| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2012, 00:23
| #1 |
| |  PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Hilfe!!! ich bekomme trotz erneutem scan durch Malewarebytes PUM.UserWLoad und Trojan.Agent nicht aus der Quarantäne entfernt. Beim Gmer.scan stürzt Windows ab und gibt folgende Fehlermeldung: Problem has been detected and windows has been shut down to prevent damage your computer. xriipod.sys GE_FAULT_IN_NONPAGED_AREA Bin absolut hilfslos und Laiin zudem  HEEELPPPP please!Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.26.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 MILCHSTRAßE :: SENGÜLSBOOK [Administrator] 30.11.2012 00:28:17 mbam-log-2012-11-30 (00-28-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 201078 Laufzeit: 11 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\MILCHS~1\LOCALS~1\Temp\msniof.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\MILCHS~1\LOCALS~1\Temp\msniof.exe -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.11.2012 23:15:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MILCHSTRAßE\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,90% Memory free 4,22 Gb Paging File | 2,58 Gb Available in Paging File | 61,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 14,82 Gb Free Space | 21,23% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 5,05 Gb Free Space | 7,26% Space Free | Partition Type: NTFS Computer Name: SENGÜLSBOOK | User Name: MILCHSTRAßE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.29 23:14:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MILCHSTRAßE\Downloads\OTL.exe PRC - [2012.11.26 22:09:15 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.26 22:08:49 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.26 22:08:49 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.27 10:56:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.27 10:07:24 | 001,193,176 | ---- | M] () -- C:\Users\MILCHSTRAßE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.05 22:47:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.10 13:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.05.09 09:36:38 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.05.03 10:16:04 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe PRC - [2007.04.26 15:00:02 | 000,507,904 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007.04.25 10:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007.04.24 14:48:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.04.12 16:42:26 | 000,457,728 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007.04.10 22:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.03.14 09:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.13 05:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.02.09 05:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.06.26 08:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LComMgr\Communications_Helper.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 12:27:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll MOD - [2012.11.15 01:52:29 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll MOD - [2012.11.15 01:52:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll MOD - [2012.11.15 01:52:19 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll MOD - [2012.11.15 01:49:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll MOD - [2012.11.15 01:07:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll MOD - [2012.11.15 01:05:45 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll MOD - [2012.11.15 01:05:34 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll MOD - [2012.11.15 01:03:24 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll MOD - [2012.11.15 01:03:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll MOD - [2012.10.27 10:56:56 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.09.27 10:07:24 | 001,193,176 | ---- | M] () -- C:\Users\MILCHSTRAßE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.05.10 13:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll MOD - [2007.05.10 13:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll MOD - [2007.05.10 13:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll MOD - [2007.05.10 13:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll MOD - [2007.05.10 13:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll MOD - [2007.05.10 13:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll MOD - [2007.05.09 09:35:42 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll MOD - [2007.04.25 10:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll MOD - [2007.04.25 10:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll MOD - [2007.04.17 18:36:34 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll MOD - [2007.04.12 16:40:04 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll MOD - [2007.04.12 16:39:48 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll MOD - [2007.04.11 15:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll MOD - [2007.04.11 14:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll MOD - [2007.03.22 10:51:56 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll MOD - [2007.03.14 10:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll MOD - [2007.03.14 10:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll MOD - [2007.02.13 05:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll MOD - [2007.02.07 08:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - File not found [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2012.11.26 22:09:15 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.26 22:08:49 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.11 00:50:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.27 10:56:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.05.13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.05.10 13:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.04.24 14:48:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.12 16:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.03.14 09:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.13 05:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.06.26 09:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | System | Stopped] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.11.29 22:32:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.11.13 11:57:55 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.13 11:57:55 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.13 11:57:55 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.02.07 10:38:41 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2008.02.07 10:38:38 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2007.05.09 20:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.05.09 20:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2007.05.09 20:46:48 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2007.04.11 09:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007.04.11 09:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007.04.11 09:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2007.04.10 22:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.02.25 15:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.02.07 11:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2007.01.30 21:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.12.05 13:26:00 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.11.02 15:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.09.19 15:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2006.06.26 09:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2006.06.26 09:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2006.06.26 09:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap) DRV - [2006.06.22 23:29:28 | 000,720,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302AV.SYS -- (PID_08A0) DRV - [2006.05.03 21:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd) DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005.10.13 08:15:20 | 000,124,928 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2005.10.13 08:15:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2005.10.13 08:15:20 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7C61CE11-BE69-4BBA-92F3-10C228BDEBE3}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\Live Search: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-DE&FORM=MICGLV IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\MILCHSTRAßE\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MILCHSTRAßE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\MILCHSTRAßE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\MILCHSTRAßE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MILCHSTRAßE\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MILCHSTRAßE\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.05 22:48:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.18 22:40:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 10:56:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 10:56:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 10:56:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 10:56:42 | 000,000,000 | ---D | M] [2010.08.12 16:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\Extensions [2012.11.26 12:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\Firefox\Profiles\7no7zmge.default\extensions [2010.08.12 18:41:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\Firefox\Profiles\7no7zmge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.18 12:30:37 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\firefox\profiles\7no7zmge.default\extensions\toolbar@gmx.net.xpi [2012.11.26 12:51:32 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\firefox\profiles\7no7zmge.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.18 12:30:41 | 000,002,273 | ---- | M] () -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\firefox\profiles\7no7zmge.default\searchplugins\englische-ergebnisse.xml [2012.11.18 12:30:41 | 000,010,563 | ---- | M] () -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\firefox\profiles\7no7zmge.default\searchplugins\gmx-suche.xml [2012.11.18 12:30:41 | 000,002,432 | ---- | M] () -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\firefox\profiles\7no7zmge.default\searchplugins\lastminute.xml [2012.11.18 12:30:41 | 000,005,545 | ---- | M] () -- C:\Users\MILCHSTRAßE\AppData\Roaming\mozilla\firefox\profiles\7no7zmge.default\searchplugins\webde-suche.xml [2012.10.27 10:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 10:56:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.18 22:40:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\USERS\MILCHSTRAßE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NO7ZMGE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.10.27 10:56:57 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.12 14:23:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.07.21 09:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 21:09:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.21 09:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.21 09:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.21 09:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.21 09:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" File not found O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\MILCHSTRAßE\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\MILCHSTRAßE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Upagdibe] C:\Users\MILCHSTRAßE\AppData\Roaming\Ocopyn\oqocy.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\MILCHSTRAßE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) F3 - HKCU WinNT: Load - (C:\Users\MILCHS~1\LOCALS~1\Temp\msniof.exe) - File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E13D21C-2816-49C0-ADFB-77F5322D6522}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{548ED829-0AC8-4B95-B254-328B0235F80C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\MILCHSTRAßE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\MILCHSTRAßE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ba4d1ea-7342-11e1-8caf-001c2609b2e5}\Shell - "" = AutoRun O33 - MountPoints2\{0ba4d1ea-7342-11e1-8caf-001c2609b2e5}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{1e273cc6-780b-11dc-89af-001c2609b2e5}\Shell - "" = AutoRun O33 - MountPoints2\{1e273cc6-780b-11dc-89af-001c2609b2e5}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.29 22:32:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys ========== Files - Modified Within 30 Days ========== [2012.11.29 23:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.29 23:13:09 | 000,000,000 | ---- | M] () -- C:\Users\MILCHSTRAßE\defogger_reenable [2012.11.29 22:46:01 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3641454739-1217809671-2602367613-1000UA.job [2012.11.29 22:37:03 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3641454739-1217809671-2602367613-1000UA.job [2012.11.29 22:37:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3641454739-1217809671-2602367613-1000Core.job [2012.11.29 22:32:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.29 22:32:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.29 22:29:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 22:29:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.29 22:29:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 22:29:01 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.11.29 14:34:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.11.27 03:46:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3641454739-1217809671-2602367613-1000Core.job [2012.11.25 22:44:49 | 000,638,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.25 22:44:49 | 000,604,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.25 22:44:49 | 000,131,332 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.25 22:44:49 | 000,107,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 01:01:26 | 000,301,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.13 11:57:55 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.13 11:57:55 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.13 11:57:55 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012.11.29 23:13:09 | 000,000,000 | ---- | C] () -- C:\Users\MILCHSTRAßE\defogger_reenable [2012.09.02 01:37:41 | 000,000,355 | ---- | C] () -- C:\Users\MILCHSTRAßE\Öffentlich - Verknüpfung.lnk [2011.05.30 16:20:42 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.07.20 11:44:47 | 000,020,359 | ---- | C] () -- C:\Users\MILCHSTRAßE\AppData\Roaming\UserTile.png [2008.08.17 01:46:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.08.17 01:13:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.01.17 20:43:34 | 000,005,216 | ---- | C] () -- C:\Users\MILCHSTRAßE\AppData\Local\d3d9caps.dat [2007.12.23 14:50:19 | 000,036,888 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2007.10.01 00:57:52 | 000,107,520 | ---- | C] () -- C:\Users\MILCHSTRAßE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.08.12 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Avna [2012.10.10 14:56:48 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\ClubCooee [2008.07.25 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.07.21 22:36:42 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Cuqo [2012.07.21 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Ezihp [2010.06.14 22:25:39 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Facebook [2009.07.20 11:54:22 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\GMX [2012.09.30 10:56:58 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\ICQ Search [2012.07.21 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Koum [2007.10.04 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Leadertech [2012.07.21 22:02:43 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Lyvaho [2011.05.30 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\MAGIX [2012.07.21 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Nenola [2012.07.23 10:47:51 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Ocopyn [2009.07.20 11:44:47 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\PeerNetworking [2012.10.23 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Spotify [2010.08.12 22:47:46 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Sumey [2010.08.12 15:56:23 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Uniblue [2012.07.21 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Utymc [2012.07.21 23:04:11 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Voyw [2012.07.23 02:12:31 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Yrnaem ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:375A40C3 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94188BC6 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AA9519A6 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0A73A758 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7B212553 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.11.2012 23:15:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MILCHSTRAßE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,90% Memory free
4,22 Gb Paging File | 2,58 Gb Available in Paging File | 61,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 14,82 Gb Free Space | 21,23% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 5,05 Gb Free Space | 7,26% Space Free | Partition Type: NTFS
Computer Name: SENGÜLSBOOK | User Name: MILCHSTRAßE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA6CC3F-E339-4624-8517-B5E6522D9421}" = lport=5358 | protocol=6 | dir=in | app=system |
"{197289E4-4336-4959-9DAB-464D2840E28C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1A24CEA3-D9A5-41C1-B0AD-2558028C1CC6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{4F701078-E5C8-4B02-A26E-64F376F5A784}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76B0A91F-4954-4FDA-8996-A56FABE0F9C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{818E04AD-8581-424E-83A8-7B668F9AD673}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{84BB0487-01A7-400E-AA9D-AEE47B4D32F7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{A1AC2D70-18D5-4BA9-9D9A-D8BC7554AFCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B3CBBD6B-0DE3-42E7-98FD-0F1BA64AFABB}" = lport=5357 | protocol=6 | dir=in | app=system |
"{C2A011F3-575C-42F6-AEA3-02FE31FF59CF}" = rport=5358 | protocol=6 | dir=out | app=system |
"{FF662E61-81FA-495C-A8D3-6BE44763E15D}" = rport=5357 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A368C9-7778-484F-97C9-D86C3A3F4867}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0440E4C0-8CFC-4279-B312-28EF26437F9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{052942ED-F055-4B51-88E8-03A47413C0C8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{0A1B0957-CC9F-4650-98B7-85608B894D96}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0ECF3604-DE61-460A-B378-33FBA9FFCF81}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{26122130-B5C0-440D-A7C7-F064D0C3FDAB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2FE687CD-69B4-4000-9C49-A375970046B5}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{308EF42E-DEA8-4FC4-9639-74C777E7EDB8}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{350503CA-7787-415C-9FDD-D04660F21673}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{4C18A15A-FF77-4EFA-89A0-1BFC0A7C6761}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4D37E9AB-AA24-41C6-AA64-0642C7182529}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{53060356-5485-4ECB-9854-61242F6122DD}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{5B9A0ABF-2382-4342-8A1D-A1414C737F4F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5DA04FDA-7EB8-4A1C-8386-1368BEC16195}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6078C91F-52E6-4095-A05A-ECB6E450135F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{6440B554-EE60-40C1-964E-7A925EAB272D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{651873D0-C0F6-4E9E-AECD-126D80126E87}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7224E41E-F917-41B7-9047-58B17E4B54AE}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{8706B4B0-BD0E-40C8-8EFF-4B4F629F6327}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{8A3A2F3A-166F-4644-82F3-DD42396D47F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8B935B39-9150-4237-951A-EB87B001C994}" = dir=in | app=c:\users\milchstrasse\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8C3B82B7-5122-43DF-A690-696CF8088F03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{902E12AD-8410-47CA-B34D-A48AFC0335D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{A3BB3865-085F-4808-8FED-E4C1739D0972}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A5508BF6-138F-4FC1-AEBE-F86BAA7EAE8D}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{B529F238-B4B2-442B-856E-1B3244AAF015}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B92E28BB-4D50-48EF-B50C-1148256E999E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{BB16B526-41A7-4D27-97F4-3ADC6ADF01C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BF53CF48-CAF1-4CE1-A1BE-74B7EF473795}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D665EEE6-484A-4F24-A83D-812C02146AD0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D7C996B4-8D25-4C09-911C-7B7024654281}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DA0E95A8-18D8-4227-9557-8A7F61349F18}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{E13DAC76-9080-488E-B14A-A09E8C7C96A0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{E2061A89-8B2B-4C34-A0F5-85D6D996A2B4}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{E5F003B1-6500-4239-A59B-98B91F33E39C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E7F266F3-60C3-45C6-AD23-9BE7A31CC2D7}" = dir=in | app=e:\setup\hpznui01.exe |
"{F637B9D4-2AE8-4910-BCFD-116515E4FCE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F979BC19-F657-43DB-A8B8-4CC7C7108E55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{FB05615A-3F6C-48B2-912A-FECB096B4D62}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"TCP Query User{01714DC3-3188-4870-A16C-3EE76FB288FE}C:\users\milchstraße\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\milchstrasse\appdata\roaming\spotify\spotify.exe |
"TCP Query User{15CA7F6C-E61F-43BC-9399-FD0DA392DC25}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{50A12006-19B9-4D05-AFF8-22E7044BE588}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5D119D90-0639-47CF-8F1D-C591583AC396}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{64E47B76-9909-4DD0-8E96-6465E63FDB01}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{75998CB4-7991-42C7-BAB0-E508165751DB}C:\users\milchstraße\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\milchstrasse\appdata\roaming\spotify\spotify.exe |
"TCP Query User{81F3CCD7-9942-48BB-831E-2380E9C56D3F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{97F6993B-EE63-4605-80D8-816D5845E908}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{A537C721-608F-42E2-84CD-BAAB855BA0CF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AC6A27B1-DF57-4A33-9B0D-1294CD34557E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{DD63C5E2-B555-4840-A31A-599F7ED37663}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{FA4BD2C7-E59B-4E5F-8535-3BDB3F2797CB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1C996DC8-3516-4921-B7BF-D5D41655C7AD}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{32ED0D7B-EB28-4308-9BC2-74F32D5F9355}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{342367DE-24B8-4740-8B89-2C11D351B87F}C:\users\milchstraße\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\milchstrasse\appdata\roaming\spotify\spotify.exe |
"UDP Query User{55060286-4A78-4A0C-AF3D-7B0E15E53300}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5C7A64FD-ABEF-440B-AE77-A983B145B666}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{68237FDA-52C6-48A1-B3FF-F966FDF3187E}C:\program files\microsoft lifecam\lifeexp.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"UDP Query User{8DF12725-C2A6-4FEB-9C90-115D27A176F7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B2D636EE-907C-45C5-A56A-E9EC9474A73B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B729F99C-4428-4864-B610-82280C0C9B6F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{E72DFEAC-AD5C-4B39-A408-4BE6B90B54EF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F3FF09BB-D8CF-40CB-84DE-ED9094E9C080}C:\users\milchstraße\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\milchstrasse\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F8DCEF05-5F4B-4649-B298-384A5C97F69E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 12.0" = RealPlayer
"SilentInstall" = SilentInstall
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2012 08:54:09 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2012 18:25:45 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 23.11.2012 18:25:45 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 26.11.2012 18:20:14 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 26.11.2012 18:20:14 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 26.11.2012 19:14:06 | Computer Name = Sengülsbook | Source = Perflib | ID = 1010
Description =
Error - 26.11.2012 19:14:09 | Computer Name = Sengülsbook | Source = Perflib | ID = 1008
Description =
Error - 29.11.2012 08:44:50 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2012 08:44:51 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2012 10:17:37 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2012 13:39:46 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
Error - 29.11.2012 13:39:46 | Computer Name = Sengülsbook | Source = Windows Search Service | ID = 3013
Description =
[ OSession Events ]
Error - 04.02.2011 15:06:09 | Computer Name = Sengülsbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.02.2011 15:06:30 | Computer Name = Sengülsbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.02.2011 15:18:40 | Computer Name = Sengülsbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.02.2011 15:19:06 | Computer Name = Sengülsbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.02.2011 15:19:19 | Computer Name = Sengülsbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.02.2011 15:19:50 | Computer Name = Sengülsbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.11.2012 13:27:48 | Computer Name = Sengülsbook | Source = DCOM | ID = 10010
Description =
Error - 29.11.2012 13:29:23 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 13:29:23 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 13:29:23 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 17:12:49 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 17:12:49 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 17:12:49 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 17:29:14 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 17:29:14 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2012 17:29:14 | Computer Name = Sengülsbook | Source = Service Control Manager | ID = 7000
Description =
< End of report >
 Noidea77 Geändert von Noidea77 (30.11.2012 um 00:41 Uhr) |
|
30.11.2012, 09:44
| #2 |
| /// Malwareteam    | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
01.12.2012, 00:12
| #3 |
| | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Hallo Marius...erstmal 1000 Dank!!!!
__________________Anweisungen erledigt  Code:
ATTFilter 23:59:08.0689 6092 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:59:08.0892 6092 ============================================================
23:59:08.0892 6092 Current date / time: 2012/11/30 23:59:08.0892
23:59:08.0892 6092 SystemInfo:
23:59:08.0892 6092
23:59:08.0892 6092 OS Version: 6.0.6002 ServicePack: 2.0
23:59:08.0892 6092 Product type: Workstation
23:59:08.0892 6092 ComputerName: SENGÜLSBOOK
23:59:08.0892 6092 UserName: MILCHSTRAßE
23:59:08.0892 6092 Windows directory: C:\Windows
23:59:08.0892 6092 System windows directory: C:\Windows
23:59:08.0892 6092 Processor architecture: Intel x86
23:59:08.0892 6092 Number of processors: 2
23:59:08.0892 6092 Page size: 0x1000
23:59:08.0892 6092 Boot type: Normal boot
23:59:08.0892 6092 ============================================================
23:59:09.0812 6092 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:59:09.0843 6092 ============================================================
23:59:09.0843 6092 \Device\Harddisk0\DR0:
23:59:09.0875 6092 MBR partitions:
23:59:09.0875 6092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x8B8C000
23:59:09.0875 6092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F11000, BlocksNum 0x8B08000
23:59:09.0875 6092 ============================================================
23:59:09.0906 6092 C: <-> \Device\Harddisk0\DR0\Partition1
23:59:09.0953 6092 D: <-> \Device\Harddisk0\DR0\Partition2
23:59:09.0953 6092 ============================================================
23:59:09.0953 6092 Initialize success
23:59:09.0953 6092 ============================================================
23:59:22.0370 6004 ============================================================
23:59:22.0370 6004 Scan started
23:59:22.0370 6004 Mode: Manual;
23:59:22.0370 6004 ============================================================
23:59:22.0823 6004 ================ Scan system memory ========================
23:59:22.0823 6004 System memory - ok
23:59:22.0823 6004 ================ Scan services =============================
23:59:22.0963 6004 ACDaemon - ok
23:59:23.0400 6004 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:59:23.0415 6004 ACPI - ok
23:59:23.0493 6004 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:59:23.0509 6004 AdobeFlashPlayerUpdateSvc - ok
23:59:23.0587 6004 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:59:23.0603 6004 adp94xx - ok
23:59:23.0634 6004 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:59:23.0634 6004 adpahci - ok
23:59:23.0665 6004 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:59:23.0665 6004 adpu160m - ok
23:59:23.0681 6004 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:59:23.0696 6004 adpu320 - ok
23:59:23.0759 6004 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:59:23.0759 6004 AeLookupSvc - ok
23:59:23.0915 6004 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:59:23.0930 6004 AFD - ok
23:59:23.0961 6004 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:59:23.0977 6004 agp440 - ok
23:59:24.0039 6004 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:59:24.0039 6004 aic78xx - ok
23:59:24.0133 6004 [ 3845B6555DE995F6C0C07AE2ABCC0532 ] ALaunchService C:\Acer\ALaunch\ALaunchSvc.exe
23:59:24.0164 6004 ALaunchService - ok
23:59:24.0211 6004 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:59:24.0211 6004 ALG - ok
23:59:24.0242 6004 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
23:59:24.0242 6004 aliide - ok
23:59:24.0273 6004 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:59:24.0273 6004 amdagp - ok
23:59:24.0305 6004 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
23:59:24.0305 6004 amdide - ok
23:59:24.0351 6004 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:59:24.0351 6004 AmdK7 - ok
23:59:24.0383 6004 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:59:24.0398 6004 AmdK8 - ok
23:59:24.0461 6004 [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:59:24.0476 6004 AntiVirSchedulerService - ok
23:59:24.0539 6004 [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:59:24.0539 6004 AntiVirService - ok
23:59:24.0617 6004 [ 18BFF317BDB10C64A35E1CA85F1EC051 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:59:24.0617 6004 ApfiltrService - ok
23:59:24.0679 6004 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:59:24.0679 6004 Appinfo - ok
23:59:24.0726 6004 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
23:59:24.0726 6004 arc - ok
23:59:24.0773 6004 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:59:24.0773 6004 arcsas - ok
23:59:24.0819 6004 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:59:24.0819 6004 AsyncMac - ok
23:59:24.0882 6004 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:59:24.0882 6004 atapi - ok
23:59:24.0929 6004 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:59:24.0944 6004 AudioEndpointBuilder - ok
23:59:24.0960 6004 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:59:24.0960 6004 Audiosrv - ok
23:59:24.0991 6004 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:59:24.0991 6004 avgntflt - ok
23:59:25.0053 6004 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:59:25.0053 6004 avipbb - ok
23:59:25.0100 6004 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:59:25.0100 6004 avkmgr - ok
23:59:25.0163 6004 [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:59:25.0178 6004 b57nd60x - ok
23:59:25.0241 6004 [ 1C29299BAF836F213AE5EE6EB9014A9A ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:59:25.0241 6004 BCM43XX - ok
23:59:25.0303 6004 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:59:25.0303 6004 Beep - ok
23:59:25.0350 6004 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:59:25.0365 6004 BFE - ok
23:59:25.0443 6004 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
23:59:25.0459 6004 BITS - ok
23:59:25.0475 6004 blbdrive - ok
23:59:25.0521 6004 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:59:25.0521 6004 bowser - ok
23:59:25.0584 6004 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:59:25.0599 6004 BrFiltLo - ok
23:59:25.0615 6004 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:59:25.0615 6004 BrFiltUp - ok
23:59:25.0646 6004 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:59:25.0662 6004 Browser - ok
23:59:25.0709 6004 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:59:25.0709 6004 Brserid - ok
23:59:25.0740 6004 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:59:25.0740 6004 BrSerWdm - ok
23:59:25.0755 6004 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:59:25.0755 6004 BrUsbMdm - ok
23:59:25.0787 6004 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:59:25.0787 6004 BrUsbSer - ok
23:59:25.0802 6004 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:59:25.0802 6004 BTHMODEM - ok
23:59:25.0911 6004 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:59:25.0911 6004 cdfs - ok
23:59:25.0974 6004 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:59:25.0974 6004 cdrom - ok
23:59:26.0083 6004 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:59:26.0099 6004 CertPropSvc - ok
23:59:26.0130 6004 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
23:59:26.0130 6004 circlass - ok
23:59:26.0192 6004 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:59:26.0208 6004 CLFS - ok
23:59:26.0426 6004 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:59:26.0442 6004 clr_optimization_v2.0.50727_32 - ok
23:59:26.0754 6004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:59:26.0769 6004 clr_optimization_v4.0.30319_32 - ok
23:59:26.0847 6004 CLTNetCnService - ok
23:59:26.0910 6004 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:59:26.0910 6004 CmBatt - ok
23:59:26.0925 6004 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:59:26.0925 6004 cmdide - ok
23:59:26.0972 6004 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:59:26.0972 6004 Compbatt - ok
23:59:26.0988 6004 COMSysApp - ok
23:59:27.0019 6004 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:59:27.0019 6004 crcdisk - ok
23:59:27.0066 6004 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:59:27.0066 6004 Crusoe - ok
23:59:27.0113 6004 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:59:27.0128 6004 CryptSvc - ok
23:59:27.0191 6004 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:59:27.0222 6004 DcomLaunch - ok
23:59:27.0269 6004 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:59:27.0269 6004 DfsC - ok
23:59:27.0393 6004 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:59:27.0456 6004 DFSR - ok
23:59:27.0518 6004 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:59:27.0518 6004 Dhcp - ok
23:59:27.0565 6004 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:59:27.0565 6004 disk - ok
23:59:27.0596 6004 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:59:27.0612 6004 Dnscache - ok
23:59:27.0705 6004 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:59:27.0721 6004 dot3svc - ok
23:59:27.0752 6004 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:59:27.0752 6004 Dot4 - ok
23:59:27.0783 6004 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:59:27.0783 6004 Dot4Print - ok
23:59:27.0830 6004 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:59:27.0830 6004 dot4usb - ok
23:59:27.0908 6004 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:59:27.0908 6004 DPS - ok
23:59:27.0939 6004 DritekPortIO - ok
23:59:27.0955 6004 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:59:27.0971 6004 drmkaud - ok
23:59:28.0064 6004 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:59:28.0080 6004 DXGKrnl - ok
23:59:28.0111 6004 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:59:28.0127 6004 E1G60 - ok
23:59:28.0158 6004 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:59:28.0173 6004 EapHost - ok
23:59:28.0236 6004 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:59:28.0236 6004 Ecache - ok
23:59:28.0392 6004 [ 83599212A2B5CDED676A9D09D9856171 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
23:59:28.0688 6004 eDataSecurity Service - ok
23:59:28.0782 6004 [ 089296AEDB9B72B4916AC959752BDC89 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:59:28.0797 6004 eeCtrl - ok
23:59:28.0844 6004 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:59:28.0860 6004 ehRecvr - ok
23:59:28.0922 6004 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:59:28.0922 6004 ehSched - ok
23:59:29.0000 6004 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:59:29.0016 6004 ehstart - ok
23:59:29.0078 6004 [ FB5383BFD4DEC6792AAEF76C9343ECFF ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
23:59:29.0125 6004 eLockService - ok
23:59:29.0172 6004 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:59:29.0172 6004 elxstor - ok
23:59:29.0390 6004 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:59:29.0406 6004 EMDMgmt - ok
23:59:29.0437 6004 [ FC37A2212B56663BBABEF748266A58C7 ] EMSCR C:\Windows\system32\DRIVERS\EMS7SK.sys
23:59:29.0437 6004 EMSCR - ok
23:59:29.0515 6004 eNet Service - ok
23:59:29.0593 6004 [ 3D184410EF5EE017E186AC96181B3FF8 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
23:59:29.0609 6004 eRecoveryService - ok
23:59:29.0655 6004 [ A498240D0E1F0B27702E3DF77B0C6E56 ] ESDCR C:\Windows\system32\DRIVERS\ESD7SK.sys
23:59:29.0655 6004 ESDCR - ok
23:59:29.0796 6004 [ CF2584CDF90DA24D3044021AAAD5DBAB ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
23:59:29.0811 6004 eSettingsService - ok
23:59:29.0827 6004 [ CE6E1032802EE415955721A208A86718 ] ESMCR C:\Windows\system32\DRIVERS\ESM7SK.sys
23:59:29.0827 6004 ESMCR - ok
23:59:29.0889 6004 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:59:29.0889 6004 EventSystem - ok
23:59:29.0952 6004 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:59:29.0952 6004 exfat - ok
23:59:30.0030 6004 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:59:30.0045 6004 fastfat - ok
23:59:30.0077 6004 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:59:30.0077 6004 fdc - ok
23:59:30.0108 6004 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:59:30.0108 6004 fdPHost - ok
23:59:30.0155 6004 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:59:30.0170 6004 FDResPub - ok
23:59:30.0217 6004 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:59:30.0217 6004 FileInfo - ok
23:59:30.0279 6004 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:59:30.0279 6004 Filetrace - ok
23:59:30.0311 6004 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:59:30.0311 6004 flpydisk - ok
23:59:30.0389 6004 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:59:30.0389 6004 FltMgr - ok
23:59:30.0482 6004 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:59:30.0498 6004 FontCache - ok
23:59:30.0607 6004 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:59:30.0638 6004 FontCache3.0.0.0 - ok
23:59:30.0685 6004 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:59:30.0701 6004 fssfltr - ok
23:59:31.0044 6004 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:59:31.0184 6004 fsssvc - ok
23:59:31.0231 6004 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:59:31.0231 6004 Fs_Rec - ok
23:59:31.0293 6004 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
23:59:31.0309 6004 FWLANUSB - ok
23:59:31.0340 6004 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:59:31.0340 6004 gagp30kx - ok
23:59:31.0434 6004 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:59:31.0449 6004 gpsvc - ok
23:59:31.0621 6004 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c99114953ac928 C:\Program Files\Google\Update\GoogleUpdate.exe
23:59:31.0637 6004 gupdate1c99114953ac928 - ok
23:59:31.0652 6004 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:59:31.0652 6004 gupdatem - ok
23:59:31.0777 6004 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:59:31.0777 6004 gusvc - ok
23:59:31.0824 6004 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:59:31.0839 6004 HdAudAddService - ok
23:59:32.0011 6004 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:59:32.0027 6004 HDAudBus - ok
23:59:32.0073 6004 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:59:32.0089 6004 HidBth - ok
23:59:32.0105 6004 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:59:32.0120 6004 HidIr - ok
23:59:32.0167 6004 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
23:59:32.0183 6004 hidserv - ok
23:59:32.0214 6004 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:59:32.0214 6004 HidUsb - ok
23:59:32.0276 6004 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:59:32.0276 6004 hkmsvc - ok
23:59:32.0323 6004 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:59:32.0323 6004 HpCISSs - ok
23:59:32.0370 6004 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:59:32.0370 6004 HSFHWAZL - ok
23:59:32.0463 6004 [ 347385D69C15E3D045AA1CB46E4CB86D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:59:32.0463 6004 HSF_DPV - ok
23:59:32.0510 6004 [ 919337D853703267DA203E79A0AC1F2B ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:59:32.0510 6004 HSXHWAZL - ok
23:59:32.0557 6004 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:59:32.0573 6004 HTTP - ok
23:59:32.0619 6004 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:59:32.0619 6004 i2omp - ok
23:59:32.0666 6004 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:59:32.0682 6004 i8042prt - ok
23:59:32.0775 6004 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:59:32.0822 6004 IAANTMON - ok
23:59:32.0931 6004 [ 9378D57E2B96C0A185D844770AD49948 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
23:59:32.0978 6004 ialm - ok
23:59:33.0025 6004 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:59:33.0041 6004 iaStor - ok
23:59:33.0056 6004 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:59:33.0072 6004 iaStorV - ok
23:59:33.0134 6004 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:59:33.0165 6004 IDriverT - ok
23:59:33.0228 6004 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:59:33.0306 6004 idsvc - ok
23:59:33.0462 6004 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:59:33.0493 6004 igfx - ok
23:59:33.0540 6004 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:59:33.0540 6004 iirsp - ok
23:59:33.0587 6004 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:59:33.0587 6004 IKEEXT - ok
23:59:33.0633 6004 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
23:59:33.0633 6004 int15 - ok
23:59:33.0649 6004 IntcAzAudAddService - ok
23:59:33.0680 6004 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
23:59:33.0680 6004 intelide - ok
23:59:33.0711 6004 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:59:33.0711 6004 intelppm - ok
23:59:33.0758 6004 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:59:33.0758 6004 IPBusEnum - ok
23:59:33.0789 6004 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:59:33.0789 6004 IpFilterDriver - ok
23:59:33.0836 6004 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:59:33.0836 6004 iphlpsvc - ok
23:59:33.0852 6004 IpInIp - ok
23:59:33.0883 6004 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:59:33.0899 6004 IPMIDRV - ok
23:59:33.0930 6004 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:59:33.0930 6004 IPNAT - ok
23:59:33.0961 6004 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:59:33.0961 6004 IRENUM - ok
23:59:33.0992 6004 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:59:33.0992 6004 isapnp - ok
23:59:34.0039 6004 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:59:34.0039 6004 iScsiPrt - ok
23:59:34.0070 6004 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:59:34.0070 6004 iteatapi - ok
23:59:34.0101 6004 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:59:34.0101 6004 iteraid - ok
23:59:34.0133 6004 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:59:34.0133 6004 kbdclass - ok
23:59:34.0164 6004 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:59:34.0164 6004 kbdhid - ok
23:59:34.0179 6004 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:59:34.0195 6004 KeyIso - ok
23:59:34.0242 6004 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:59:34.0242 6004 KSecDD - ok
23:59:34.0304 6004 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:59:34.0320 6004 KtmRm - ok
23:59:34.0367 6004 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
23:59:34.0367 6004 LanmanServer - ok
23:59:34.0429 6004 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:59:34.0429 6004 LanmanWorkstation - ok
23:59:34.0507 6004 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:59:34.0538 6004 LightScribeService - ok
23:59:34.0585 6004 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:59:34.0585 6004 lltdio - ok
23:59:34.0632 6004 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:59:34.0647 6004 lltdsvc - ok
23:59:34.0679 6004 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:59:34.0679 6004 lmhosts - ok
23:59:34.0741 6004 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:59:34.0741 6004 LSI_FC - ok
23:59:34.0772 6004 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:59:34.0772 6004 LSI_SAS - ok
23:59:34.0803 6004 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:59:34.0803 6004 LSI_SCSI - ok
23:59:34.0835 6004 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:59:34.0835 6004 luafv - ok
23:59:34.0928 6004 [ 2D0AB9D29E6B0C42CCE955B5A8E0D62D ] LVcKap C:\Windows\system32\DRIVERS\LVcKap.sys
23:59:34.0944 6004 LVcKap - ok
23:59:35.0084 6004 [ A3963E3D997C3646E1D3338EB88A48E9 ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys
23:59:35.0115 6004 LVMVDrv - ok
23:59:35.0162 6004 [ 39C767BD6D99C23D28E71B6E0CBA3129 ] LVPr2Mon C:\Windows\system32\drivers\LVPr2Mon.sys
23:59:35.0162 6004 LVPr2Mon - ok
23:59:35.0225 6004 [ 44B3B997E25C5D9A81D6C501451A96D7 ] LVPrcSrv c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
23:59:35.0256 6004 LVPrcSrv - ok
23:59:35.0256 6004 LVSrvLauncher - ok
23:59:35.0334 6004 [ 9E9306063ECD8AA91B3FB76678D3CEE2 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
23:59:35.0334 6004 LVUSBSta - ok
23:59:35.0381 6004 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:59:35.0381 6004 MBAMProtector - ok
23:59:35.0443 6004 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:59:35.0474 6004 MBAMScheduler - ok
23:59:35.0537 6004 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:59:35.0583 6004 MBAMService - ok
23:59:35.0646 6004 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
23:59:35.0661 6004 McciCMService - ok
23:59:35.0708 6004 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:59:35.0708 6004 Mcx2Svc - ok
23:59:35.0771 6004 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:59:35.0771 6004 mdmxsdk - ok
23:59:35.0802 6004 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
23:59:35.0802 6004 megasas - ok
23:59:35.0833 6004 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:59:35.0833 6004 MMCSS - ok
23:59:35.0864 6004 MobilityService - ok
23:59:35.0895 6004 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:59:35.0895 6004 Modem - ok
23:59:35.0942 6004 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:59:35.0942 6004 monitor - ok
23:59:35.0973 6004 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:59:35.0973 6004 mouclass - ok
23:59:35.0989 6004 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:59:35.0989 6004 mouhid - ok
23:59:36.0036 6004 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:59:36.0036 6004 MountMgr - ok
23:59:36.0114 6004 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:59:36.0161 6004 MozillaMaintenance - ok
23:59:36.0223 6004 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
23:59:36.0223 6004 mpio - ok
23:59:36.0239 6004 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:59:36.0239 6004 mpsdrv - ok
23:59:36.0301 6004 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:59:36.0317 6004 MpsSvc - ok
23:59:36.0348 6004 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:59:36.0348 6004 Mraid35x - ok
23:59:36.0395 6004 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:59:36.0395 6004 MREMP50 - ok
23:59:36.0395 6004 MREMP50a64 - ok
23:59:36.0441 6004 MREMPR5 - ok
23:59:36.0457 6004 MRENDIS5 - ok
23:59:36.0535 6004 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:59:36.0535 6004 MRESP50 - ok
23:59:36.0535 6004 MRESP50a64 - ok
23:59:36.0582 6004 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:59:36.0582 6004 MRxDAV - ok
23:59:36.0629 6004 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:59:36.0629 6004 mrxsmb - ok
23:59:36.0660 6004 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:59:36.0660 6004 mrxsmb10 - ok
23:59:36.0691 6004 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:59:36.0691 6004 mrxsmb20 - ok
23:59:36.0738 6004 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
23:59:36.0738 6004 msahci - ok
23:59:36.0769 6004 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:59:36.0769 6004 msdsm - ok
23:59:36.0816 6004 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:59:36.0831 6004 MSDTC - ok
23:59:36.0878 6004 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:59:36.0878 6004 Msfs - ok
23:59:36.0925 6004 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:59:36.0925 6004 msisadrv - ok
23:59:36.0972 6004 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:59:36.0987 6004 MSiSCSI - ok
23:59:37.0003 6004 msiserver - ok
23:59:37.0034 6004 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:59:37.0034 6004 MSKSSRV - ok
23:59:37.0050 6004 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:37.0065 6004 MSPCLOCK - ok
23:59:37.0081 6004 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:59:37.0081 6004 MSPQM - ok
23:59:37.0112 6004 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:59:37.0128 6004 MsRPC - ok
23:59:37.0143 6004 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:59:37.0143 6004 mssmbios - ok
23:59:37.0159 6004 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:59:37.0175 6004 MSTEE - ok
23:59:37.0206 6004 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:59:37.0206 6004 Mup - ok
23:59:37.0253 6004 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:59:37.0268 6004 napagent - ok
23:59:37.0299 6004 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:59:37.0299 6004 NativeWifiP - ok
23:59:37.0362 6004 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:59:37.0362 6004 NDIS - ok
23:59:37.0393 6004 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:37.0409 6004 NdisTapi - ok
23:59:37.0440 6004 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:37.0440 6004 Ndisuio - ok
23:59:37.0471 6004 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:37.0471 6004 NdisWan - ok
23:59:37.0518 6004 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:59:37.0518 6004 NDProxy - ok
23:59:37.0565 6004 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:59:37.0580 6004 Net Driver HPZ12 - ok
23:59:37.0596 6004 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:59:37.0596 6004 NetBIOS - ok
23:59:37.0643 6004 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:59:37.0643 6004 netbt - ok
23:59:37.0658 6004 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:59:37.0658 6004 Netlogon - ok
23:59:37.0705 6004 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:59:37.0705 6004 Netman - ok
23:59:37.0752 6004 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:59:37.0752 6004 netprofm - ok
23:59:37.0799 6004 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:59:37.0845 6004 NetTcpPortSharing - ok
23:59:37.0939 6004 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
23:59:37.0970 6004 NETw3v32 - ok
23:59:38.0064 6004 [ 1D73499A6664B4DA05D750FF83FDB274 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
23:59:38.0111 6004 NETw4v32 - ok
23:59:38.0126 6004 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:59:38.0142 6004 nfrd960 - ok
23:59:38.0173 6004 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:59:38.0173 6004 NlaSvc - ok
23:59:38.0204 6004 [ 19CBCC1C8168FD6736DE06F287A1413E ] Nokia USB Generic C:\Windows\system32\drivers\nmwcdc.sys
23:59:38.0204 6004 Nokia USB Generic - ok
23:59:38.0251 6004 [ 09899CA1E1DF288BEB768461401D18EE ] Nokia USB Phone Parent C:\Windows\system32\drivers\nmwcd.sys
23:59:38.0251 6004 Nokia USB Phone Parent - ok
23:59:38.0282 6004 [ D65E4CAF56881EC52D9EA4FC11C5153F ] Nokia USB Port C:\Windows\system32\drivers\nmwcdcj.sys
23:59:38.0282 6004 Nokia USB Port - ok
23:59:38.0313 6004 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:59:38.0313 6004 Npfs - ok
23:59:38.0345 6004 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:59:38.0345 6004 nsi - ok
23:59:38.0376 6004 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:59:38.0376 6004 nsiproxy - ok
23:59:38.0469 6004 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:59:38.0485 6004 Ntfs - ok
23:59:38.0532 6004 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:59:38.0532 6004 NTIDrvr - ok
23:59:38.0547 6004 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:59:38.0547 6004 ntrigdigi - ok
23:59:38.0579 6004 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:59:38.0579 6004 Null - ok
23:59:38.0594 6004 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:59:38.0594 6004 nvraid - ok
23:59:38.0625 6004 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:59:38.0625 6004 nvstor - ok
23:59:38.0641 6004 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:59:38.0641 6004 nv_agp - ok
23:59:38.0657 6004 NwlnkFlt - ok
23:59:38.0672 6004 NwlnkFwd - ok
23:59:38.0766 6004 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:59:38.0813 6004 odserv - ok
23:59:38.0844 6004 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:59:38.0844 6004 ohci1394 - ok
23:59:38.0891 6004 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:59:38.0891 6004 ose - ok
23:59:38.0953 6004 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:59:38.0969 6004 p2pimsvc - ok
23:59:38.0984 6004 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:59:39.0000 6004 p2psvc - ok
23:59:39.0031 6004 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:59:39.0031 6004 Parport - ok
23:59:39.0062 6004 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:59:39.0062 6004 partmgr - ok
23:59:39.0078 6004 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:59:39.0093 6004 Parvdm - ok
23:59:39.0125 6004 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:59:39.0125 6004 PcaSvc - ok
23:59:39.0171 6004 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:59:39.0171 6004 pci - ok
23:59:39.0203 6004 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
23:59:39.0203 6004 pciide - ok
23:59:39.0218 6004 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:59:39.0218 6004 pcmcia - ok
23:59:39.0312 6004 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:59:39.0327 6004 PEAUTH - ok
23:59:39.0405 6004 [ D30EDA6E1AB3C8C82F2CA085AB79040A ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
23:59:39.0405 6004 pepifilter - ok
23:59:39.0515 6004 [ 9F2F541C52CD7A452E235E885F7D95DE ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
23:59:39.0546 6004 Ph3xIB32 - ok
23:59:39.0624 6004 [ 6B310DE726E1A0DEFD66718A7F79B5D2 ] PID_08A0 C:\Windows\system32\DRIVERS\LV302AV.SYS
23:59:39.0639 6004 PID_08A0 - ok
23:59:39.0702 6004 [ 0DA6C5E0C8DA6CEBE52DAACFE7AE9DE6 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
23:59:39.0733 6004 PID_PEPI - ok
23:59:39.0811 6004 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:59:39.0858 6004 pla - ok
23:59:39.0905 6004 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:59:39.0920 6004 PlugPlay - ok
23:59:39.0951 6004 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:59:39.0951 6004 Pml Driver HPZ12 - ok
23:59:39.0998 6004 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:59:40.0014 6004 PNRPAutoReg - ok
23:59:40.0029 6004 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:59:40.0045 6004 PNRPsvc - ok
23:59:40.0092 6004 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:59:40.0092 6004 PolicyAgent - ok
23:59:40.0139 6004 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:59:40.0139 6004 PptpMiniport - ok
23:59:40.0170 6004 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
23:59:40.0170 6004 Processor - ok
23:59:40.0201 6004 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:59:40.0201 6004 ProfSvc - ok
23:59:40.0232 6004 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:59:40.0232 6004 ProtectedStorage - ok
23:59:40.0295 6004 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:59:40.0295 6004 PSched - ok
23:59:40.0326 6004 [ 9AED513C256E49BD3485190F4DB0DCD1 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
23:59:40.0326 6004 PSDFilter - ok
23:59:40.0341 6004 [ AA7C6FF04FE84674959BCC9762F400A3 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
23:59:40.0341 6004 PSDNServ - ok
23:59:40.0357 6004 [ D0AB5A590FF8EC49241FAFC3CF29F49D ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
23:59:40.0357 6004 psdvdisk - ok
23:59:40.0419 6004 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:59:40.0419 6004 ql2300 - ok
23:59:40.0451 6004 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:59:40.0451 6004 ql40xx - ok
23:59:40.0497 6004 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:59:40.0497 6004 QWAVE - ok
23:59:40.0529 6004 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:59:40.0529 6004 QWAVEdrv - ok
23:59:40.0607 6004 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:59:40.0607 6004 RapiMgr - ok
23:59:40.0669 6004 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:59:40.0669 6004 RasAcd - ok
23:59:40.0716 6004 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:59:40.0716 6004 RasAuto - ok
23:59:40.0747 6004 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:40.0747 6004 Rasl2tp - ok
23:59:40.0778 6004 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:59:40.0778 6004 RasMan - ok
23:59:40.0809 6004 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:40.0825 6004 RasPppoe - ok
23:59:40.0856 6004 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:59:40.0856 6004 RasSstp - ok
23:59:40.0887 6004 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:59:40.0887 6004 rdbss - ok
23:59:40.0934 6004 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:40.0934 6004 RDPCDD - ok
23:59:40.0997 6004 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:59:40.0997 6004 rdpdr - ok
23:59:40.0997 6004 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:59:41.0012 6004 RDPENCDD - ok
23:59:41.0043 6004 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:59:41.0059 6004 RDPWD - ok
23:59:41.0090 6004 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:59:41.0106 6004 RemoteAccess - ok
23:59:41.0121 6004 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:59:41.0137 6004 RemoteRegistry - ok
23:59:41.0184 6004 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:59:41.0231 6004 RichVideo - ok
23:59:41.0246 6004 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:59:41.0262 6004 RpcLocator - ok
23:59:41.0293 6004 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:59:41.0309 6004 RpcSs - ok
23:59:41.0340 6004 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:59:41.0340 6004 rspndr - ok
23:59:41.0355 6004 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:59:41.0355 6004 SamSs - ok
23:59:41.0387 6004 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:59:41.0387 6004 sbp2port - ok
23:59:41.0449 6004 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:59:41.0449 6004 SCardSvr - ok
23:59:41.0511 6004 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:59:41.0527 6004 Schedule - ok
23:59:41.0558 6004 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:59:41.0558 6004 SCPolicySvc - ok
23:59:41.0605 6004 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:59:41.0605 6004 sdbus - ok
23:59:41.0636 6004 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:59:41.0652 6004 SDRSVC - ok
23:59:41.0667 6004 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:59:41.0667 6004 secdrv - ok
23:59:41.0699 6004 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:59:41.0714 6004 seclogon - ok
23:59:41.0745 6004 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:59:41.0745 6004 SENS - ok
23:59:41.0777 6004 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:59:41.0777 6004 Serenum - ok
23:59:41.0823 6004 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:59:41.0823 6004 Serial - ok
23:59:41.0855 6004 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:59:41.0855 6004 sermouse - ok
23:59:41.0901 6004 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:59:41.0917 6004 SessionEnv - ok
23:59:41.0948 6004 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:59:41.0948 6004 sffdisk - ok
23:59:41.0964 6004 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:59:41.0964 6004 sffp_mmc - ok
23:59:41.0995 6004 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:59:41.0995 6004 sffp_sd - ok
23:59:42.0026 6004 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:59:42.0026 6004 sfloppy - ok
23:59:42.0057 6004 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:59:42.0073 6004 SharedAccess - ok
23:59:42.0104 6004 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:59:42.0120 6004 ShellHWDetection - ok
23:59:42.0135 6004 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:59:42.0151 6004 sisagp - ok
23:59:42.0167 6004 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:59:42.0167 6004 SiSRaid2 - ok
23:59:42.0198 6004 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:59:42.0198 6004 SiSRaid4 - ok
23:59:42.0245 6004 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:59:42.0354 6004 SkypeUpdate - ok
23:59:42.0510 6004 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:59:42.0619 6004 slsvc - ok
23:59:42.0666 6004 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:59:42.0681 6004 SLUINotify - ok
23:59:42.0713 6004 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:59:42.0713 6004 Smb - ok
23:59:42.0759 6004 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:59:42.0759 6004 SNMPTRAP - ok
23:59:42.0853 6004 [ 53D1E2ECBF26B313FFDD2B8BA3D2F66E ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
23:59:42.0900 6004 SNP2UVC - ok
23:59:42.0978 6004 [ D08D19EE68CB88AB1BC5DA3081505847 ] snpstd C:\Windows\system32\DRIVERS\snpstd.sys
23:59:42.0978 6004 snpstd - ok
23:59:43.0009 6004 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:59:43.0009 6004 spldr - ok
23:59:43.0040 6004 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:59:43.0056 6004 Spooler - ok
23:59:43.0087 6004 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:59:43.0087 6004 srv - ok
23:59:43.0118 6004 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:59:43.0134 6004 srv2 - ok
23:59:43.0149 6004 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:59:43.0149 6004 srvnet - ok
23:59:43.0196 6004 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:59:43.0196 6004 SSDPSRV - ok
23:59:43.0227 6004 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:59:43.0243 6004 ssmdrv - ok
23:59:43.0274 6004 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:59:43.0290 6004 SstpSvc - ok
23:59:43.0337 6004 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
23:59:43.0337 6004 StillCam - ok
23:59:43.0399 6004 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:59:43.0415 6004 stisvc - ok
23:59:43.0430 6004 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:59:43.0430 6004 swenum - ok
23:59:43.0477 6004 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:59:43.0493 6004 swprv - ok
23:59:43.0524 6004 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:59:43.0524 6004 Symc8xx - ok
23:59:43.0555 6004 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:59:43.0555 6004 Sym_hi - ok
23:59:43.0571 6004 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:59:43.0571 6004 Sym_u3 - ok
23:59:43.0633 6004 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:59:43.0649 6004 SysMain - ok
23:59:43.0680 6004 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:59:43.0680 6004 TabletInputService - ok
23:59:43.0727 6004 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:59:43.0742 6004 TapiSrv - ok
23:59:43.0773 6004 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:59:43.0773 6004 TBS - ok
23:59:43.0836 6004 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:59:43.0836 6004 Tcpip - ok
23:59:43.0883 6004 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:59:43.0883 6004 Tcpip6 - ok
23:59:43.0945 6004 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:59:43.0945 6004 tcpipreg - ok
23:59:43.0976 6004 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:59:43.0976 6004 TDPIPE - ok
23:59:44.0007 6004 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:59:44.0007 6004 TDTCP - ok
23:59:44.0039 6004 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:59:44.0039 6004 tdx - ok
23:59:44.0054 6004 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:59:44.0070 6004 TermDD - ok
23:59:44.0101 6004 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:59:44.0117 6004 TermService - ok
23:59:44.0148 6004 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:59:44.0148 6004 Themes - ok
23:59:44.0163 6004 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:59:44.0163 6004 THREADORDER - ok
23:59:44.0195 6004 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:59:44.0195 6004 TrkWks - ok
23:59:44.0241 6004 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:59:44.0241 6004 TrustedInstaller - ok
23:59:44.0273 6004 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:44.0273 6004 tssecsrv - ok
23:59:44.0304 6004 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:59:44.0304 6004 tunmp - ok
23:59:44.0351 6004 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:59:44.0351 6004 tunnel - ok
23:59:44.0382 6004 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:59:44.0382 6004 uagp35 - ok
23:59:44.0413 6004 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:59:44.0413 6004 udfs - ok
23:59:44.0460 6004 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:59:44.0460 6004 UI0Detect - ok
23:59:44.0491 6004 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:59:44.0491 6004 uliagpkx - ok
23:59:44.0522 6004 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:59:44.0522 6004 uliahci - ok
23:59:44.0553 6004 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:59:44.0553 6004 UlSata - ok
23:59:44.0585 6004 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:59:44.0585 6004 ulsata2 - ok
23:59:44.0600 6004 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:59:44.0616 6004 umbus - ok
23:59:44.0647 6004 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:59:44.0663 6004 upnphost - ok
23:59:44.0725 6004 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:59:44.0725 6004 usbaudio - ok
23:59:44.0756 6004 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:44.0772 6004 usbccgp - ok
23:59:44.0787 6004 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:59:44.0787 6004 usbcir - ok
23:59:44.0834 6004 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:59:44.0834 6004 usbehci - ok
23:59:44.0897 6004 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:59:44.0897 6004 usbhub - ok
23:59:44.0943 6004 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:59:44.0943 6004 usbohci - ok
23:59:44.0975 6004 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:59:44.0975 6004 usbprint - ok
23:59:45.0021 6004 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:59:45.0021 6004 usbscan - ok
23:59:45.0053 6004 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:45.0068 6004 USBSTOR - ok
23:59:45.0115 6004 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:59:45.0115 6004 usbuhci - ok
23:59:45.0162 6004 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:59:45.0162 6004 usbvideo - ok
23:59:45.0209 6004 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:59:45.0224 6004 UxSms - ok
23:59:45.0255 6004 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:59:45.0271 6004 vds - ok
23:59:45.0287 6004 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:45.0302 6004 vga - ok
23:59:45.0318 6004 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:59:45.0333 6004 VgaSave - ok
23:59:45.0349 6004 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:59:45.0349 6004 viaagp - ok
23:59:45.0396 6004 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:59:45.0396 6004 ViaC7 - ok
23:59:45.0427 6004 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
23:59:45.0427 6004 viaide - ok
23:59:45.0427 6004 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:59:45.0443 6004 volmgr - ok
23:59:45.0489 6004 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:59:45.0489 6004 volmgrx - ok
23:59:45.0536 6004 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:59:45.0536 6004 volsnap - ok
23:59:45.0567 6004 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:59:45.0567 6004 vsmraid - ok
23:59:45.0630 6004 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:59:45.0661 6004 VSS - ok
23:59:45.0801 6004 [ F4FAB0B9D43A65F79FC838C94006F643 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
23:59:45.0848 6004 VX1000 - ok
23:59:45.0879 6004 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:59:45.0895 6004 W32Time - ok
23:59:45.0942 6004 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:59:45.0957 6004 WacomPen - ok
23:59:45.0989 6004 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:59:45.0989 6004 Wanarp - ok
23:59:45.0989 6004 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:59:46.0004 6004 Wanarpv6 - ok
23:59:46.0051 6004 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:59:46.0051 6004 WcesComm - ok
23:59:46.0098 6004 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:59:46.0113 6004 wcncsvc - ok
23:59:46.0145 6004 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:59:46.0160 6004 WcsPlugInService - ok
23:59:46.0191 6004 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
23:59:46.0191 6004 Wd - ok
23:59:46.0254 6004 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:59:46.0269 6004 Wdf01000 - ok
23:59:46.0301 6004 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:59:46.0301 6004 WdiServiceHost - ok
23:59:46.0316 6004 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:59:46.0332 6004 WdiSystemHost - ok
23:59:46.0363 6004 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:59:46.0379 6004 WebClient - ok
23:59:46.0425 6004 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:59:46.0425 6004 Wecsvc - ok
23:59:46.0488 6004 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:59:46.0503 6004 wercplsupport - ok
23:59:46.0535 6004 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:59:46.0550 6004 WerSvc - ok
23:59:46.0597 6004 [ 3344B5C3209E538291398FF12F895155 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:59:46.0613 6004 winachsf - ok
23:59:46.0675 6004 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:59:46.0675 6004 WinDefend - ok
23:59:46.0691 6004 WinHttpAutoProxySvc - ok
23:59:46.0753 6004 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:59:46.0815 6004 Winmgmt - ok
23:59:46.0878 6004 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:59:46.0925 6004 WinRM - ok
23:59:46.0971 6004 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
23:59:46.0971 6004 winusb - ok
23:59:47.0018 6004 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:59:47.0049 6004 Wlansvc - ok
23:59:47.0159 6004 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:59:47.0174 6004 wlcrasvc - ok
23:59:47.0299 6004 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:59:47.0377 6004 wlidsvc - ok
23:59:47.0408 6004 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:59:47.0408 6004 WmiAcpi - ok
23:59:47.0455 6004 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:59:47.0455 6004 wmiApSrv - ok
23:59:47.0533 6004 [ 4DF6ABD3B78B5B296E8D82C01E8D466D ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
23:59:47.0564 6004 WMIService - ok
23:59:47.0658 6004 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:59:47.0689 6004 WMPNetworkSvc - ok
23:59:47.0720 6004 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:59:47.0736 6004 WPCSvc - ok
23:59:47.0767 6004 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:59:47.0767 6004 WPDBusEnum - ok
23:59:47.0814 6004 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:59:47.0829 6004 WpdUsb - ok
23:59:47.0923 6004 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:59:47.0985 6004 WPFFontCache_v0400 - ok
23:59:48.0032 6004 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:59:48.0032 6004 ws2ifsl - ok
23:59:48.0095 6004 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
23:59:48.0095 6004 wscsvc - ok
23:59:48.0110 6004 WSearch - ok
23:59:48.0157 6004 [ 2584DF81CC9F7E7BD3545691106F8CAE ] WSVD C:\Windows\system32\drivers\WSVD.sys
23:59:48.0173 6004 WSVD - ok
23:59:48.0266 6004 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:59:48.0313 6004 wuauserv - ok
23:59:48.0360 6004 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:48.0375 6004 WUDFRd - ok
23:59:48.0422 6004 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:59:48.0422 6004 wudfsvc - ok
23:59:48.0469 6004 [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
23:59:48.0469 6004 XAudio - ok
23:59:48.0531 6004 [ F82FC2C30A19442B95AE554215837C46 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
23:59:48.0531 6004 XAudioService - ok
23:59:48.0594 6004 [ 8098180B3F6C430A4E60333BC036F936 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
23:59:48.0594 6004 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
23:59:48.0609 6004 ================ Scan global ===============================
23:59:48.0656 6004 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:59:48.0703 6004 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:59:48.0734 6004 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:59:48.0781 6004 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:59:48.0781 6004 [Global] - ok
23:59:48.0781 6004 ================ Scan MBR ==================================
23:59:48.0812 6004 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
23:59:52.0525 6004 \Device\Harddisk0\DR0 - ok
23:59:52.0525 6004 ================ Scan VBR ==================================
23:59:52.0525 6004 [ 5F70033978FDCE161E5A25A2D6641D54 ] \Device\Harddisk0\DR0\Partition1
23:59:52.0525 6004 \Device\Harddisk0\DR0\Partition1 - ok
23:59:52.0541 6004 [ 487AE75B28F639D1DF1E539C52705FFB ] \Device\Harddisk0\DR0\Partition2
23:59:52.0541 6004 \Device\Harddisk0\DR0\Partition2 - ok
23:59:52.0541 6004 ============================================================
23:59:52.0541 6004 Scan finished
23:59:52.0541 6004 ============================================================
23:59:52.0572 5160 Detected object count: 0
23:59:52.0572 5160 Actual detected object count: 0
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-30 23:23:55
-----------------------------
23:23:55.341 OS Version: Windows 6.0.6002 Service Pack 2
23:23:55.341 Number of processors: 2 586 0xE0C
23:23:55.341 ComputerName: SENGÜLSBOOK UserName: MILCHSTRAßE
23:24:59.017 Initialize success
23:28:23.307 AVAST engine defs: 12113001
23:29:06.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:29:06.972 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
23:29:07.003 Disk 0 MBR read successfully
23:29:07.003 Disk 0 MBR scan
23:29:07.034 Disk 0 unknown MBR code
23:29:07.034 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
23:29:07.081 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 71448 MB offset 20467712
23:29:07.128 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71184 MB offset 166793216
23:29:07.159 Disk 0 scanning sectors +312578048
23:29:07.252 Disk 0 scanning C:\Windows\system32\drivers
23:29:33.663 Service scanning
23:30:21.196 Modules scanning
23:30:35.626 Disk 0 trace - called modules:
23:30:35.658 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
23:30:35.673 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88925620]
23:30:35.673 3 CLASSPNP.SYS[8a9ba8b3] -> nt!IofCallDriver -> [0x871e0258]
23:30:35.689 5 acpi.sys[8a09f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87b34030]
23:30:36.328 AVAST engine scan C:\Windows
23:30:42.022 AVAST engine scan C:\Windows\system32
23:37:04.176 AVAST engine scan C:\Windows\system32\drivers
23:37:28.262 AVAST engine scan C:\Users\MILCHSTRAßE
23:50:23.005 AVAST engine scan C:\ProgramData
23:54:41.393 Scan finished successfully
23:57:58.723 Disk 0 MBR has been saved successfully to "C:\Users\MILCHSTRAßE\Downloads\MBR.dat"
23:57:58.738 The log file has been saved successfully to "C:\Users\MILCHSTRAßE\Downloads\aswMBR.txt"
Wozu sind eigentlich überhaupt die beiden Plagegeister im Stande? Gibt es schlimme Folgen dadurch? Will mich seelisch schonmal vorbereiten, falls was in die Hose geht  |
|
03.12.2012, 07:53
| #4 |
| /// Malwareteam | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Schritt 1: Fix mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Upagdibe] C:\Users\MILCHSTRAßE\AppData\Roaming\Ocopyn\oqocy.exe File not found
F3 - HKCU WinNT: Load - (C:\Users\MILCHS~1\LOCALS~1\Temp\msniof.exe) - File not found
[2012.07.21 22:36:42 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Cuqo
[2012.07.21 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Ezihp
[2012.07.21 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Koum
[2012.07.21 22:02:43 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Lyvaho
[2012.07.21 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Nenola
[2012.07.23 10:47:51 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Ocopyn
[2010.08.12 22:47:46 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Sumey
[2012.07.21 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Utymc
[2012.07.21 23:04:11 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Voyw
[2012.07.23 02:12:31 | 000,000,000 | ---D | M] -- C:\Users\MILCHSTRAßE\AppData\Roaming\Yrnaem
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:375A40C3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94188BC6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0A73A758
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7B212553
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A
:COMMANDS
[emptytemp]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
Schritt 3: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.12.2012, 11:33
| #5 |
| | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Heureka...Ok erledigt! Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Upagdibe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\MILCHS~1\LOCALS~1\Temp\msniof.exe deleted successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Cuqo folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Ezihp folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Koum folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Lyvaho folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Nenola folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Ocopyn folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Sumey folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Utymc folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Voyw folder moved successfully.
C:\Users\MILCHSTRAßE\AppData\Roaming\Yrnaem folder moved successfully.
ADS C:\ProgramData\TEMP:B203B914 deleted successfully.
ADS C:\ProgramData\TEMP:A95A95AC deleted successfully.
ADS C:\ProgramData\TEMP:375A40C3 deleted successfully.
ADS C:\ProgramData\TEMP:94188BC6 deleted successfully.
ADS C:\ProgramData\TEMP:AA9519A6 deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
ADS C:\ProgramData\TEMP:0A73A758 deleted successfully.
ADS C:\ProgramData\TEMP:7B212553 deleted successfully.
ADS C:\ProgramData\TEMP:30A9E86A deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: MILCHSTRAßE
->Temp folder emptied: 1744584837 bytes
->Temporary Internet Files folder emptied: 526759504 bytes
->Java cache emptied: 15168058 bytes
->FireFox cache emptied: 111878827 bytes
->Flash cache emptied: 11790924 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 699181602 bytes
RecycleBin emptied: 215004405 bytes
Total Files Cleaned = 3.170,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12032012_103044
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v2.011 - Datei am 03/12/2012 um 11:06:54 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : MILCHSTRAßE - SENGÜLSBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MILCHSTRAßE\Downloads\adwcleaner(3).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\MILCHSTRAßE\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\MILCHSTRAßE\AppData\Roaming\Mozilla\Firefox\Profiles\7no7zmge.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6559 octets] - [29/11/2012 22:22:08]
AdwCleaner[S2].txt - [6353 octets] - [29/11/2012 22:26:58]
AdwCleaner[S3].txt - [979 octets] - [03/12/2012 11:06:54]
########## EOF - C:\AdwCleaner[S3].txt - [1038 octets] ##########
Beim MBAM musste ich nochmal nen Quickscan durchführen, da ich das Logfile nicht kopierte( dachte hätte es), aber es wurden keine infizierten Objekte gefunden  hier nochmal der zweite Durchlauf Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.03.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 MILCHSTRAßE :: SENGÜLSBOOK [Administrator] 03.12.2012 11:24:33 mbam-log-2012-12-03 (11-24-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 198213 Laufzeit: 8 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)  , wie ich's erkennen kann |
|
03.12.2012, 13:57
| #6 |
| /// Malwareteam | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ --> PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( |
|
03.12.2012, 17:49
| #7 |
| | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Yieeehaaaaa scheint alles clean zu sein...ich hatte schon den vollständigen Scan durch MBAM gemacht...nada, war kein Fund...bei ESET wurd auch nichts gefunden 0 Threats und es gab auch nicht die Möglichkeit auf List of found threats zu klicken, geschweigedenn den Klick für Export to text file...Finde die Logfiles nicht nachträglich. Ehhhmmmm, also ist dann alles okidoki?  |
|
04.12.2012, 08:14
| #8 |
| /// Malwareteam | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Dann sind wir durch! Schritt 1: Adobe Reader update Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.
Schritt 2: Adobe Shockwave Player update Dein Shockwave-Player ist veraltet. Um den Shockwave Player zu aktualisieren, gehe bitte wie folgt vor:
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button Systemwiederherstellungspunkte löschen
Code:
ATTFilter :Commands
[clearallrestorepoints]
OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. ComboFix
Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.12.2012, 12:02
| #9 |
| | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Wow wow wow!!! 1000000000 dank für die super Tipps, werden gleich alle umgesetzt. Ich kann nicht genug danken, das war richtig super...vor allem war alles so klasse erklärt, dass auch eine Laiin, wie ich alles bestens verstanden hat!!! Ihr seid richtig großartig! Also danke nochmals für die Mühe!!!  Eigentlich hätte ich jetzt nen Kuchen backen müssen für euch vor Freude  ...wünsche frohe und besinnliche Weihnachtstage  Ganz herzliche Grüße aus der Schweiz! Noidea77 |
|
04.12.2012, 13:45
| #10 |
| /// Malwareteam | PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( Schön, dass wir helfen konnten! Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :( |
| 32 bit, absolut, compu, crazy, detected, down, entfern, entfernt, fehlermeldung, folge, folgende, gmx.net, hilfe!, hilfe!!!, install.exe, kann nicht entfernt werden, limited.com/facebook, malewarebytes, office 2007, please, plug-in, problem, pum.userwload, quarantäne, scan, shut down, spotify web helper, stürzt, troja, trojan.agent, trotz, windows |
Textbox.
Linear-Darstellung
