 Psched - ok
16:18:19.0640 5892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:18:19.0712 5892 ql2300 - ok
16:18:19.0819 5892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:18:19.0830 5892 ql40xx - ok
16:18:19.0867 5892 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:18:19.0882 5892 QWAVE - ok
16:18:19.0897 5892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:18:19.0905 5892 QWAVEdrv - ok
16:18:19.0923 5892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:18:19.0928 5892 RasAcd - ok
16:18:19.0963 5892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:18:19.0970 5892 RasAgileVpn - ok
16:18:19.0983 5892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:18:19.0993 5892 RasAuto - ok
16:18:20.0043 5892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:18:20.0061 5892 Rasl2tp - ok
16:18:20.0099 5892 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:18:20.0119 5892 RasMan - ok
16:18:20.0151 5892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:18:20.0161 5892 RasPppoe - ok
16:18:20.0188 5892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:18:20.0198 5892 RasSstp - ok
16:18:20.0241 5892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:18:20.0253 5892 rdbss - ok
16:18:20.0269 5892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:18:20.0275 5892 rdpbus - ok
16:18:20.0280 5892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:18:20.0281 5892 RDPCDD - ok
16:18:20.0318 5892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:18:20.0319 5892 RDPENCDD - ok
16:18:20.0346 5892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:18:20.0347 5892 RDPREFMP - ok
16:18:20.0398 5892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:18:20.0411 5892 RDPWD - ok
16:18:20.0458 5892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:18:20.0474 5892 rdyboost - ok
16:18:20.0506 5892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:18:20.0515 5892 RemoteAccess - ok
16:18:20.0542 5892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:18:20.0560 5892 RemoteRegistry - ok
16:18:20.0569 5892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:18:20.0572 5892 RpcEptMapper - ok
16:18:20.0607 5892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:18:20.0612 5892 RpcLocator - ok
16:18:20.0684 5892 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:18:20.0691 5892 RpcSs - ok
16:18:20.0716 5892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:18:20.0724 5892 rspndr - ok
16:18:20.0779 5892 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
16:18:20.0802 5892 RSUSBSTOR - ok
16:18:20.0868 5892 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
16:18:20.0894 5892 RTHDMIAzAudService - ok
16:18:20.0930 5892 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:20.0932 5892 SamSs - ok
16:18:20.0984 5892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:18:20.0993 5892 sbp2port - ok
16:18:21.0019 5892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:18:21.0034 5892 SCardSvr - ok
16:18:21.0065 5892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:18:21.0072 5892 scfilter - ok
16:18:21.0190 5892 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:18:21.0217 5892 Schedule - ok
16:18:21.0247 5892 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:18:21.0254 5892 SCPolicySvc - ok
16:18:21.0302 5892 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:18:21.0322 5892 SDRSVC - ok
16:18:21.0395 5892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:18:21.0401 5892 secdrv - ok
16:18:21.0434 5892 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:18:21.0443 5892 seclogon - ok
16:18:21.0466 5892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:18:21.0469 5892 SENS - ok
16:18:21.0481 5892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:18:21.0489 5892 SensrSvc - ok
16:18:21.0502 5892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:18:21.0508 5892 Serenum - ok
16:18:21.0531 5892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:18:21.0539 5892 Serial - ok
16:18:21.0564 5892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:18:21.0570 5892 sermouse - ok
16:18:21.0737 5892 ServiceLayer (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
16:18:21.0745 5892 ServiceLayer - ok
16:18:21.0809 5892 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:18:21.0827 5892 SessionEnv - ok
16:18:21.0856 5892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:18:21.0862 5892 sffdisk - ok
16:18:21.0878 5892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:18:21.0885 5892 sffp_mmc - ok
16:18:21.0899 5892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:18:21.0903 5892 sffp_sd - ok
16:18:21.0909 5892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:18:21.0920 5892 sfloppy - ok
16:18:21.0999 5892 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:18:22.0018 5892 ShellHWDetection - ok
16:18:22.0028 5892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:18:22.0030 5892 SiSRaid2 - ok
16:18:22.0041 5892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:18:22.0049 5892 SiSRaid4 - ok
16:18:22.0122 5892 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:18:22.0133 5892 SkypeUpdate - ok
16:18:22.0160 5892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:18:22.0169 5892 Smb - ok
16:18:22.0200 5892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:18:22.0206 5892 SNMPTRAP - ok
16:18:22.0212 5892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:18:22.0218 5892 spldr - ok
16:18:22.0281 5892 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:18:22.0300 5892 Spooler - ok
16:18:22.0575 5892 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:18:22.0658 5892 sppsvc - ok
16:18:22.0759 5892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:18:22.0770 5892 sppuinotify - ok
16:18:22.0927 5892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:18:22.0953 5892 srv - ok
16:18:23.0018 5892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:18:23.0048 5892 srv2 - ok
16:18:23.0074 5892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:18:23.0083 5892 srvnet - ok
16:18:23.0109 5892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:18:23.0117 5892 SSDPSRV - ok
16:18:23.0135 5892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:18:23.0146 5892 SstpSvc - ok
16:18:23.0172 5892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:18:23.0178 5892 stexstor - ok
16:18:23.0252 5892 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:18:23.0272 5892 stisvc - ok
16:18:23.0308 5892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:18:23.0314 5892 swenum - ok
16:18:23.0375 5892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:18:23.0400 5892 swprv - ok
16:18:23.0466 5892 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
16:18:23.0488 5892 SynTP - ok
16:18:23.0647 5892 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:18:23.0697 5892 SysMain - ok
16:18:23.0843 5892 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:18:23.0863 5892 TabletInputService - ok
16:18:23.0918 5892 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:18:23.0938 5892 TapiSrv - ok
16:18:23.0958 5892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:18:23.0968 5892 TBS - ok
16:18:24.0235 5892 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:18:24.0340 5892 Tcpip - ok
16:18:24.0565 5892 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:18:24.0597 5892 TCPIP6 - ok
16:18:24.0685 5892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:18:24.0692 5892 tcpipreg - ok
16:18:24.0712 5892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:18:24.0717 5892 TDPIPE - ok
16:18:24.0745 5892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:18:24.0746 5892 TDTCP - ok
16:18:24.0791 5892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:18:24.0799 5892 tdx - ok
16:18:24.0846 5892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:18:24.0855 5892 TermDD - ok
16:18:24.0929 5892 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:18:24.0963 5892 TermService - ok
16:18:24.0990 5892 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:18:24.0993 5892 Themes - ok
16:18:25.0022 5892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:18:25.0024 5892 THREADORDER - ok
16:18:25.0046 5892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:18:25.0050 5892 TrkWks - ok
16:18:25.0102 5892 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:18:25.0104 5892 TrustedInstaller - ok
16:18:25.0147 5892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:18:25.0154 5892 tssecsrv - ok
16:18:25.0207 5892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:18:25.0216 5892 TsUsbFlt - ok
16:18:25.0276 5892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:18:25.0285 5892 tunnel - ok
16:18:25.0317 5892 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
16:18:25.0323 5892 TurboB - ok
16:18:25.0411 5892 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:18:25.0434 5892 TurboBoost - ok
16:18:25.0471 5892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:18:25.0479 5892 uagp35 - ok
16:18:25.0502 5892 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
16:18:25.0507 5892 UBHelper - ok
16:18:25.0574 5892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:18:25.0593 5892 udfs - ok
16:18:25.0624 5892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:18:25.0635 5892 UI0Detect - ok
16:18:25.0690 5892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:18:25.0698 5892 uliagpkx - ok
16:18:25.0769 5892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:18:25.0777 5892 umbus - ok
16:18:25.0791 5892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:18:25.0796 5892 UmPass - ok
16:18:26.0046 5892 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:18:26.0096 5892 UNS - ok
16:18:26.0158 5892 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:18:26.0192 5892 Updater Service - ok
16:18:26.0353 5892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:18:26.0372 5892 upnphost - ok
16:18:26.0510 5892 upperdev (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:18:26.0514 5892 upperdev - ok
16:18:26.0547 5892 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:18:26.0554 5892 USBAAPL64 - ok
16:18:26.0598 5892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:18:26.0606 5892 usbccgp - ok
16:18:26.0651 5892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:18:26.0662 5892 usbcir - ok
16:18:26.0686 5892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:18:26.0693 5892 usbehci - ok
16:18:26.0744 5892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:18:26.0753 5892 usbhub - ok
16:18:26.0771 5892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:18:26.0777 5892 usbohci - ok
16:18:26.0806 5892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:18:26.0811 5892 usbprint - ok
16:18:26.0870 5892 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
16:18:26.0877 5892 usbser - ok
16:18:26.0896 5892 UsbserFilt (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:18:26.0901 5892 UsbserFilt - ok
16:18:26.0930 5892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:18:26.0939 5892 USBSTOR - ok
16:18:26.0967 5892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:18:26.0974 5892 usbuhci - ok
16:18:27.0020 5892 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:18:27.0035 5892 usbvideo - ok
16:18:27.0072 5892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:18:27.0075 5892 UxSms - ok
16:18:27.0107 5892 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:27.0109 5892 VaultSvc - ok
16:18:27.0144 5892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:18:27.0151 5892 vdrvroot - ok
16:18:27.0234 5892 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:18:27.0254 5892 vds - ok
16:18:27.0262 5892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:18:27.0268 5892 vga - ok
16:18:27.0282 5892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:18:27.0288 5892 VgaSave - ok
16:18:27.0331 5892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:18:27.0348 5892 vhdmp - ok
16:18:27.0369 5892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:18:27.0374 5892 viaide - ok
16:18:27.0393 5892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:18:27.0401 5892 volmgr - ok
16:18:27.0466 5892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:18:27.0472 5892 volmgrx - ok
16:18:27.0514 5892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:18:27.0538 5892 volsnap - ok
16:18:27.0577 5892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:18:27.0592 5892 vsmraid - ok
16:18:27.0758 5892 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:18:27.0789 5892 VSS - ok
16:18:27.0933 5892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:18:27.0935 5892 vwifibus - ok
16:18:27.0954 5892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:18:27.0956 5892 vwififlt - ok
16:18:27.0991 5892 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:18:27.0992 5892 vwifimp - ok
16:18:28.0073 5892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:18:28.0088 5892 W32Time - ok
16:18:28.0107 5892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:18:28.0113 5892 WacomPen - ok
16:18:28.0176 5892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:18:28.0184 5892 WANARP - ok
16:18:28.0194 5892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:18:28.0202 5892 Wanarpv6 - ok
16:18:28.0375 5892 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:18:28.0463 5892 wbengine - ok
16:18:28.0605 5892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:18:28.0620 5892 WbioSrvc - ok
16:18:28.0685 5892 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:18:28.0712 5892 wcncsvc - ok
16:18:28.0736 5892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:18:28.0746 5892 WcsPlugInService - ok
16:18:28.0828 5892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:18:28.0835 5892 Wd - ok
16:18:28.0908 5892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:18:28.0933 5892 Wdf01000 - ok
16:18:28.0949 5892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:18:28.0953 5892 WdiServiceHost - ok
16:18:28.0959 5892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:18:28.0962 5892 WdiSystemHost - ok
16:18:28.0995 5892 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:18:29.0009 5892 WebClient - ok
16:18:29.0045 5892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:18:29.0069 5892 Wecsvc - ok
16:18:29.0086 5892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:18:29.0095 5892 wercplsupport - ok
16:18:29.0132 5892 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:18:29.0141 5892 WerSvc - ok
16:18:29.0171 5892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:18:29.0183 5892 WfpLwf - ok
16:18:29.0189 5892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:18:29.0195 5892 WIMMount - ok
16:18:29.0204 5892 WinHttpAutoProxySvc - ok
16:18:29.0283 5892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:18:29.0298 5892 Winmgmt - ok
16:18:29.0483 5892 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:18:29.0607 5892 WinRM - ok
16:18:29.0777 5892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:18:29.0786 5892 WinUsb - ok
16:18:29.0890 5892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:18:29.0907 5892 Wlansvc - ok
16:18:30.0142 5892 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:18:30.0193 5892 wlidsvc - ok
16:18:30.0272 5892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:18:30.0274 5892 WmiAcpi - ok
16:18:30.0312 5892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:18:30.0327 5892 wmiApSrv - ok
16:18:30.0379 5892 WMPNetworkSvc - ok
16:18:30.0387 5892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:18:30.0396 5892 WPCSvc - ok
16:18:30.0446 5892 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:18:30.0467 5892 WPDBusEnum - ok
16:18:30.0500 5892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:18:30.0505 5892 ws2ifsl - ok
16:18:30.0510 5892 WSearch - ok
16:18:30.0730 5892 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:18:30.0782 5892 wuauserv - ok
16:18:30.0943 5892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:18:30.0952 5892 WudfPf - ok
16:18:31.0009 5892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:18:31.0022 5892 WUDFRd - ok
16:18:31.0085 5892 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:18:31.0089 5892 wudfsvc - ok
16:18:31.0124 5892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:18:31.0148 5892 WwanSvc - ok
16:18:31.0199 5892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:18:31.0646 5892 \Device\Harddisk0\DR0 - ok
16:18:31.0651 5892 Boot (0x1200) (3e270ce420bef8245464841144857f2b) \Device\Harddisk0\DR0\Partition0
16:18:31.0653 5892 \Device\Harddisk0\DR0\Partition0 - ok
16:18:31.0692 5892 Boot (0x1200) (7910297d53e8fa28c37e7557a6208142) \Device\Harddisk0\DR0\Partition1
16:18:31.0695 5892 \Device\Harddisk0\DR0\Partition1 - ok
16:18:31.0695 5892 ============================================================
16:18:31.0695 5892 Scan finished
16:18:31.0695 5892 ============================================================
16:18:31.0713 2476 Detected object count: 0
16:18:31.0713 2476 Actual detected object count: 0
16:21:40.0589 7032 Deinitialize success
Und die aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 16:21:47
-----------------------------
16:21:47.305 OS Version: Windows x64 6.1.7601 Service Pack 1
16:21:47.305 Number of processors: 4 586 0x2505
16:21:47.306 ComputerName: CLAUDIA-PC UserName: Claudia
16:21:48.408 Initialize success
16:23:28.649 AVAST engine defs: 12062700
16:24:04.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:24:04.858 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
16:24:04.873 Disk 0 MBR read successfully
16:24:04.876 Disk 0 MBR scan
16:24:04.901 Disk 0 Windows 7 default MBR code
16:24:04.906 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
16:24:04.923 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
16:24:04.943 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
16:24:04.968 Disk 0 scanning C:\Windows\system32\drivers
16:24:18.515 Service scanning
16:24:43.762 Modules scanning
16:24:43.775 Disk 0 trace - called modules:
16:24:43.794 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:24:43.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005222060]
16:24:43.814 3 CLASSPNP.SYS[fffff88001bca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fa3050]
16:24:45.485 AVAST engine scan C:\Windows
16:24:48.329 AVAST engine scan C:\Windows\system32
16:29:44.796 AVAST engine scan C:\Windows\system32\drivers
16:30:12.292 AVAST engine scan C:\Users\Claudia
16:31:51.205 File: C:\Users\Claudia\AppData\Local\Temp\96224380.exe **INFECTED** Win32:LockScreen-GY [Trj]
16:45:12.321 File: C:\Users\Claudia\AppData\Roaming\WMPRWISE.EXE **INFECTED** Win32:LockScreen-GY [Trj]
16:47:27.646 AVAST engine scan C:\ProgramData
16:48:56.878 Scan finished successfully
17:27:10.676 Disk 0 MBR has been saved successfully to "C:\Users\Claudia\Desktop\MBR.dat"
17:27:10.680 The log file has been saved successfully to "C:\Users\Claudia\Desktop\aswMBR.txt"
noreia1978 |
|
27.06.2012, 16:44
| #4 |
| /// Malwareteam | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall SoulSeek. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
27.06.2012, 16:53
| #5 |
| | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Habe das Programm deinstalliert. Ich selber habe es nie benutzt, eine Freundin hat es installiert und sich vor längerer Zeit etwas heruntergeladen. Seither war es ungenutzt. |
|
27.06.2012, 16:58
| #6 | ||
| /// Malwareteam | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Schritt 1: Software deinstallieren
Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI |
|
27.06.2012, 17:05
| #7 |
| | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Ich kann Avira nicht deaktivieren. Soll ich es deinstallieren und danach neu aufspielen? |
|
27.06.2012, 17:13
| #8 |
| /// Malwareteam | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI wenn du Avira deaktiviert hast (zugeklappter Schirm) ignoriere die Meldung von Combofix
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
27.06.2012, 17:50
| #9 |
| | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Nachdem ich Combofix gestartet hatte, bin ich vom Laptop weggegangen, weil mein Sohn mit Rad gestürzt war. Als ich das nächste mal auf den Bildschirm geschaut hatte, hatte er sich heruntergefahren, hat versucht zu reparieren, was nicht funktioniert hat und hat eine Wiederherstellung verlangt, da der Rechner nicht mehr hochgefahren werden konnte. Das habe ich dann gemacht, jetzt sind die Programme, die ich gestern und heute installiert habe weg, aber die Logfiles sind noch auf dem Desktop gespeichert. Soll ich Combofix nochmal herunterladen und starten? |
|
27.06.2012, 19:53
| #10 |
| /// Malwareteam | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Nein, das rootkit funkt uns hier vermutlich dazwischen! Scan mit FRST x64 Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
28.06.2012, 10:58
| #11 |
| | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Hier der Inhalt von FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 28-06-2012 11:53:21
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [206504 2011-12-21] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKU\Claudia\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1840424 2008-06-24] (Nero AG)
HKU\Claudia\...\Run: [Facebook Update] "C:\Users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-09-05] (Facebook Inc.)
HKU\Claudia\...\Run: [] [x]
HKU\Claudia\...\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray [966712 2011-09-01] (Nokia)
HKU\Claudia\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Claudia\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Gast\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)
==================== Services (Whitelisted) ======
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104 2010-08-10] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [537896 2008-06-24] (Nero AG)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)
========================== Drivers (Whitelisted) =============
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [111552 2008-04-10] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [111552 2008-04-10] (SlySoft, Inc.)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2007-02-15] (Elaborate Bytes AG)
3 ElbyDelay; C:\Windows\SysWow64\Drivers\ElbyDelay.sys [14032 2007-02-15] (Elaborate Bytes AG)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2010-04-19] (NTI Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2010-07-08] (NTI Corporation)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-05-18] (Nokia)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-06-28 11:53 - 2012-06-28 11:53 - 00000000 ____D C:\FRST
2012-06-28 01:19 - 2012-06-28 01:19 - 01425797 ____A C:\Users\Claudia\Desktop\FRST64.exe
2012-06-27 08:49 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-27 08:49 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-27 08:49 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-27 08:49 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-27 08:49 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-27 08:49 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-27 08:49 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-27 08:48 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-27 08:48 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-27 08:44 - 2012-06-27 08:44 - 292776903 ____A C:\Windows\MEMORY.DMP
2012-06-27 08:44 - 2012-06-27 08:44 - 00275424 ____A C:\Windows\Minidump\062712-26910-01.dmp
2012-06-27 08:08 - 2012-06-27 08:08 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-27 08:02 - 2012-06-27 18:43 - 00000000 ___SD C:\32788R22FWJFW
2012-06-27 08:02 - 2012-06-27 08:02 - 00000000 ____D C:\Qoobox
2012-06-27 07:27 - 2012-06-27 07:27 - 00002140 ____A C:\Users\Claudia\Desktop\aswMBR.txt
2012-06-26 06:25 - 2012-06-26 06:25 - 00000000 ____A C:\Users\Claudia\defogger_reenable
2012-06-26 02:16 - 2012-06-27 18:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\All Users\Malwarebytes
============ 3 Months Modified Files and Folders =============
2012-06-28 01:50 - 2011-03-08 01:13 - 00024368 ____A C:\Windows\setupact.log
2012-06-28 01:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-28 01:49 - 2012-01-29 01:34 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-06-28 01:49 - 2011-02-20 12:23 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-28 01:49 - 2010-11-12 04:42 - 01393017 ____A C:\Windows\WindowsUpdate.log
2012-06-28 01:41 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-28 01:41 - 2009-07-13 20:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-28 01:38 - 2010-11-12 13:34 - 00657948 ____A C:\Windows\System32\perfh007.dat
2012-06-28 01:38 - 2010-11-12 13:34 - 00131288 ____A C:\Windows\System32\perfc007.dat
2012-06-28 01:38 - 2009-07-13 21:13 - 01507502 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-28 01:32 - 2011-09-05 07:27 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job
2012-06-28 01:22 - 2011-02-20 12:23 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-28 01:19 - 2012-06-28 01:19 - 01425797 ____A C:\Users\Claudia\Desktop\FRST64.exe
2012-06-28 01:19 - 2011-01-29 06:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-27 23:29 - 2011-01-29 06:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-27 18:43 - 2012-06-27 08:02 - 00000000 ___SD C:\32788R22FWJFW
2012-06-27 18:43 - 2012-06-26 02:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-27 18:43 - 2012-04-25 02:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-27 18:43 - 2012-03-06 01:24 - 00000000 ____D C:\Users\Claudia\.compeople
2012-06-27 18:43 - 2012-01-29 01:34 - 00000000 ____D C:\Program Files (x86)\blekkotb
2012-06-27 18:43 - 2011-03-09 05:44 - 00000000 ____D C:\Users\Claudia\Desktop\Soulseek
2012-06-27 18:43 - 2011-03-09 05:42 - 00000000 ____D C:\Program Files (x86)\SoulseekNS
2012-06-27 18:43 - 2011-01-31 08:01 - 00000000 ____D C:\users\Gast
2012-06-27 18:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-27 18:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-27 18:42 - 2011-09-05 07:27 - 00000000 ____D C:\Users\Claudia\AppData\Local\Facebook
2012-06-27 09:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-27 08:44 - 2012-06-27 08:44 - 292776903 ____A C:\Windows\MEMORY.DMP
2012-06-27 08:44 - 2012-06-27 08:44 - 00275424 ____A C:\Windows\Minidump\062712-26910-01.dmp
2012-06-27 08:44 - 2011-02-01 08:01 - 00000000 ____D C:\Windows\Minidump
2012-06-27 08:44 - 2011-01-29 05:41 - 00000000 ____D C:\users\Claudia
2012-06-27 08:08 - 2012-06-27 08:08 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-27 08:02 - 2012-06-27 08:02 - 00000000 ____D C:\Qoobox
2012-06-27 07:54 - 2011-06-17 00:37 - 00000000 ____D C:\Users\Claudia\Desktop\Policierung
2012-06-27 07:27 - 2012-06-27 07:27 - 00002140 ____A C:\Users\Claudia\Desktop\aswMBR.txt
2012-06-26 06:36 - 2011-11-23 03:25 - 00000000 ____D C:\Users\Claudia\Desktop\Formulare Geschäft
2012-06-26 06:36 - 2011-06-22 21:16 - 00000000 ____D C:\Users\Claudia\Desktop\Angebote
2012-06-26 06:25 - 2012-06-26 06:25 - 00000000 ____A C:\Users\Claudia\defogger_reenable
2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2012-06-26 02:16 - 2012-06-26 02:16 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 01:37 - 2012-01-10 16:22 - 00000000 __SHD C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}
2012-06-15 03:54 - 2011-02-15 06:24 - 00000000 ____D C:\Users\Claudia\Desktop\Schäden Bilder
2012-06-15 00:17 - 2011-09-05 07:27 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job
2012-06-07 21:48 - 2009-07-13 20:45 - 00413656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-07 21:46 - 2011-04-17 21:28 - 00031988 ____A C:\Windows\PFRO.log
2012-06-06 06:17 - 2011-01-31 03:44 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-06 06:16 - 2011-01-29 06:27 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-06 06:08 - 2010-08-30 01:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-06 06:07 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-05 04:32 - 2011-01-30 22:37 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ICQ
2012-06-02 14:19 - 2012-06-27 08:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-27 08:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-27 08:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-27 08:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-27 08:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-27 08:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-27 08:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-27 08:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-27 08:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-22 13:41 - 2011-01-31 06:30 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\vlc
2012-05-14 11:02 - 2011-03-09 05:43 - 00000000 ____D C:\Users\All Users\Soulseek
2012-05-13 12:15 - 2012-04-25 06:56 - 00009509 ____A C:\Users\Claudia\Desktop\Mappe1.xlsx
2012-05-09 11:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-08 09:23 - 2011-12-05 10:55 - 00000000 ____D C:\Users\Claudia\AppData\Local\Cyberlink
2012-05-08 02:45 - 2011-10-14 23:16 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-08 02:45 - 2011-10-14 23:16 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-05-03 11:09 - 2012-05-03 10:56 - 00000000 ____D C:\Program Files (x86)\SBS-Bausoftware
2012-05-03 11:08 - 2012-05-03 11:02 - 00000015 ____A C:\Windows\SysWOW64\asdrawim.ini
2012-05-03 11:02 - 2012-05-03 10:59 - 00000512 ____A C:\Windows\SysWOW64\as_tom32.mul
2012-05-03 11:00 - 2012-05-03 11:00 - 00000000 ____D C:\Windows\SysWOW64\OCON3D
2012-05-03 11:00 - 2012-05-03 11:00 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ASCON Programme
2012-05-03 10:59 - 2012-05-03 10:59 - 00180224 ____A (Intel Corporation) C:\Windows\SysWOW64\ijl11.dll
2012-05-03 10:59 - 2012-05-03 10:59 - 00067072 ____A (AS·CON Software GmbH 2000 ) C:\Windows\SysWOW64\as_tif32.dll
2012-05-03 10:59 - 2012-05-03 10:59 - 00047616 ____A (AS·CON Software GmbH 2000 ) C:\Windows\SysWOW64\asdib32.dll
2012-05-03 10:56 - 2012-05-03 10:56 - 00000000 ____D C:\Windows\Startmenü
2012-05-03 10:54 - 2012-05-03 10:54 - 00120320 ____N () C:\Windows\SysWOW64\czip.ocx
2012-05-03 10:54 - 2012-05-03 10:54 - 00029696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sfx32.dll
2012-05-03 10:37 - 2012-05-03 10:37 - 00000000 ____D C:\Users\Claudia\eTeks
2012-05-03 10:28 - 2012-05-03 10:28 - 00000109 ____A C:\user.js
2012-05-03 03:00 - 2012-05-03 03:00 - 00162304 ____A C:\Users\Claudia\Desktop\CKV Antragsdeckblatt.xls
2012-04-25 07:19 - 2012-04-25 07:19 - 00000165 ___AH C:\Users\Claudia\Desktop\~$Mappe1.xlsx
2012-04-25 06:59 - 2012-01-17 13:54 - 00000000 ____D C:\Program Files (x86)\Safari
2012-04-25 06:58 - 2012-04-25 06:58 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-25 06:58 - 2012-04-25 06:57 - 00000000 ____D C:\Program Files\iTunes
2012-04-25 06:58 - 2012-03-20 01:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-25 06:57 - 2012-04-25 06:57 - 00000000 ____D C:\Program Files\iPod
2012-04-25 02:11 - 2012-04-25 02:11 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-24 00:58 - 2012-03-27 12:44 - 00000000 ____D C:\Users\Claudia\Desktop\Anzeigen
2012-04-23 23:57 - 2011-01-31 06:01 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Skype
2012-04-23 23:56 - 2011-08-17 23:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-23 23:56 - 2011-01-31 06:01 - 00000000 ____D C:\Users\All Users\Skype
2012-04-20 02:30 - 2011-01-31 09:49 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-04-20 02:28 - 2012-04-20 02:28 - 00000000 ____D C:\Users\Claudia\AppData\Local\{BA05002F-1415-4041-9276-05FBA94C8882}
2012-04-17 22:45 - 2011-03-09 10:49 - 00000000 ____D C:\Users\Claudia\Documents\Freundeskreis der Städtepartnerschaften
2012-04-15 05:01 - 2012-04-15 05:01 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-15 05:01 - 2012-04-15 05:01 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-15 05:01 - 2012-04-15 05:01 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-15 05:01 - 2011-03-18 10:16 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-12 01:14 - 2012-04-12 01:14 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-12 01:14 - 2012-04-12 01:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
ZeroAccess:
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\L
ZeroAccess:
C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}
C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@
C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\L
C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3958.71 MB
Available physical RAM: 3228.55 MB
Total Pagefile: 3956.86 MB
Available Pagefile: 3209.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:206.33 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.03 GB) NTFS
4 Drive g: (NOREIA) (Removable) (Total:7.47 GB) (Free:2.14 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 298 GB 0 B
Datentr„ger 1 Online 7660 MB 0 B
Partitions of Disk 0:
===============
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Wiederherstellun 13 GB 1024 KB
Partition 2 Prim„r 100 MB 13 GB
Partition 3 Prim„r 284 GB 13 GB
======================================================================================================
Disk: 0
Partition 1
Typ : 27
Versteckt: Ja
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Fehlerfre Versteck
======================================================================================================
Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Fehlerfre
======================================================================================================
Disk: 0
Partition 3
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 284 GB Fehlerfre
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 7656 MB 4096 KB
======================================================================================================
Disk: 1
Partition 1
Typ : 0B
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NOREIA FAT32 Wechselmed 7656 MB Fehlerfre
======================================================================================================
==========================================================
Last Boot: 2012-06-25 00:20
======================= End Of Log ==========================
Liebe Grüße Claudia |
|
28.06.2012, 14:11
| #12 | |
| /// Malwareteam | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Schritt 1: Fix mit FRST x64 Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}
C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}
Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
28.06.2012, 16:27
| #13 |
| | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Hier die fixlog-Datei: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
Ran by SYSTEM at 2012-06-28 16:56:33 Run:1
Running from G:\
==============================================
C:\Windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14} moved successfully.
C:\Users\Claudia\AppData\Local\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14} moved successfully.
==== End of Fixlog ====
und die Logdatei von Combofix: Code:
ATTFilter ComboFix 12-06-28.01 - Claudia 28.06.2012 17:03:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2163 [GMT 2:00]
ausgeführt von:: c:\users\Claudia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\@
c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\00000001.@
c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\80000000.@
c:\windows\Installer\{9bbcadce-ea20-74f8-cb85-d1f9f44d3a14}\U\800000cb.@
c:\windows\SysWow64\ijl11.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-28 ))))))))))))))))))))))))))))))
.
.
2012-06-28 19:53 . 2012-06-28 19:54 -------- d-----w- C:\FRST
2012-06-28 15:10 . 2012-06-28 15:10 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-28 15:10 . 2012-06-28 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 16:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-27 16:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-27 16:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-27 16:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-27 16:49 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-27 16:49 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-27 16:49 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-27 16:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-27 16:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-27 16:08 . 2012-06-27 16:08 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-26 10:16 . 2012-06-26 10:16 -------- d-----w- c:\users\Claudia\AppData\Roaming\Malwarebytes
2012-06-26 10:16 . 2012-06-28 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 10:16 . 2012-06-26 10:16 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 10:45 . 2011-10-15 07:16 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 10:45 . 2011-10-15 07:16 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-03 18:59 . 2012-05-03 18:59 67072 ----a-w- c:\windows\SysWow64\as_tif32.dll
2012-05-03 18:59 . 2012-05-03 18:59 47616 ----a-w- c:\windows\SysWow64\asdib32.dll
2012-05-03 18:54 . 2012-05-03 18:54 29696 ----a-w- c:\windows\SysWow64\sfx32.dll
2012-05-03 18:54 . 2012-05-03 18:54 120320 ------w- c:\windows\SysWow64\czip.ocx
2012-04-15 13:01 . 2011-03-18 18:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-31 06:05 . 2012-05-09 08:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 08:40 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 08:40 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 08:40 3146240 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2011-12-22 21:17 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2011-12-22 21:16 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2011-12-22 86696]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Facebook Update"="c:\users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 137536]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-12-21 206504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2011-2-3 106561]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-25 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6856192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-25 264192]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001Core.job
- c:\users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 15:27]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1737274021-33549499-3163408016-1001UA.job
- c:\users\Claudia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 15:27]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 20:23]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-20 20:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\gvgv42ae.default\
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - f23c113900000000000018f46a74f5a6
FF - user.js: extensions.Softonic.instlDay - 15463
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.020:28
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-28 17:17:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-28 15:17
.
Vor Suchlauf: 12 Verzeichnis(se), 220.195.184.640 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 222.442.254.336 Bytes frei
.
- - End Of File - - A772CF6C70C30B98B52864F03CA5E309
|
|
29.06.2012, 07:47
| #14 | |
| /// Malwareteam | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Schritt 1: Software deinstaliieren
Schritt 2: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.07.2012, 09:12
| #15 |
| /// Malwareteam | Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Trojaner TR/ATRAPS.Gen, TR/ATRAPS.Gen2, TR/Small.FI |
| avira, bho, dateisystem, desktop, error, excel, firefox 13.0.1, flash player, google, heuristiks/extra, heuristiks/shuriken, home, ip-adresse, jdownloader, launch, limited.com/facebook, logfile, microsoft office word, mozilla, nt.dll, office 2007, pmmupdate.exe, programm, prozesse, realtek, registry, rundll, scan, searchscopes, security, senden, software, spam, svchost.exe, trojaner, trojaner tr/atraps.gen, usb, usb 2.0, verweise, warnung, windows |
Linear-Darstellung
