|
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.07.2012, 20:37 | #1 |
| GVU-Trojaner eingefangen Hallo, auch ich habe mir den GVU-Trojaner mit Webcam eingefangen. Mein PC läuft unter Windows 7 64bit. Ich habe die beschriebenen Anweisungen durchgeführt. Die log-files sind im Anhang. Vielen Dank für die Hilfe schon im Vorraus. Geändert von Selior (04.07.2012 um 20:47 Uhr) |
05.07.2012, 15:31 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
05.07.2012, 17:39 | #3 |
| GVU-Trojaner eingefangen Vielen Dank für die Antwort,
__________________In der Zwischenzeit habe ich mich an den anderen Thread hier im Forum orientiert, die das Selbe Problem mit dem GVU-Trojaner schildern. Zugreifen konnte ich auf das Internet erst wieder als ich die roper0dun.exe Datei aus dem Ordner in dem sie drinnen war in einen anderen verschoben habe. Davor lief der PC zwar, aber sobald man das Internet anschloss startete diese Trojaner-Meldung, was danach nicht mehr der Fall war. Dann wurde mir nur noch beim Neustart eine Fehlermeldung angezeigt, dass diese exe-Datei nicht ausgeführt werden konnte. Daraufhin habe ich wie hier oben auf der Seite beschrieben Malwarebytes ausgeführt , wobei mir ein Treffer angezeigt wurde. Desweiteren habe ich den OLT-Scan durchgeführt und die betroffenen Pfade herausgesucht, also, diejenigen, die ctfmon und roper0dun sowie nud0repor enthielten und alle vom gestrigen Tag stammten und sie wie hier schon im Forum beschrieben versucht zu löschen: :OTL ………………………………………… :Files :Commands [Reboot] Seitdem läuft alles wieder normal. Malwarebytes zeigt keinen Treffer an. Auch der ESET Scanner zeigt keinen Treffer an. Hier gebe ich noch die aktuellen Logs an: Log des ESET Scan: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Lukas :: 4820TG-PC [Administrator] 05.07.2012 18:07:02 mbam-log-2012-07-05 (18-07-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354923 Laufzeit: 17 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 05.07.2012 18:30:38 - Run 5 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Lukas\weiter Software 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,71% Memory free 7,35 Gb Paging File | 5,25 Gb Available in Paging File | 71,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 135,95 Gb Total Space | 68,71 Gb Free Space | 50,54% Space Free | Partition Type: NTFS Computer Name: 4820TG-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 21:11:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\weiter Software\OTL.exe PRC - [2012.05.23 16:20:18 | 000,364,544 | ---- | M] (Secure Banking) -- C:\Program Files (x86)\Secure Banking\SecureBanking.exe PRC - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:32:31 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe PRC - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.05.25 02:21:56 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.04.23 18:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe PRC - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 10:41:32 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.13 10:41:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.13 10:41:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.22 15:10:52 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\funcs.dll MOD - [2012.05.22 15:09:44 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\SecureBanking.dll MOD - [2012.05.10 19:11:36 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5e8f8f2c9fc237166053716f39f5ea67\IAStorUtil.ni.dll MOD - [2012.05.09 18:07:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 18:07:05 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.09 18:06:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.09 18:06:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.09 18:06:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.09 18:06:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe MOD - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010.09.15 23:21:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.15 23:21:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.05.25 02:16:18 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.25 13:46:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.01 12:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011.09.22 22:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.06.11 14:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:32:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:32:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.08 19:18:56 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2012.04.08 19:18:56 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.04.08 19:18:56 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.04.08 19:18:56 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2012.04.08 19:18:56 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M] [2011.10.01 17:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2012.05.02 20:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\mclysl1s.default\extensions [2012.03.28 13:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.25 13:46:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.28 13:23:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.28 13:23:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.28 13:23:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.28 13:23:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.28 13:23:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.28 13:23:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB20C9E-6688-4474-9D8C-78ED8197511A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: DhcpNameServer = 82.212.62.62 78.42.43.62 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.05 15:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2012.07.05 15:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2012.07.05 15:45:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\weiter Software [2012.07.05 15:21:24 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.05 15:00:17 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2012 [2012.07.05 15:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2012 [2012.07.05 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Auslogics [2012.07.05 14:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2012.07.05 14:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2012.07.04 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes [2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 20:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.04 20:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.22 13:24:53 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 13:24:53 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 13:24:53 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 13:24:51 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 13:24:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 13:24:51 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 13:24:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 13:24:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.17 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.06.13 10:30:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.13 10:29:37 | 000,000,000 | ---D | C] -- C:\2194756f52c55284dcf5 [2012.06.13 10:25:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 10:25:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 10:25:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 10:25:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 10:25:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 10:25:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 10:25:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 10:25:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 10:25:53 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 10:25:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 10:25:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 10:25:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 10:25:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 10:25:37 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 10:25:36 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 10:25:36 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 10:25:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 10:25:36 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 10:25:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 10:25:35 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 10:25:25 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 10:25:25 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.05 17:57:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 17:40:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:40:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:37:39 | 002,128,978 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.05 17:37:39 | 001,133,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.05 17:37:39 | 000,611,718 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.05 17:37:39 | 000,541,200 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.05 17:37:39 | 000,006,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.05 17:33:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.05 17:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 17:33:05 | 2962,239,488 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin [2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys [2012.06.17 14:19:15 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.06.13 10:31:49 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:14:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.12 20:14:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin [2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys [2012.06.17 14:19:15 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.04.04 18:31:34 | 000,007,605 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg [2011.09.23 17:04:56 | 000,000,192 | ---- | C] () -- C:\Windows\bctester_de.INI [2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.20 17:48:48 | 001,777,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.05 19:23:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.10.05 12:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.05 11:50:31 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2010.09.15 13:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.15 13:26:12 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.07.05 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Auslogics [2011.11.04 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Bioshock2 [2012.07.01 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ [2011.09.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Liteon [2010.10.20 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PowerCinema [2010.10.06 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer [2012.07.04 19:28:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.07.2012 18:30:38 - Run 5 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Lukas\weiter Software 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,71% Memory free 7,35 Gb Paging File | 5,25 Gb Available in Paging File | 71,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 135,95 Gb Total Space | 68,71 Gb Free Space | 50,54% Space Free | Partition Type: NTFS Computer Name: 4820TG-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CC47B5F-F6EB-400F-BCA8-C4303276F170}" = rport=445 | protocol=6 | dir=out | app=system | "{1252D88D-3D04-4239-BD1F-242A62591980}" = rport=137 | protocol=17 | dir=out | app=system | "{27A8E58A-76B5-4049-8ED9-596A5A37BE59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2DFC9105-69EC-461F-B53C-41EBA91D520A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{35D458A4-B046-46FE-BC89-EC704849A694}" = lport=2869 | protocol=6 | dir=in | app=system | "{4E89F4E9-B660-4429-A719-2AC6BA0E583E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{53C0A185-6C43-4740-8531-56F5200844C4}" = rport=138 | protocol=17 | dir=out | app=system | "{65104ED6-CB01-4815-931A-4CC5064AB5D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6E200F37-187D-4870-B4F4-DFBBF53D07B8}" = lport=137 | protocol=17 | dir=in | app=system | "{6F7196AE-6F80-4CA6-957F-6671B8752D4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{753CE041-B888-4B62-AD4A-11B071BE262A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7BAEDF57-DFE4-4FF9-B081-311E8DE01BE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{86108E43-C2F5-4934-8E50-378BB85BB784}" = lport=445 | protocol=6 | dir=in | app=system | "{93FA91C7-B959-4AC8-BB00-2CD3D423D15F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9456CA59-04A1-4699-9FC5-847F68409EF4}" = rport=139 | protocol=6 | dir=out | app=system | "{A1D3B092-69EB-44FE-A661-5243FE730F4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A55E70F4-C074-4E13-83E6-8E3C71C35C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A67E6D88-38BC-482C-A21E-334A2A663019}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{A6A48515-4402-4089-B5EC-EA9D866A1DFD}" = lport=2869 | protocol=6 | dir=in | app=system | "{A7BE9C7A-053A-40B8-B438-F8A04E931174}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BC5F2020-5497-4966-BE8C-CA8CD6249C31}" = lport=10243 | protocol=6 | dir=in | app=system | "{BE8BCBE9-8505-408E-B4EB-E4BF49FF354D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C18F4084-456B-4870-9E4D-A568FAE8A3BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C194F669-39B2-42A9-A525-37447008C760}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C3CA2124-C6DE-48E6-9073-FAC9B0762952}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C4C9A318-A91E-438A-BE3D-A5BC7F9B0EFD}" = lport=139 | protocol=6 | dir=in | app=system | "{CC6AD082-9B09-4A03-BCC3-FFA37914E799}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF3A567A-974C-4782-9390-A8391B2F77CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F18C7CD7-E307-4CF7-8969-A632CFCB7F3F}" = lport=138 | protocol=17 | dir=in | app=system | "{F4C34652-D826-4082-856F-D13682C40CB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F5882FAE-D234-42C1-9A62-5C9973525830}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FA1C5D6E-6A8D-4EF2-B32E-1E45A74A6F14}" = rport=10243 | protocol=6 | dir=out | app=system | "{FF4DE3C7-B527-4EBD-9E08-2D6628958F8A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FF7174AF-81AD-4BCF-BBD7-3DA456C58A49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0113B23A-C4E1-4E90-B6C1-53C8C5E10BF9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0D4F7E16-A7A0-41A8-8645-750879DA9923}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0E37CD5A-D0DC-45E1-B52C-3C4DDD72D93E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{120D5056-B2C7-495B-BCAA-698D1F3712EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{13353E84-E7FA-4A04-BCDF-9600435A2037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{19812D5D-1857-4ED4-B679-95E92652B96F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{211AE16E-7C16-4E46-A90B-38C090B1717E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{25D461E7-2281-4D8B-A9DA-575CC98E16A7}" = protocol=58 | dir=in | app=system | "{2B788F59-7C1E-4160-99DD-6B8225366F28}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{329DE4DA-4A18-481B-B8C4-F27BB6F2CBD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3374B8A2-1EC7-4418-B180-B08BF6D6610F}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{361F847B-66EC-4A06-B653-62F1294F5E4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3A64905A-B265-4D8D-BF8A-A059E2072C5E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{3DF931C6-9273-451C-9411-324E1C0F41E9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{4971D8D5-9C8D-42D1-B81F-2E2ED382CE19}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{4B89BB70-194F-47C6-9906-16CE0D11344F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{50253F4A-FF7B-492F-8661-E90CB84F51FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{520EA6AE-32A4-4292-A222-1B20176A6A92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{53C79C67-9843-437D-AC11-2C260B98351D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{570633B2-EB34-46A5-B26F-51B203B06CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{5DD11A71-AFFF-4A58-B379-31EF8A1D4EBF}" = protocol=6 | dir=out | app=system | "{64868A19-7961-4A30-A7CA-7499AC0AE4FE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{64BEB564-3794-4902-BACE-CC10CA36EDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{6C2BADD3-A971-4500-B3D6-E866D40F536C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{735FCC98-F9A4-4A90-8843-2D31C231F7F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{76F66C44-7605-493F-8B8C-0B08495A0CE6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{80D9762C-9FEE-465D-9913-81DAAC670106}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{839D0C4A-BD7E-4E68-A315-8BB4607F6F83}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{86CA1006-CDB6-444D-9F17-D9E9FDF41433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8CD4D3DF-4C41-4A87-A561-F39AB2CD2326}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{93660832-4868-455A-9FA2-14D843EDFBA4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9C6CA746-D40C-4666-8052-ABC996D8178F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9EBF261E-4CD9-4D56-A7F4-E2F43190A5BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9FF3B066-5040-4AF9-B783-2B95606AF20A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{A34B0014-F9C7-4B6B-A498-29E60B8388FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A44F0737-B9DE-45A5-9D3C-3D925EE6DD97}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{A6737B58-9871-4441-A8F7-E7DE23EADE20}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{BA522269-A9E8-4798-A626-98242923EDC8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{BD372510-DB8B-4C1E-9A97-E0C1E7B0C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{BE491F30-A31E-4F24-91B6-7A330D936D96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D12C34DF-1711-4E66-8E76-E5792E7B447B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{D7E92FEC-C8E2-4912-A337-D75E1BDEE0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D82C2FF4-FBCA-4F82-A4B1-2B5EC8E26EA9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{DC8771D8-D7F4-4363-A9CD-2AA4F2149ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E37337CB-E3A7-496C-8D8F-747AF483659C}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{E480B816-3D56-4CBE-8655-3B3789E40315}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{E7F7FC98-DC47-4936-A48C-B69AE887C695}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{E8800A77-4519-4D6F-86E6-90C1AAA27B2E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ECF7A4DF-76A4-4648-BB62-350C2154D78A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EFBA89E2-A199-4123-8D87-F0AFC1780280}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "TCP Query User{680D4B46-95AF-415A-9672-A04D24909D08}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{8D57D214-E1D0-4659-85F4-95BF23498A5E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{96306ACC-807B-43D2-B0D5-6E0089E413A3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{9C626739-D131-4022-8594-290C2CB08CED}C:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "TCP Query User{D5DC1D19-B4EE-418A-8672-ABACC711FF6D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{D8BCE3DA-748D-49C3-9161-CE42902706A3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{555E3842-7E03-4DE7-8D49-EBCB2E8B94C4}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{5561968B-78D0-478D-8DF9-F249A7E32A03}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{61279944-9B13-409D-936F-2BC9D48C77AF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{DCB0AC63-99DE-4B49-90D0-B4FA15973DE6}C:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "UDP Query User{F6D637EA-ED36-40B1-AEA5-2F41DDA832A6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{F93558BC-2766-4260-8B8C-0A324F11E622}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software "{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02C6615A-A8FF-4175-8B25-9DADCE1D02B7}_is1" = Secure Banking Version 1.4.6 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish "{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding "{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{5454085C-129F-416C-9C0B-8B1000048301}" = BioShock 2 "{5454085C-129F-416C-9C0B-8B1000048302}" = BioShock 2 "{5454085C-129F-416C-9C0B-8B1000048303}" = BioShock 2 "{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2 "{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2 "{5454085C-840F-4070-8FAA-441000038302}" = BioShock 2 "{5454085C-840F-4070-8FAA-441000038303}" = BioShock 2 "{568502E8-5167-11DE-A65F-B57B56D89593}" = Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010) "{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{742D41A9-B3BF-3A65-806E-F8372FB3E492}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light "{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian "{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese "{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update "{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management "{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy "{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010 "{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish "{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All "{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing "{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation "{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish "7-Zip" = 7-Zip 9.20 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager" = Business Contact Manager für Microsoft Outlook 2010 "ESET Online Scanner" = ESET Online Scanner v3 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "jv16 PowerTools 2011" = jv16 PowerTools 2012 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Sigma Data Center" = Sigma Data Center "Steam App 72850" = The Elder Scrolls V: Skyrim "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.07.2012 08:37:11 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 05.07.2012 08:51:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 05.07.2012 08:51:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 05.07.2012 08:51:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 05.07.2012 09:33:08 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 05.07.2012 09:33:08 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 05.07.2012 09:33:08 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 05.07.2012 11:37:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 05.07.2012 11:37:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 05.07.2012 11:37:36 | Computer Name = 4820TG-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 15.06.2012 10:37:29 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 17.06.2012 08:00:50 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?17.?06.?2012 um 13:58:26 unerwartet heruntergefahren. Error - 17.06.2012 14:28:25 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?17.?06.?2012 um 20:27:11 unerwartet heruntergefahren. Error - 19.06.2012 14:39:45 | Computer Name = 4820TG-PC | Source = DCOM | ID = 10010 Description = Error - 20.06.2012 03:45:51 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?20.?06.?2012 um 09:44:52 unerwartet heruntergefahren. Error - 20.06.2012 12:33:08 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 20.06.2012 12:33:08 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 30.06.2012 17:04:42 | Computer Name = 4820TG-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?30.?06.?2012 um 23:01:53 unerwartet heruntergefahren. Error - 30.06.2012 17:04:55 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 03.07.2012 09:17:33 | Computer Name = 4820TG-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > |
05.07.2012, 19:54 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangenZitat:
ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
05.07.2012, 20:40 | #5 |
| GVU-Trojaner eingefangen In diesem Log wurde genau die von mir beschriebene exe-Datei als Treffer angegeben. Also C:\users\AppData\Local\Temp\roper0dun.exe. Diese konnte ich wie beschrieben entfernen und wird nicht mehr angezeigt. Hier nun nochmal der ESET-Scan log: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=da10a3a01108c746a59c77a2f499dd47 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-05 07:36:47 # local_time=2012-07-05 09:36:47 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1792 16777215 100 0 22733915 22733915 0 0 # compatibility_mode=5893 16776573 100 94 17686 93145555 0 0 # compatibility_mode=8192 67108863 100 0 13003 13003 0 0 # scanned=134436 # found=0 # cleaned=0 # scan_time=1302 |
05.07.2012, 21:01 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> GVU-Trojaner eingefangen |
05.07.2012, 21:28 | #7 |
| GVU-Trojaner eingefangen Ok, also hier die antworten: 1. Der normale Modus von Windows geht wieder uneingeschränkt. Der PC fährt ganz normal hoch und auch das Internet lässt sich ohne Probleme öffnen. Der Task-Manager, den man auch nicht öffnen konnte lässt sich ebenfalls wieder ganz normal öffnen. 2.Auch im Startmenu ist alles normal, da sind nur Ordner zu Programmen die ich auch kenne. |
05.07.2012, 21:42 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
05.07.2012, 22:04 | #9 |
| GVU-Trojaner eingefangen So, ich habe nun den OTL-Scan gemacht: Code:
ATTFilter OTL logfile created on: 05.07.2012 22:51:43 - Run 6 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Lukas\weiter Software 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 63,24% Memory free 7,35 Gb Paging File | 5,80 Gb Available in Paging File | 78,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 135,95 Gb Total Space | 70,28 Gb Free Space | 51,70% Space Free | Partition Type: NTFS Computer Name: 4820TG-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 21:11:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\weiter Software\OTL.exe PRC - [2012.05.23 16:20:18 | 000,364,544 | ---- | M] (Secure Banking) -- C:\Program Files (x86)\Secure Banking\SecureBanking.exe PRC - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:32:31 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.05.25 02:21:56 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.04.23 18:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe PRC - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 10:41:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.13 10:41:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.22 15:10:52 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\funcs.dll MOD - [2012.05.22 15:09:44 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\SecureBanking.dll MOD - [2012.05.10 19:11:36 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5e8f8f2c9fc237166053716f39f5ea67\IAStorUtil.ni.dll MOD - [2012.05.09 18:07:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.09 18:07:05 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.09 18:06:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.09 18:06:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.09 18:06:51 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.09 18:06:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.01.30 16:17:44 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Secure Banking\sbservice.exe MOD - [2010.09.15 23:21:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.15 23:21:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.05.25 02:16:18 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.25 13:46:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 21:32:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:32:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.01 12:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011.09.22 22:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.06.11 14:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:32:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:32:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.08 19:18:56 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2012.04.08 19:18:56 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.04.08 19:18:56 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.04.08 19:18:56 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2012.04.08 19:18:56 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820tg&r=27361010k806l0443z1j5t7711j693 IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 13:46:21 | 000,000,000 | ---D | M] [2011.10.01 17:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2012.05.02 20:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\mclysl1s.default\extensions [2012.03.28 13:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.25 13:46:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.28 13:23:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.28 13:23:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.28 13:23:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.28 13:23:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.28 13:23:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.28 13:23:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O4 - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB20C9E-6688-4474-9D8C-78ED8197511A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: DhcpNameServer = 82.212.62.62 78.42.43.62 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 19:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.05 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.05 17:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.05 15:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2012.07.05 15:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2012.07.05 15:45:14 | 000,000,000 | ---D | C] -- C:\Users\Lukas\weiter Software [2012.07.05 15:21:24 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.05 15:00:17 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2012 [2012.07.05 15:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2012 [2012.07.05 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Auslogics [2012.07.04 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes [2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 20:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 20:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.04 20:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.17 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.06.13 10:30:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.13 10:29:37 | 000,000,000 | ---D | C] -- C:\2194756f52c55284dcf5 [1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.05 22:53:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 22:53:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 22:51:15 | 002,173,354 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.05 22:51:15 | 001,146,586 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.05 22:51:15 | 000,625,926 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.05 22:51:15 | 000,554,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.05 22:51:15 | 000,006,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.05 22:46:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.05 22:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 22:46:35 | 2962,239,488 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 21:57:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin [2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys [2012.06.17 14:19:15 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.06.13 10:31:49 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Users\Lukas\AppData\Local\*.tmp files -> C:\Users\Lukas\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin [2012.07.05 15:47:32 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys [2012.06.17 14:19:15 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.04.04 18:31:34 | 000,007,605 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg [2011.09.23 17:04:56 | 000,000,192 | ---- | C] () -- C:\Windows\bctester_de.INI [2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.20 17:48:48 | 001,777,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.05 19:23:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.10.05 12:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.05 11:50:31 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2010.09.15 13:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.15 13:26:12 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.07.05 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Auslogics [2011.11.04 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Bioshock2 [2012.07.01 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ [2011.09.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Liteon [2010.10.20 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PowerCinema [2010.10.06 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer [2012.07.04 19:28:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.26 18:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Adobe [2010.10.04 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ATI [2012.07.05 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Auslogics [2011.10.16 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Avira [2011.11.04 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Bioshock2 [2010.10.20 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\CyberLink [2012.05.07 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Google [2012.07.01 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ [2010.10.04 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Identities [2010.10.04 11:55:05 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Intel Corporation [2011.09.23 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Liteon [2010.10.04 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Macromedia [2012.07.04 20:49:57 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Media Center Programs [2012.05.27 12:24:34 | 000,000,000 | --SD | M] -- C:\Users\Lukas\AppData\Roaming\Microsoft [2011.11.24 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mozilla [2010.10.20 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PowerCinema [2010.10.13 19:17:17 | 000,000,000 | RH-D | M] -- C:\Users\Lukas\AppData\Roaming\SecuROM [2010.10.06 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2011.06.26 18:33:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Lukas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 < End of report > |
06.07.2012, 08:41 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-21-3772388013-4205554985-1094341838-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin [2012.07.05 15:47:32 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2012, 13:52 | #11 |
| GVU-Trojaner eingefangen Ich habe den OTL-Fix nun durchgeführt und den Viranscanner dabei auch deaktiviert. Nach einem Neustart erschien folgendes log: Code:
ATTFilter File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found! C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\Lukas\AppData\Local\Temp\OICE_FF9472BE-0AAF-4101-AF80-73F1808AD2E4.0\ABBE0378. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_E2829948-02DC-4F65-B30F-A866DED4C79D.0\B85D58A7. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found! File C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! [2012.07.06 14:43:25 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5 [2012.07.06 12:00:54 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F Registry entries deleted on Reboot... |
06.07.2012, 14:41 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Log sieht irgendwie unvollständig aus
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2012, 18:25 | #13 |
| GVU-Trojaner eingefangen Ich habe es nochmal wiederholt und den Inhalt des Befehls getrennt: Code:
ATTFilter All processes killed ========== OTL ========== Unable to delete ADS C:\ProgramData\Temp:CDFF58FE . Unable to delete ADS C:\ProgramData\Temp:93EB7685 . Unable to delete ADS C:\ProgramData\Temp:5D7E5A8F . Unable to delete ADS C:\ProgramData\Temp:E36F5B57 . Unable to delete ADS C:\ProgramData\Temp:1A60DE96 . Unable to delete ADS C:\ProgramData\Temp:E1F04E8D . Unable to delete ADS C:\ProgramData\Temp:0B9176C0 . Unable to delete ADS C:\ProgramData\Temp:4D066AD2 . Unable to delete ADS C:\ProgramData\Temp:798A3728 . Unable to delete ADS C:\ProgramData\Temp:E3C56885 . ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lukas ->Temp folder emptied: 73532 bytes ->Temporary Internet Files folder emptied: 1241247 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 6142341 bytes ->Flash cache emptied: 506 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1216 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 7,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Lukas ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb Code:
ATTFilter All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. File C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin not found. File C:\Windows\90C7D912BE2316.sys not found. File C:\Users\Lukas\AppData\Roaming\Windows1569_SettingsRepository.bin not found. File C:\Windows\90C7D912BE2316.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lukas ->Temp folder emptied: 4428 bytes ->Temporary Internet Files folder emptied: 33318 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Lukas ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.53.1 log created on 07062012_175915 Files\Folders moved on Reboot... File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_FF9472BE-0AAF-4101-AF80-73F1808AD2E4.0\ABBE0378. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_E2829948-02DC-4F65-B30F-A866DED4C79D.0\B85D58A7. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found! File\Folder C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found! C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\Lukas\AppData\Local\Temp\OICE_FF9472BE-0AAF-4101-AF80-73F1808AD2E4.0\ABBE0378. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_E2829948-02DC-4F65-B30F-A866DED4C79D.0\B85D58A7. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_C1046443-8052-444B-928B-26C491854BC3.0\2F32937B. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_B334CE6E-EF7B-4FF9-82C1-7AD9EE255BA9.0\A73A0705. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_A47145FD-6BAE-4F52-9E94-FFA3979D9B5D.0\1F4AD0FA. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_A4383317-4BBE-45BB-AD96-3EEBD0C8DF43.0\6B4A61B7. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_A172590B-2C08-4CF9-8B1A-F20C1E161BDA.0\A0442744. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_76582225-FA2F-4B31-9FD6-EFEF64F4079E.0\F9AE3EBF. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_7055216B-43A8-41DF-BC35-2DE469A970D1.0\341F833A. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_6054404A-5035-437A-9223-5E85563FDF2B.0\FB2501A3. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_59C7C45B-AFD5-437A-8061-AA749BFA236E.0\19067B32. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_4ABBF5AF-6696-49C7-A6CC-E20D9EB48824.0\8590AE65. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_2D2E708D-CAB3-494A-B394-DE9E0AAA5D8C.0\94AF89B1. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_0F2A8245-C55C-4BD5-8570-9A9EFB03E83D.0\1198093D. not found! File C:\Users\Lukas\AppData\Local\Temp\OICE_0A05536B-1647-4DCA-BBC4-E077B5CA9F19.0\F733A830. not found! File C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! [2012.07.06 17:59:54 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5 Registry entries deleted on Reboot... Ich denke ich lasse es erst einmal so wie es ist, denn im Moment läuft alles wieder normal. Es scheint sich auch nichts mehr finden zu lassen. |
09.07.2012, 08:40 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner eingefangen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.07.2012, 17:05 | #15 |
| GVU-Trojaner eingefangen Hier ist das log: Code:
ATTFilter 18:02:31.0271 3828 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 18:02:31.0334 3828 ============================================================ 18:02:31.0334 3828 Current date / time: 2012/07/09 18:02:31.0334 18:02:31.0334 3828 SystemInfo: 18:02:31.0334 3828 18:02:31.0334 3828 OS Version: 6.1.7600 ServicePack: 0.0 18:02:31.0334 3828 Product type: Workstation 18:02:31.0334 3828 ComputerName: 4820TG-PC 18:02:31.0334 3828 UserName: Lukas 18:02:31.0334 3828 Windows directory: C:\Windows 18:02:31.0334 3828 System windows directory: C:\Windows 18:02:31.0334 3828 Running under WOW64 18:02:31.0334 3828 Processor architecture: Intel x64 18:02:31.0334 3828 Number of processors: 4 18:02:31.0334 3828 Page size: 0x1000 18:02:31.0334 3828 Boot type: Normal boot 18:02:31.0334 3828 ============================================================ 18:02:31.0521 3828 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:02:31.0552 3828 ============================================================ 18:02:31.0552 3828 \Device\Harddisk0\DR0: 18:02:31.0552 3828 MBR partitions: 18:02:31.0552 3828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 18:02:31.0552 3828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x10FE6800 18:02:31.0552 3828 ============================================================ 18:02:31.0552 3828 C: <-> \Device\Harddisk0\DR0\Partition1 18:02:31.0552 3828 ============================================================ 18:02:31.0552 3828 Initialize success 18:02:31.0552 3828 ============================================================ 18:02:36.0856 5888 ============================================================ 18:02:36.0856 5888 Scan started 18:02:36.0856 5888 Mode: Manual; SigCheck; TDLFS; 18:02:36.0856 5888 ============================================================ 18:02:37.0043 5888 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 18:02:37.0106 5888 1394ohci - ok 18:02:37.0121 5888 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 18:02:37.0137 5888 ACPI - ok 18:02:37.0137 5888 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 18:02:37.0153 5888 AcpiPmi - ok 18:02:37.0168 5888 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:02:37.0168 5888 AdobeARMservice - ok 18:02:37.0184 5888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 18:02:37.0199 5888 adp94xx - ok 18:02:37.0215 5888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 18:02:37.0231 5888 adpahci - ok 18:02:37.0231 5888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 18:02:37.0246 5888 adpu320 - ok 18:02:37.0246 5888 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 18:02:37.0277 5888 AeLookupSvc - ok 18:02:37.0293 5888 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 18:02:37.0309 5888 AFD - ok 18:02:37.0309 5888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 18:02:37.0324 5888 agp440 - ok 18:02:37.0324 5888 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 18:02:37.0340 5888 ALG - ok 18:02:37.0340 5888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 18:02:37.0340 5888 aliide - ok 18:02:37.0355 5888 AMD External Events Utility (671d9dca48da807780d8409c18ed0ae0) C:\Windows\system32\atiesrxx.exe 18:02:37.0371 5888 AMD External Events Utility - ok 18:02:37.0371 5888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 18:02:37.0387 5888 amdide - ok 18:02:37.0387 5888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 18:02:37.0387 5888 AmdK8 - ok 18:02:37.0621 5888 amdkmdag (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys 18:02:37.0683 5888 amdkmdag - ok 18:02:37.0730 5888 amdkmdap (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys 18:02:37.0745 5888 amdkmdap - ok 18:02:37.0745 5888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 18:02:37.0761 5888 AmdPPM - ok 18:02:37.0777 5888 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 18:02:37.0777 5888 amdsata - ok 18:02:37.0792 5888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 18:02:37.0808 5888 amdsbs - ok 18:02:37.0808 5888 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 18:02:37.0823 5888 amdxata - ok 18:02:37.0823 5888 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS 18:02:37.0823 5888 AmUStor - ok 18:02:37.0839 5888 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 18:02:37.0855 5888 AntiVirSchedulerService - ok 18:02:37.0855 5888 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 18:02:37.0870 5888 AntiVirService - ok 18:02:37.0870 5888 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 18:02:37.0886 5888 AppID - ok 18:02:37.0886 5888 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 18:02:37.0917 5888 AppIDSvc - ok 18:02:37.0933 5888 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 18:02:37.0933 5888 Appinfo - ok 18:02:37.0933 5888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 18:02:37.0948 5888 arc - ok 18:02:37.0948 5888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 18:02:37.0964 5888 arcsas - ok 18:02:37.0979 5888 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:02:37.0979 5888 aspnet_state - ok 18:02:37.0979 5888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 18:02:38.0011 5888 AsyncMac - ok 18:02:38.0011 5888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 18:02:38.0026 5888 atapi - ok 18:02:38.0089 5888 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys 18:02:38.0135 5888 athr - ok 18:02:38.0182 5888 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 18:02:38.0213 5888 AtiHdmiService - ok 18:02:38.0245 5888 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 18:02:38.0276 5888 AudioEndpointBuilder - ok 18:02:38.0276 5888 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 18:02:38.0323 5888 AudioSrv - ok 18:02:38.0323 5888 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 18:02:38.0338 5888 avgntflt - ok 18:02:38.0338 5888 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 18:02:38.0354 5888 avipbb - ok 18:02:38.0354 5888 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 18:02:38.0369 5888 avkmgr - ok 18:02:38.0369 5888 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 18:02:38.0385 5888 AxInstSV - ok 18:02:38.0401 5888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 18:02:38.0401 5888 b06bdrv - ok 18:02:38.0416 5888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 18:02:38.0432 5888 b57nd60a - ok 18:02:38.0557 5888 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys 18:02:38.0603 5888 BCM43XX - ok 18:02:38.0603 5888 BcmSqlStartupSvc (2e552b658273b90251e0441631de2ca3) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 18:02:38.0619 5888 BcmSqlStartupSvc - ok 18:02:38.0650 5888 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 18:02:38.0650 5888 BDESVC - ok 18:02:38.0666 5888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 18:02:38.0697 5888 Beep - ok 18:02:38.0728 5888 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 18:02:38.0759 5888 BFE - ok 18:02:38.0791 5888 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 18:02:38.0837 5888 BITS - ok 18:02:38.0837 5888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 18:02:38.0853 5888 blbdrive - ok 18:02:38.0853 5888 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 18:02:38.0869 5888 bowser - ok 18:02:38.0869 5888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:02:38.0869 5888 BrFiltLo - ok 18:02:38.0884 5888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:02:38.0884 5888 BrFiltUp - ok 18:02:38.0900 5888 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 18:02:38.0931 5888 Browser - ok 18:02:38.0931 5888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 18:02:38.0947 5888 Brserid - ok 18:02:38.0947 5888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 18:02:38.0962 5888 BrSerWdm - ok 18:02:38.0962 5888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:02:38.0978 5888 BrUsbMdm - ok 18:02:38.0978 5888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 18:02:38.0993 5888 BrUsbSer - ok 18:02:38.0993 5888 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 18:02:38.0993 5888 BthEnum - ok 18:02:39.0009 5888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 18:02:39.0009 5888 BTHMODEM - ok 18:02:39.0025 5888 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 18:02:39.0025 5888 BthPan - ok 18:02:39.0040 5888 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys 18:02:39.0056 5888 BTHPORT - ok 18:02:39.0056 5888 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 18:02:39.0087 5888 bthserv - ok 18:02:39.0103 5888 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys 18:02:39.0103 5888 BTHUSB - ok 18:02:39.0134 5888 btwampfl (3aff6dc496b8a8d12c867e3fc7c86fac) C:\Windows\system32\drivers\btwampfl.sys 18:02:39.0149 5888 btwampfl - ok 18:02:39.0165 5888 btwaudio (336bba0909b3636ab7d06a71d7b1c0dc) C:\Windows\system32\drivers\btwaudio.sys 18:02:39.0165 5888 btwaudio - ok 18:02:39.0181 5888 btwavdt (9ff58f76024d25784755b01f926b00be) C:\Windows\system32\DRIVERS\btwavdt.sys 18:02:39.0181 5888 btwavdt - ok 18:02:39.0227 5888 btwdins (26a80d7aca49e03a403806418b5fed46) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 18:02:39.0243 5888 btwdins - ok 18:02:39.0259 5888 btwl2cap (b1acfd00cdd13b48d86f46bfec153bf9) C:\Windows\system32\DRIVERS\btwl2cap.sys 18:02:39.0259 5888 btwl2cap - ok 18:02:39.0259 5888 btwrchid (edd953d635f3aa89ef902e3f82d60d22) C:\Windows\system32\DRIVERS\btwrchid.sys 18:02:39.0274 5888 btwrchid - ok 18:02:39.0274 5888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 18:02:39.0305 5888 cdfs - ok 18:02:39.0305 5888 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 18:02:39.0321 5888 cdrom - ok 18:02:39.0321 5888 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 18:02:39.0352 5888 CertPropSvc - ok 18:02:39.0352 5888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 18:02:39.0368 5888 circlass - ok 18:02:39.0383 5888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 18:02:39.0399 5888 CLFS - ok 18:02:39.0399 5888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:02:39.0415 5888 clr_optimization_v2.0.50727_32 - ok 18:02:39.0415 5888 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:02:39.0430 5888 clr_optimization_v2.0.50727_64 - ok 18:02:39.0446 5888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:02:39.0446 5888 clr_optimization_v4.0.30319_32 - ok 18:02:39.0461 5888 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:02:39.0461 5888 clr_optimization_v4.0.30319_64 - ok 18:02:39.0477 5888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 18:02:39.0477 5888 CmBatt - ok 18:02:39.0477 5888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 18:02:39.0493 5888 cmdide - ok 18:02:39.0508 5888 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 18:02:39.0524 5888 CNG - ok 18:02:39.0524 5888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 18:02:39.0539 5888 Compbatt - ok 18:02:39.0539 5888 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 18:02:39.0555 5888 CompositeBus - ok 18:02:39.0555 5888 COMSysApp - ok 18:02:39.0555 5888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 18:02:39.0571 5888 crcdisk - ok 18:02:39.0571 5888 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 18:02:39.0586 5888 CryptSvc - ok 18:02:39.0586 5888 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 18:02:39.0602 5888 dc3d - ok 18:02:39.0617 5888 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 18:02:39.0649 5888 DcomLaunch - ok 18:02:39.0664 5888 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 18:02:39.0695 5888 defragsvc - ok 18:02:39.0711 5888 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 18:02:39.0711 5888 DfsC - ok 18:02:39.0727 5888 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 18:02:39.0742 5888 Dhcp - ok 18:02:39.0742 5888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 18:02:39.0773 5888 discache - ok 18:02:39.0773 5888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 18:02:39.0789 5888 Disk - ok 18:02:39.0805 5888 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 18:02:39.0805 5888 Dnscache - ok 18:02:39.0820 5888 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 18:02:39.0851 5888 dot3svc - ok 18:02:39.0851 5888 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 18:02:39.0883 5888 DPS - ok 18:02:39.0883 5888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 18:02:39.0898 5888 drmkaud - ok 18:02:39.0914 5888 DsiWMIService (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 18:02:39.0914 5888 DsiWMIService - ok 18:02:39.0961 5888 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 18:02:39.0992 5888 DXGKrnl - ok 18:02:39.0992 5888 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 18:02:40.0023 5888 EapHost - ok 18:02:40.0132 5888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 18:02:40.0179 5888 ebdrv - ok 18:02:40.0210 5888 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 18:02:40.0226 5888 EFS - ok 18:02:40.0257 5888 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 18:02:40.0273 5888 ehRecvr - ok 18:02:40.0288 5888 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 18:02:40.0304 5888 ehSched - ok 18:02:40.0335 5888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 18:02:40.0351 5888 elxstor - ok 18:02:40.0382 5888 ePowerSvc (eb78fbd1c3db8223eeb364d485627ef1) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 18:02:40.0397 5888 ePowerSvc - ok 18:02:40.0444 5888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 18:02:40.0444 5888 ErrDev - ok 18:02:40.0475 5888 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 18:02:40.0507 5888 EventSystem - ok 18:02:40.0507 5888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 18:02:40.0538 5888 exfat - ok 18:02:40.0553 5888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 18:02:40.0585 5888 fastfat - ok 18:02:40.0600 5888 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 18:02:40.0616 5888 Fax - ok 18:02:40.0631 5888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 18:02:40.0631 5888 fdc - ok 18:02:40.0631 5888 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 18:02:40.0663 5888 fdPHost - ok 18:02:40.0663 5888 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 18:02:40.0694 5888 FDResPub - ok 18:02:40.0709 5888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 18:02:40.0709 5888 FileInfo - ok 18:02:40.0709 5888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 18:02:40.0741 5888 Filetrace - ok 18:02:40.0741 5888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 18:02:40.0756 5888 flpydisk - ok 18:02:40.0772 5888 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 18:02:40.0772 5888 FltMgr - ok 18:02:40.0803 5888 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 18:02:40.0819 5888 FontCache - ok 18:02:40.0819 5888 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:02:40.0834 5888 FontCache3.0.0.0 - ok 18:02:40.0834 5888 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 18:02:40.0850 5888 FsDepends - ok 18:02:40.0850 5888 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 18:02:40.0865 5888 Fs_Rec - ok 18:02:40.0865 5888 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 18:02:40.0881 5888 fvevol - ok 18:02:40.0881 5888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 18:02:40.0897 5888 gagp30kx - ok 18:02:40.0928 5888 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 18:02:40.0943 5888 gpsvc - ok 18:02:40.0943 5888 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 18:02:40.0959 5888 GREGService - ok 18:02:40.0959 5888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:02:40.0975 5888 gupdate - ok 18:02:40.0975 5888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:02:40.0975 5888 gupdatem - ok 18:02:40.0990 5888 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:02:41.0006 5888 gusvc - ok 18:02:41.0006 5888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 18:02:41.0006 5888 hcw85cir - ok 18:02:41.0037 5888 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 18:02:41.0037 5888 HdAudAddService - ok 18:02:41.0053 5888 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:02:41.0068 5888 HDAudBus - ok 18:02:41.0068 5888 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 18:02:41.0084 5888 HECIx64 - ok 18:02:41.0084 5888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 18:02:41.0084 5888 HidBatt - ok 18:02:41.0099 5888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 18:02:41.0099 5888 HidBth - ok 18:02:41.0115 5888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 18:02:41.0131 5888 HidIr - ok 18:02:41.0131 5888 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 18:02:41.0162 5888 hidserv - ok 18:02:41.0162 5888 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 18:02:41.0162 5888 HidUsb - ok 18:02:41.0177 5888 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 18:02:41.0209 5888 hkmsvc - ok 18:02:41.0209 5888 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 18:02:41.0224 5888 HomeGroupListener - ok 18:02:41.0224 5888 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 18:02:41.0240 5888 HomeGroupProvider - ok 18:02:41.0240 5888 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 18:02:41.0255 5888 HpSAMD - ok 18:02:41.0287 5888 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 18:02:41.0318 5888 HTTP - ok 18:02:41.0318 5888 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 18:02:41.0318 5888 hwpolicy - ok 18:02:41.0333 5888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 18:02:41.0333 5888 i8042prt - ok 18:02:41.0349 5888 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 18:02:41.0365 5888 iaStor - ok 18:02:41.0365 5888 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 18:02:41.0380 5888 IAStorDataMgrSvc - ok 18:02:41.0396 5888 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 18:02:41.0396 5888 iaStorV - ok 18:02:41.0427 5888 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:02:41.0443 5888 idsvc - ok 18:02:41.0458 5888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 18:02:41.0458 5888 iirsp - ok 18:02:41.0489 5888 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 18:02:41.0536 5888 IKEEXT - ok 18:02:41.0536 5888 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys 18:02:41.0552 5888 Impcd - ok 18:02:41.0630 5888 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys 18:02:41.0677 5888 IntcAzAudAddService - ok 18:02:41.0723 5888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 18:02:41.0739 5888 intelide - ok 18:02:42.0145 5888 intelkmd (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdpmd64.sys 18:02:42.0238 5888 intelkmd - ok 18:02:42.0285 5888 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 18:02:42.0285 5888 intelppm - ok 18:02:42.0301 5888 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 18:02:42.0332 5888 IPBusEnum - ok 18:02:42.0332 5888 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:02:42.0363 5888 IpFilterDriver - ok 18:02:42.0379 5888 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 18:02:42.0410 5888 iphlpsvc - ok 18:02:42.0425 5888 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 18:02:42.0425 5888 IPMIDRV - ok 18:02:42.0425 5888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 18:02:42.0457 5888 IPNAT - ok 18:02:42.0457 5888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 18:02:42.0472 5888 IRENUM - ok 18:02:42.0472 5888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 18:02:42.0488 5888 isapnp - ok 18:02:42.0503 5888 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 18:02:42.0503 5888 iScsiPrt - ok 18:02:42.0503 5888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 18:02:42.0519 5888 kbdclass - ok 18:02:42.0519 5888 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 18:02:42.0535 5888 kbdhid - ok 18:02:42.0535 5888 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 18:02:42.0550 5888 KeyIso - ok 18:02:42.0550 5888 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 18:02:42.0550 5888 KSecDD - ok 18:02:42.0566 5888 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 18:02:42.0566 5888 KSecPkg - ok 18:02:42.0581 5888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 18:02:42.0597 5888 ksthunk - ok 18:02:42.0613 5888 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 18:02:42.0644 5888 KtmRm - ok 18:02:42.0659 5888 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys 18:02:42.0659 5888 L1C - ok 18:02:42.0675 5888 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 18:02:42.0675 5888 LanmanServer - ok 18:02:42.0691 5888 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 18:02:42.0722 5888 LanmanWorkstation - ok 18:02:42.0722 5888 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 18:02:42.0753 5888 lltdio - ok 18:02:42.0769 5888 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 18:02:42.0800 5888 lltdsvc - ok 18:02:42.0800 5888 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 18:02:42.0831 5888 lmhosts - ok 18:02:42.0847 5888 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:02:42.0847 5888 LMS ( UnsignedFile.Multi.Generic ) - warning 18:02:42.0847 5888 LMS - detected UnsignedFile.Multi.Generic (1) 18:02:42.0847 5888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 18:02:42.0862 5888 LSI_FC - ok 18:02:42.0862 5888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 18:02:42.0878 5888 LSI_SAS - ok 18:02:42.0878 5888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:02:42.0893 5888 LSI_SAS2 - ok 18:02:42.0893 5888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:02:42.0909 5888 LSI_SCSI - ok 18:02:42.0909 5888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 18:02:42.0940 5888 luafv - ok 18:02:42.0940 5888 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 18:02:42.0956 5888 Mcx2Svc - ok 18:02:42.0956 5888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 18:02:42.0971 5888 megasas - ok 18:02:42.0971 5888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 18:02:42.0987 5888 MegaSR - ok 18:02:43.0003 5888 Microsoft SharePoint Workspace Audit Service - ok 18:02:43.0003 5888 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:02:43.0034 5888 MMCSS - ok 18:02:43.0034 5888 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 18:02:43.0065 5888 Modem - ok 18:02:43.0065 5888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 18:02:43.0081 5888 monitor - ok 18:02:43.0081 5888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 18:02:43.0081 5888 mouclass - ok 18:02:43.0096 5888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 18:02:43.0096 5888 mouhid - ok 18:02:43.0096 5888 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 18:02:43.0112 5888 mountmgr - ok 18:02:43.0127 5888 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:02:43.0127 5888 MozillaMaintenance - ok 18:02:43.0143 5888 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 18:02:43.0143 5888 mpio - ok 18:02:43.0143 5888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 18:02:43.0174 5888 mpsdrv - ok 18:02:43.0205 5888 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 18:02:43.0237 5888 MpsSvc - ok 18:02:43.0237 5888 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 18:02:43.0252 5888 MRxDAV - ok 18:02:43.0252 5888 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:02:43.0268 5888 mrxsmb - ok 18:02:43.0283 5888 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:02:43.0283 5888 mrxsmb10 - ok 18:02:43.0299 5888 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:02:43.0315 5888 mrxsmb20 - ok 18:02:43.0315 5888 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 18:02:43.0315 5888 msahci - ok 18:02:43.0330 5888 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 18:02:43.0330 5888 msdsm - ok 18:02:43.0346 5888 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 18:02:43.0346 5888 MSDTC - ok 18:02:43.0361 5888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 18:02:43.0393 5888 Msfs - ok 18:02:43.0393 5888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 18:02:43.0408 5888 mshidkmdf - ok 18:02:43.0424 5888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 18:02:43.0424 5888 msisadrv - ok 18:02:43.0439 5888 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 18:02:43.0471 5888 MSiSCSI - ok 18:02:43.0471 5888 msiserver - ok 18:02:43.0471 5888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 18:02:43.0502 5888 MSKSSRV - ok 18:02:43.0502 5888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 18:02:43.0533 5888 MSPCLOCK - ok 18:02:43.0533 5888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 18:02:43.0564 5888 MSPQM - ok 18:02:43.0580 5888 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 18:02:43.0580 5888 MsRPC - ok 18:02:43.0595 5888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 18:02:43.0595 5888 mssmbios - ok 18:02:43.0611 5888 MSSQL$MSSMLBIZ - ok 18:02:43.0611 5888 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 18:02:43.0611 5888 MSSQLServerADHelper100 - ok 18:02:43.0627 5888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 18:02:43.0642 5888 MSTEE - ok 18:02:43.0658 5888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 18:02:43.0658 5888 MTConfig - ok 18:02:43.0658 5888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 18:02:43.0673 5888 Mup - ok 18:02:43.0673 5888 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 18:02:43.0673 5888 mwlPSDFilter - ok 18:02:43.0689 5888 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 18:02:43.0689 5888 mwlPSDNServ - ok 18:02:43.0689 5888 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 18:02:43.0705 5888 mwlPSDVDisk - ok 18:02:43.0705 5888 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe 18:02:43.0720 5888 MWLService - ok 18:02:43.0736 5888 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 18:02:43.0767 5888 napagent - ok 18:02:43.0767 5888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 18:02:43.0783 5888 NativeWifiP - ok 18:02:43.0814 5888 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 18:02:43.0829 5888 NDIS - ok 18:02:43.0829 5888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 18:02:43.0861 5888 NdisCap - ok 18:02:43.0861 5888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 18:02:43.0892 5888 NdisTapi - ok 18:02:43.0892 5888 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 18:02:43.0923 5888 Ndisuio - ok 18:02:43.0923 5888 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 18:02:43.0954 5888 NdisWan - ok 18:02:43.0954 5888 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 18:02:43.0985 5888 NDProxy - ok 18:02:43.0985 5888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 18:02:44.0017 5888 NetBIOS - ok 18:02:44.0032 5888 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 18:02:44.0063 5888 NetBT - ok 18:02:44.0063 5888 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 18:02:44.0079 5888 Netlogon - ok 18:02:44.0095 5888 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 18:02:44.0126 5888 Netman - ok 18:02:44.0141 5888 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:02:44.0141 5888 NetMsmqActivator - ok 18:02:44.0141 5888 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:02:44.0157 5888 NetPipeActivator - ok 18:02:44.0173 5888 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 18:02:44.0204 5888 netprofm - ok 18:02:44.0204 5888 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:02:44.0219 5888 NetTcpActivator - ok 18:02:44.0219 5888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:02:44.0219 5888 NetTcpPortSharing - ok 18:02:44.0235 5888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 18:02:44.0235 5888 nfrd960 - ok 18:02:44.0251 5888 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 18:02:44.0282 5888 NlaSvc - ok 18:02:44.0297 5888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 18:02:44.0313 5888 Npfs - ok 18:02:44.0329 5888 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 18:02:44.0344 5888 nsi - ok 18:02:44.0360 5888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 18:02:44.0375 5888 nsiproxy - ok 18:02:44.0438 5888 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 18:02:44.0469 5888 Ntfs - ok 18:02:44.0485 5888 NTI IScheduleSvc (6fd534ede2905d3c3257cfdd881f9705) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 18:02:44.0500 5888 NTI IScheduleSvc - ok 18:02:44.0500 5888 NTIBackupSvc (28c59f594044cbf8598b18c927097091) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 18:02:44.0500 5888 NTIBackupSvc - ok 18:02:44.0547 5888 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys 18:02:44.0547 5888 NTIDrvr - ok 18:02:44.0563 5888 NTISchedulerSvc (b8d903b2894ff9afbd99ca51c35590d7) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 18:02:44.0563 5888 NTISchedulerSvc - ok 18:02:44.0563 5888 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 18:02:44.0594 5888 Null - ok 18:02:44.0609 5888 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 18:02:44.0625 5888 nvraid - ok 18:02:44.0625 5888 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 18:02:44.0641 5888 nvstor - ok 18:02:44.0641 5888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 18:02:44.0656 5888 nv_agp - ok 18:02:44.0656 5888 ODDPwrSvc (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe 18:02:44.0672 5888 ODDPwrSvc - ok 18:02:44.0672 5888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 18:02:44.0687 5888 ohci1394 - ok 18:02:44.0687 5888 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:02:44.0703 5888 ose - ok 18:02:44.0906 5888 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:02:44.0968 5888 osppsvc - ok 18:02:45.0015 5888 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:02:45.0015 5888 p2pimsvc - ok 18:02:45.0031 5888 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 18:02:45.0046 5888 p2psvc - ok 18:02:45.0062 5888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 18:02:45.0077 5888 Parport - ok 18:02:45.0077 5888 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 18:02:45.0093 5888 partmgr - ok 18:02:45.0093 5888 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 18:02:45.0109 5888 PcaSvc - ok 18:02:45.0109 5888 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 18:02:45.0124 5888 pci - ok 18:02:45.0124 5888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 18:02:45.0140 5888 pciide - ok 18:02:45.0140 5888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 18:02:45.0155 5888 pcmcia - ok 18:02:45.0155 5888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 18:02:45.0171 5888 pcw - ok 18:02:45.0187 5888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 18:02:45.0218 5888 PEAUTH - ok 18:02:45.0265 5888 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 18:02:45.0280 5888 PerfHost - ok 18:02:45.0374 5888 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 18:02:45.0436 5888 pla - ok 18:02:45.0467 5888 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 18:02:45.0467 5888 PlugPlay - ok 18:02:45.0483 5888 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 18:02:45.0483 5888 PNRPAutoReg - ok 18:02:45.0499 5888 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:02:45.0514 5888 PNRPsvc - ok 18:02:45.0530 5888 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 18:02:45.0561 5888 PolicyAgent - ok 18:02:45.0577 5888 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 18:02:45.0608 5888 Power - ok 18:02:45.0608 5888 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 18:02:45.0639 5888 PptpMiniport - ok 18:02:45.0655 5888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 18:02:45.0655 5888 Processor - ok 18:02:45.0670 5888 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 18:02:45.0686 5888 ProfSvc - ok 18:02:45.0686 5888 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 18:02:45.0701 5888 ProtectedStorage - ok 18:02:45.0701 5888 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 18:02:45.0733 5888 Psched - ok 18:02:45.0795 5888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 18:02:45.0826 5888 ql2300 - ok 18:02:45.0857 5888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 18:02:45.0889 5888 ql40xx - ok 18:02:45.0889 5888 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 18:02:45.0920 5888 QWAVE - ok 18:02:45.0920 5888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 18:02:45.0951 5888 QWAVEdrv - ok 18:02:45.0951 5888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 18:02:45.0982 5888 RasAcd - ok 18:02:45.0982 5888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:02:46.0013 5888 RasAgileVpn - ok 18:02:46.0013 5888 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 18:02:46.0045 5888 RasAuto - ok 18:02:46.0045 5888 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:02:46.0076 5888 Rasl2tp - ok 18:02:46.0091 5888 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 18:02:46.0123 5888 RasMan - ok 18:02:46.0138 5888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 18:02:46.0154 5888 RasPppoe - ok 18:02:46.0169 5888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 18:02:46.0201 5888 RasSstp - ok 18:02:46.0216 5888 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 18:02:46.0232 5888 rdbss - ok 18:02:46.0247 5888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 18:02:46.0247 5888 rdpbus - ok 18:02:46.0247 5888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:02:46.0279 5888 RDPCDD - ok 18:02:46.0294 5888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 18:02:46.0310 5888 RDPENCDD - ok 18:02:46.0325 5888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 18:02:46.0341 5888 RDPREFMP - ok 18:02:46.0357 5888 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 18:02:46.0372 5888 RDPWD - ok 18:02:46.0372 5888 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 18:02:46.0388 5888 rdyboost - ok 18:02:46.0388 5888 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 18:02:46.0419 5888 RemoteAccess - ok 18:02:46.0435 5888 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 18:02:46.0466 5888 RemoteRegistry - ok 18:02:46.0481 5888 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 18:02:46.0481 5888 RFCOMM - ok 18:02:46.0497 5888 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 18:02:46.0513 5888 RichVideo ( UnsignedFile.Multi.Generic ) - warning 18:02:46.0513 5888 RichVideo - detected UnsignedFile.Multi.Generic (1) 18:02:46.0513 5888 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 18:02:46.0544 5888 RpcEptMapper - ok 18:02:46.0544 5888 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 18:02:46.0559 5888 RpcLocator - ok 18:02:46.0575 5888 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 18:02:46.0606 5888 RpcSs - ok 18:02:46.0606 5888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 18:02:46.0637 5888 rspndr - ok 18:02:46.0653 5888 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 18:02:46.0653 5888 RS_Service - ok 18:02:46.0669 5888 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 18:02:46.0669 5888 SamSs - ok 18:02:46.0684 5888 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 18:02:46.0684 5888 sbp2port - ok 18:02:46.0731 5888 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 18:02:46.0762 5888 SBSDWSCService - ok 18:02:46.0778 5888 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 18:02:46.0809 5888 SCardSvr - ok 18:02:46.0809 5888 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 18:02:46.0840 5888 scfilter - ok 18:02:46.0887 5888 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 18:02:46.0918 5888 Schedule - ok 18:02:46.0918 5888 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 18:02:46.0949 5888 SCPolicySvc - ok 18:02:46.0965 5888 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 18:02:46.0965 5888 SDRSVC - ok 18:02:46.0981 5888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:02:46.0996 5888 secdrv - ok 18:02:47.0012 5888 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 18:02:47.0043 5888 seclogon - ok 18:02:47.0043 5888 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 18:02:47.0074 5888 SENS - ok 18:02:47.0074 5888 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 18:02:47.0090 5888 SensrSvc - ok 18:02:47.0090 5888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 18:02:47.0090 5888 Serenum - ok 18:02:47.0105 5888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 18:02:47.0105 5888 Serial - ok 18:02:47.0121 5888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 18:02:47.0121 5888 sermouse - ok 18:02:47.0137 5888 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 18:02:47.0168 5888 SessionEnv - ok 18:02:47.0168 5888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 18:02:47.0168 5888 sffdisk - ok 18:02:47.0168 5888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 18:02:47.0183 5888 sffp_mmc - ok 18:02:47.0183 5888 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 18:02:47.0199 5888 sffp_sd - ok 18:02:47.0199 5888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 18:02:47.0199 5888 sfloppy - ok 18:02:47.0215 5888 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 18:02:47.0246 5888 SharedAccess - ok 18:02:47.0261 5888 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 18:02:47.0277 5888 ShellHWDetection - ok 18:02:47.0277 5888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:02:47.0293 5888 SiSRaid2 - ok 18:02:47.0293 5888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 18:02:47.0308 5888 SiSRaid4 - ok 18:02:47.0308 5888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 18:02:47.0339 5888 Smb - ok 18:02:47.0339 5888 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 18:02:47.0355 5888 SNMPTRAP - ok 18:02:47.0355 5888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 18:02:47.0355 5888 spldr - ok 18:02:47.0386 5888 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 18:02:47.0402 5888 Spooler - ok 18:02:47.0527 5888 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 18:02:47.0558 5888 sppsvc - ok 18:02:47.0605 5888 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 18:02:47.0651 5888 sppuinotify - ok 18:02:47.0667 5888 SQLAgent$MSSMLBIZ (a892134c28777978ecde8283dc57ac0f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE 18:02:47.0683 5888 SQLAgent$MSSMLBIZ - ok 18:02:47.0698 5888 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 18:02:47.0698 5888 SQLBrowser - ok 18:02:47.0714 5888 SQLWriter (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 18:02:47.0714 5888 SQLWriter - ok 18:02:47.0745 5888 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 18:02:47.0745 5888 srv - ok 18:02:47.0761 5888 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 18:02:47.0776 5888 srv2 - ok 18:02:47.0792 5888 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 18:02:47.0792 5888 srvnet - ok 18:02:47.0807 5888 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 18:02:47.0839 5888 SSDPSRV - ok 18:02:47.0839 5888 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 18:02:47.0870 5888 SstpSvc - ok 18:02:47.0870 5888 Steam Client Service - ok 18:02:47.0885 5888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 18:02:47.0885 5888 stexstor - ok 18:02:47.0901 5888 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 18:02:47.0932 5888 stisvc - ok 18:02:47.0932 5888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 18:02:47.0932 5888 swenum - ok 18:02:47.0963 5888 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 18:02:47.0995 5888 swprv - ok 18:02:48.0026 5888 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys 18:02:48.0026 5888 SynTP - ok 18:02:48.0088 5888 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 18:02:48.0135 5888 SysMain - ok 18:02:48.0166 5888 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 18:02:48.0182 5888 TabletInputService - ok 18:02:48.0197 5888 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 18:02:48.0229 5888 TapiSrv - ok 18:02:48.0229 5888 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 18:02:48.0260 5888 TBS - ok 18:02:48.0338 5888 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 18:02:48.0369 5888 Tcpip - ok 18:02:48.0494 5888 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 18:02:48.0556 5888 TCPIP6 - ok 18:02:48.0587 5888 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 18:02:48.0619 5888 tcpipreg - ok 18:02:48.0634 5888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 18:02:48.0634 5888 TDPIPE - ok 18:02:48.0634 5888 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 18:02:48.0650 5888 TDTCP - ok 18:02:48.0665 5888 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 18:02:48.0681 5888 tdx - ok 18:02:48.0697 5888 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 18:02:48.0697 5888 TermDD - ok 18:02:48.0728 5888 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 18:02:48.0759 5888 TermService - ok 18:02:48.0759 5888 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 18:02:48.0775 5888 Themes - ok 18:02:48.0775 5888 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:02:48.0806 5888 THREADORDER - ok 18:02:48.0806 5888 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 18:02:48.0837 5888 TrkWks - ok 18:02:48.0853 5888 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 18:02:48.0868 5888 TrustedInstaller - ok 18:02:48.0868 5888 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:02:48.0899 5888 tssecsrv - ok 18:02:48.0899 5888 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 18:02:48.0931 5888 tunnel - ok 18:02:48.0946 5888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 18:02:48.0946 5888 uagp35 - ok 18:02:48.0946 5888 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys 18:02:48.0962 5888 UBHelper - ok 18:02:48.0977 5888 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 18:02:48.0993 5888 udfs - ok 18:02:49.0009 5888 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 18:02:49.0024 5888 UI0Detect - ok 18:02:49.0024 5888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 18:02:49.0040 5888 uliagpkx - ok 18:02:49.0040 5888 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 18:02:49.0040 5888 umbus - ok 18:02:49.0055 5888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 18:02:49.0055 5888 UmPass - ok 18:02:49.0149 5888 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:02:49.0180 5888 UNS ( UnsignedFile.Multi.Generic ) - warning 18:02:49.0180 5888 UNS - detected UnsignedFile.Multi.Generic (1) 18:02:49.0196 5888 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 18:02:49.0196 5888 Updater Service - ok 18:02:49.0243 5888 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 18:02:49.0289 5888 upnphost - ok 18:02:49.0305 5888 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 18:02:49.0305 5888 usbccgp - ok 18:02:49.0321 5888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 18:02:49.0336 5888 usbcir - ok 18:02:49.0336 5888 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 18:02:49.0352 5888 usbehci - ok 18:02:49.0367 5888 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 18:02:49.0367 5888 usbhub - ok 18:02:49.0383 5888 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 18:02:49.0383 5888 usbohci - ok 18:02:49.0399 5888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 18:02:49.0399 5888 usbprint - ok 18:02:49.0414 5888 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 18:02:49.0414 5888 usbscan - ok 18:02:49.0430 5888 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\DRIVERS\usbser.sys 18:02:49.0430 5888 usbser - ok 18:02:49.0445 5888 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:02:49.0445 5888 USBSTOR - ok 18:02:49.0445 5888 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 18:02:49.0461 5888 usbuhci - ok 18:02:49.0461 5888 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 18:02:49.0477 5888 usbvideo - ok 18:02:49.0477 5888 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 18:02:49.0508 5888 UxSms - ok 18:02:49.0508 5888 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 18:02:49.0523 5888 VaultSvc - ok 18:02:49.0523 5888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 18:02:49.0539 5888 vdrvroot - ok 18:02:49.0555 5888 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 18:02:49.0570 5888 vds - ok 18:02:49.0570 5888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 18:02:49.0586 5888 vga - ok 18:02:49.0586 5888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 18:02:49.0617 5888 VgaSave - ok 18:02:49.0617 5888 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 18:02:49.0633 5888 vhdmp - ok 18:02:49.0633 5888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 18:02:49.0648 5888 viaide - ok 18:02:49.0648 5888 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 18:02:49.0664 5888 volmgr - ok 18:02:49.0679 5888 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 18:02:49.0679 5888 volmgrx - ok 18:02:49.0695 5888 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 18:02:49.0711 5888 volsnap - ok 18:02:49.0726 5888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 18:02:49.0726 5888 vsmraid - ok 18:02:49.0789 5888 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 18:02:49.0820 5888 VSS - ok 18:02:49.0867 5888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 18:02:49.0882 5888 vwifibus - ok 18:02:49.0882 5888 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 18:02:49.0898 5888 vwififlt - ok 18:02:49.0898 5888 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 18:02:49.0913 5888 vwifimp - ok 18:02:49.0929 5888 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 18:02:49.0960 5888 W32Time - ok 18:02:49.0960 5888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 18:02:49.0976 5888 WacomPen - ok 18:02:49.0976 5888 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 18:02:50.0007 5888 WANARP - ok 18:02:50.0007 5888 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 18:02:50.0038 5888 Wanarpv6 - ok 18:02:50.0085 5888 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 18:02:50.0101 5888 WatAdminSvc - ok 18:02:50.0163 5888 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 18:02:50.0194 5888 wbengine - ok 18:02:50.0241 5888 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 18:02:50.0257 5888 WbioSrvc - ok 18:02:50.0272 5888 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 18:02:50.0303 5888 wcncsvc - ok 18:02:50.0303 5888 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 18:02:50.0319 5888 WcsPlugInService - ok 18:02:50.0335 5888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 18:02:50.0335 5888 Wd - ok 18:02:50.0366 5888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 18:02:50.0381 5888 Wdf01000 - ok 18:02:50.0381 5888 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:02:50.0397 5888 WdiServiceHost - ok 18:02:50.0397 5888 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:02:50.0413 5888 WdiSystemHost - ok 18:02:50.0428 5888 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 18:02:50.0444 5888 WebClient - ok 18:02:50.0444 5888 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 18:02:50.0475 5888 Wecsvc - ok 18:02:50.0491 5888 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 18:02:50.0522 5888 wercplsupport - ok 18:02:50.0522 5888 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 18:02:50.0553 5888 WerSvc - ok 18:02:50.0569 5888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 18:02:50.0584 5888 WfpLwf - ok 18:02:50.0600 5888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 18:02:50.0600 5888 WIMMount - ok 18:02:50.0600 5888 WinDefend - ok 18:02:50.0615 5888 WinHttpAutoProxySvc - ok 18:02:50.0631 5888 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 18:02:50.0662 5888 Winmgmt - ok 18:02:50.0740 5888 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 18:02:50.0787 5888 WinRM - ok 18:02:50.0818 5888 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 18:02:50.0834 5888 WinUsb - ok 18:02:50.0865 5888 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 18:02:50.0896 5888 Wlansvc - ok 18:02:50.0990 5888 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:02:51.0037 5888 wlidsvc - ok 18:02:51.0068 5888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 18:02:51.0083 5888 WmiAcpi - ok 18:02:51.0099 5888 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 18:02:51.0130 5888 wmiApSrv - ok 18:02:51.0130 5888 WMPNetworkSvc - ok 18:02:51.0130 5888 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 18:02:51.0146 5888 WPCSvc - ok 18:02:51.0146 5888 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 18:02:51.0161 5888 WPDBusEnum - ok 18:02:51.0161 5888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 18:02:51.0193 5888 ws2ifsl - ok 18:02:51.0193 5888 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 18:02:51.0208 5888 wscsvc - ok 18:02:51.0208 5888 WSearch - ok 18:02:51.0333 5888 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 18:02:51.0364 5888 wuauserv - ok 18:02:51.0411 5888 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 18:02:51.0442 5888 WudfPf - ok 18:02:51.0458 5888 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:02:51.0489 5888 WUDFRd - ok 18:02:51.0505 5888 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 18:02:51.0520 5888 wudfsvc - ok 18:02:51.0536 5888 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 18:02:51.0551 5888 WwanSvc - ok 18:02:51.0551 5888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:02:51.0676 5888 \Device\Harddisk0\DR0 - ok 18:02:51.0676 5888 Boot (0x1200) (b7279def7f602e6f24c92cc907cf8027) \Device\Harddisk0\DR0\Partition0 18:02:51.0676 5888 \Device\Harddisk0\DR0\Partition0 - ok 18:02:51.0692 5888 Boot (0x1200) (8ab561b5fe6b058703760c94a903f827) \Device\Harddisk0\DR0\Partition1 18:02:51.0692 5888 \Device\Harddisk0\DR0\Partition1 - ok 18:02:51.0692 5888 ============================================================ 18:02:51.0692 5888 Scan finished 18:02:51.0692 5888 ============================================================ 18:02:51.0707 2520 Detected object count: 3 18:02:51.0707 2520 Actual detected object count: 3 18:02:55.0295 2520 LMS ( UnsignedFile.Multi.Generic ) - skipped by user 18:02:55.0295 2520 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:02:55.0295 2520 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 18:02:55.0295 2520 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:02:55.0295 2520 UNS ( UnsignedFile.Multi.Generic ) - skipped by user 18:02:55.0295 2520 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:02:58.0634 3464 Deinitialize success |
Themen zu GVU-Trojaner eingefangen |
eingefangen, gefangen, gen, gvu-trojaner, gvu-trojaner mit webcam, log-files, pc läuft, webcam, windows, windows 7 |