| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Hostprozess wurde geschlossenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.02.2013, 08:36
| #1 |
 |  Windows Hostprozess wurde geschlossen Hallo,ich habe ein Problem mit meinen Laptop seit einiger zeit schreibt er immer wieder Windows Hostprozess wird geschlossen mit dem Konnte ich einiger massen Leben obwohl ich nicht weis wozu ich den Brauche seit 2 Tagen Schreibt er aber auch das er ein Speicherproblem hat,er bleit hängen oder sehr häufig auch ein absturz mit blauen bild und da steht er hat Probleme mit Hardware mein englisch ist nicht gut und ich verstehe nichts habe jetzt euren Malwarebyts drüberlaufen lassen anhang schick ich mit bitte helft mir aber bitte genau beschreiben danke TrixiMalwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.19.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Trixi :: TRIXI-PC [Administrator] Schutz: Aktiviert 19.02.2013 08:26:09 mbam-log-2013-02-19 (08-26-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205467 Laufzeit: 4 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\YontooIEClient.Layers.1 (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\YontooIEClient.Layers (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\Yontoo Layers\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.02.2013, 12:21
| #2 |
| /// Malware-holic   | Windows Hostprozess wurde geschlossen Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
19.02.2013, 13:51
| #3 |
| | Windows Hostprozess wurde geschlossen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 19.02.2013 13:17:46 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trixi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,72% Memory free 6,18 Gb Paging File | 5,07 Gb Available in Paging File | 82,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 36,02 Gb Free Space | 32,29% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 25,89 Gb Free Space | 23,21% Space Free | Partition Type: NTFS Computer Name: TRIXI-PC | User Name: Trixi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Trixi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (wjyftn) -- System32\drivers\gdmk.sys File not found DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (RTL8187B) -- system32\DRIVERS\wg111v3.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediMail.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 1A CF 58 E2 2A CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT327 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=c_TfnxvsSHwxAAAcJ-mdcB0uTtI?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=6Oy9p1n3l1 IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.08.03 07:52:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.30 15:29:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.30 15:29:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Users\Trixi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\E-Mail - Verknüpfung.lnk = File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D737064F-4555-4481-BF59-F79621FCA544}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Trixi\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\Trixi\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O27 - HKLM IFEO\acer elock management.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\enmtray.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\epower_dmc.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\epresentationlauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\eragent.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\esettings.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\googledesktop.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\googledesktopsetup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\wordview.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{87250374-1eb4-11df-9a28-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{87250374-1eb4-11df-9a28-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - File not found MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: SynTPStart - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.19 08:38:43 | 000,000,000 | ---D | C] -- C:\Avenger [2013.02.19 08:23:46 | 000,000,000 | ---D | C] -- C:\Users\Trixi\AppData\Roaming\Malwarebytes [2013.02.19 08:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.19 08:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.19 08:23:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.19 08:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.18 17:45:35 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.18 16:45:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trixi\Desktop\OTL.exe [2013.02.18 15:26:16 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.18 15:21:36 | 000,000,000 | ---D | C] -- C:\Users\Trixi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2013.02.12 07:29:41 | 000,000,000 | ---D | C] -- C:\Users\Trixi\Desktop\Neuer Ordner [2013.02.09 14:24:13 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.02.09 14:24:13 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.02.09 14:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.02.09 14:23:36 | 000,000,000 | ---D | C] -- C:\Users\Trixi\AppData\Roaming\TuneUp Software [2013.02.09 14:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2013.02.09 14:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.02.09 14:21:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.02.09 14:21:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.29 19:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.01.23 16:00:59 | 000,000,000 | -HSD | C] -- C:\found.003 [2013.01.22 08:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2013.01.21 08:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.01.21 08:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.02.19 12:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.19 12:21:15 | 004,658,348 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.19 12:21:15 | 001,864,396 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.19 12:21:15 | 001,452,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.19 12:21:15 | 001,318,674 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.19 12:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 12:16:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 12:16:24 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Trixi.job [2013.02.19 12:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.19 12:16:08 | 303,769,927 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.19 10:41:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Trixi.job [2013.02.19 08:23:35 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.18 19:45:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Trixi.job [2013.02.18 17:56:55 | 000,597,473 | ---- | M] () -- C:\Users\Trixi\Desktop\OTL.rar [2013.02.18 16:45:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trixi\Desktop\OTL.exe [2013.02.18 16:30:54 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.18 15:51:31 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.18 15:47:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.15 13:16:13 | 000,001,647 | ---- | M] () -- C:\Users\Trixi\Documents\Dokument.rtf [2013.02.13 19:17:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.02.13 18:16:40 | 000,385,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.13 12:44:56 | 000,189,440 | ---- | M] () -- C:\Users\Trixi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.09 14:24:08 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.02.09 14:24:08 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.01.28 14:19:32 | 000,032,032 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.01.28 14:19:28 | 000,021,792 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.01.25 11:01:45 | 000,047,565 | ---- | M] () -- C:\Users\Trixi\Desktop\Kardinalschnitte [2013.01.22 08:46:46 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk ========== Files Created - No Company Name ========== [2013.02.19 08:46:34 | 303,769,927 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.19 08:23:35 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.18 17:56:55 | 000,597,473 | ---- | C] () -- C:\Users\Trixi\Desktop\OTL.rar [2013.02.15 13:16:13 | 000,001,647 | ---- | C] () -- C:\Users\Trixi\Documents\Dokument.rtf [2013.02.10 16:42:35 | 000,385,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.09 14:24:08 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.02.09 14:24:08 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.02.09 14:24:07 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.01.29 19:23:11 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.01.29 19:23:11 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.27 19:29:02 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Trixi.job [2013.01.27 19:29:01 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Trixi.job [2013.01.27 19:29:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Trixi.job [2013.01.25 11:01:45 | 000,047,565 | ---- | C] () -- C:\Users\Trixi\Desktop\Kardinalschnitte [2013.01.25 10:40:21 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk [2013.01.22 08:46:46 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.12.30 15:22:04 | 000,233,456 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.12.30 08:45:02 | 000,000,000 | ---- | C] () -- C:\Users\Trixi\AppData\Local\{866EB13C-254B-4340-8B4A-328F094BE8BD} [2011.11.26 14:57:54 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini [2011.06.23 14:44:17 | 000,000,278 | ---- | C] () -- C:\Users\Trixi\AppData\Roaming\burnaware.ini [2010.10.09 08:15:55 | 000,016,384 | ---- | C] () -- C:\Users\Trixi\Sicherung.BJF [2010.03.25 10:18:45 | 002,583,110 | ---- | C] () -- C:\Users\Trixi\DSCN0205.JPG [2010.03.25 10:18:39 | 002,753,223 | ---- | C] () -- C:\Users\Trixi\DSCN0208.JPG [2010.03.25 10:18:33 | 002,846,489 | ---- | C] () -- C:\Users\Trixi\DSCN0235.JPG [2010.01.20 16:21:11 | 000,000,128 | ---- | C] () -- C:\Users\Trixi\AppData\Roaming\default.rss [2010.01.18 12:37:27 | 002,805,455 | ---- | C] () -- C:\Users\Trixi\DSCN0238.JPG [2009.12.09 10:24:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.01 19:43:51 | 000,000,680 | ---- | C] () -- C:\Users\Trixi\AppData\Local\d3d9caps.dat [2009.05.11 11:17:04 | 000,189,440 | ---- | C] () -- C:\Users\Trixi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.19 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Ashampoo [2013.01.22 08:48:59 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\BitTorrent [2010.09.24 19:11:59 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Boilsoft [2011.06.23 14:02:04 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\DeepBurner [2012.09.30 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\DVDVideoSoft [2012.09.30 19:01:44 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.21 17:35:41 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Ebner [2012.12.26 18:19:43 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\MOVAVI [2012.09.30 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\OpenCandy [2009.11.23 13:31:58 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\OpenOffice.org [2009.05.11 16:49:20 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Opera [2010.01.21 10:47:50 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\PC Suite [2010.10.22 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Samsung [2013.02.09 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\TuneUp Software [2013.01.28 13:00:15 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.10 05:01:10 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.11.26 11:02:30 | 000,000,000 | ---D | M] -- C:\0e9734bf7def2c435119c257f7b7ea [2012.11.13 15:52:38 | 000,000,000 | ---D | M] -- C:\3a5a7332157a32e3e1cc78 [2009.02.23 17:40:40 | 000,000,000 | ---D | M] -- C:\Acer [2013.02.19 08:38:43 | 000,000,000 | ---D | M] -- C:\Avenger [2009.02.24 02:21:55 | 000,000,000 | ---D | M] -- C:\Book [2009.07.02 15:11:13 | 000,000,000 | -HSD | M] -- C:\Boot [2013.02.18 16:30:49 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.05.11 09:45:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.05.11 09:58:18 | 000,000,000 | ---D | M] -- C:\Elements [2011.01.06 00:25:42 | 000,000,000 | ---D | M] -- C:\extensions [2010.06.05 13:20:15 | 000,000,000 | ---D | M] -- C:\found.000 [2010.10.18 15:47:43 | 000,000,000 | ---D | M] -- C:\found.001 [2013.02.10 12:24:24 | 000,000,000 | -HSD | M] -- C:\found.002 [2013.01.23 16:00:59 | 000,000,000 | -HSD | M] -- C:\found.003 [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.19 08:23:27 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.19 08:23:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.05.11 09:45:46 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.03 20:34:02 | 000,000,000 | ---D | M] -- C:\sj666 [2013.02.19 13:19:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.09.24 19:19:46 | 000,000,000 | ---D | M] -- C:\Torrent_DVD [2010.10.22 19:10:55 | 000,000,000 | R--D | M] -- C:\Users [2013.02.19 12:16:08 | 000,000,000 | ---D | M] -- C:\Windows [2013.02.18 17:45:35 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,606 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.11.28 10:00:29 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.11.28 10:00:30 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.09.28 23:09:26 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.01.27 19:29:00 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Trixi.job [2013.01.27 19:29:01 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Trixi.job [2013.01.27 19:29:02 | 000,000,376 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Trixi.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.01.18 12:36:46 | 002,583,110 | ---- | M] () -- C:\Users\Trixi\DSCN0205.JPG [2010.01.18 12:37:02 | 002,753,223 | ---- | M] () -- C:\Users\Trixi\DSCN0208.JPG [2010.01.18 12:37:14 | 002,846,489 | ---- | M] () -- C:\Users\Trixi\DSCN0235.JPG [2010.01.18 12:37:27 | 002,805,455 | ---- | M] () -- C:\Users\Trixi\DSCN0238.JPG [2013.02.19 13:16:59 | 004,980,736 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat [2013.02.19 13:16:59 | 000,262,144 | -H-- | M] () -- C:\Users\Trixi\ntuser.dat.LOG1 [2009.06.28 10:59:05 | 000,262,144 | -H-- | M] () -- C:\Users\Trixi\ntuser.dat.LOG2 [2009.06.28 10:59:05 | 001,048,576 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms [2009.06.28 10:59:05 | 001,048,576 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms [2009.06.28 10:59:06 | 001,048,576 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms [2009.06.28 10:59:05 | 000,065,536 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf [2010.06.16 22:43:15 | 000,065,536 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.16 22:43:15 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.05.11 10:33:03 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2013.02.19 08:38:00 | 000,065,536 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat{d969dfba-7ab4-11df-849a-000000000000}.TM.blf [2013.02.19 08:38:00 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat{d969dfba-7ab4-11df-849a-000000000000}.TMContainer00000000000000000001.regtrans-ms [2010.06.18 09:42:47 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat{d969dfba-7ab4-11df-849a-000000000000}.TMContainer00000000000000000002.regtrans-ms [2009.05.11 09:49:34 | 000,000,020 | -HS- | M] () -- C:\Users\Trixi\ntuser.ini [2010.10.09 08:17:06 | 000,016,384 | ---- | M] () -- C:\Users\Trixi\Sicherung.BJF [2010.09.01 19:27:29 | 000,027,136 | -HS- | M] () -- C:\Users\Trixi\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Ich hoffe es war so richtig, Danke OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.02.2013 13:17:46 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trixi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,72% Memory free 6,18 Gb Paging File | 5,07 Gb Available in Paging File | 82,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 36,02 Gb Free Space | 32,29% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 25,89 Gb Free Space | 23,21% Space Free | Partition Type: NTFS Computer Name: TRIXI-PC | User Name: Trixi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Trixi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (wjyftn) -- System32\drivers\gdmk.sys File not found DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (RTL8187B) -- system32\DRIVERS\wg111v3.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediMail.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 1A CF 58 E2 2A CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT327 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=c_TfnxvsSHwxAAAcJ-mdcB0uTtI?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=6Oy9p1n3l1 IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.08.03 07:52:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.30 15:29:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.30 15:29:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - Startup: C:\Users\Trixi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\E-Mail - Verknüpfung.lnk = File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D737064F-4555-4481-BF59-F79621FCA544}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Trixi\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\Trixi\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O27 - HKLM IFEO\acer elock management.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\enmtray.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\epower_dmc.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\epresentationlauncher.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\eragent.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\esettings.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\googledesktop.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\googledesktopsetup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\wordview.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{87250374-1eb4-11df-9a28-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{87250374-1eb4-11df-9a28-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - File not found MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: SynTPStart - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.19 08:38:43 | 000,000,000 | ---D | C] -- C:\Avenger [2013.02.19 08:23:46 | 000,000,000 | ---D | C] -- C:\Users\Trixi\AppData\Roaming\Malwarebytes [2013.02.19 08:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.19 08:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.19 08:23:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.19 08:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.18 17:45:35 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.18 16:45:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trixi\Desktop\OTL.exe [2013.02.18 15:26:16 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.18 15:21:36 | 000,000,000 | ---D | C] -- C:\Users\Trixi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2013.02.12 07:29:41 | 000,000,000 | ---D | C] -- C:\Users\Trixi\Desktop\Neuer Ordner [2013.02.09 14:24:13 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.02.09 14:24:13 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.02.09 14:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.02.09 14:23:36 | 000,000,000 | ---D | C] -- C:\Users\Trixi\AppData\Roaming\TuneUp Software [2013.02.09 14:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2013.02.09 14:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.02.09 14:21:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.02.09 14:21:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.29 19:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.01.23 16:00:59 | 000,000,000 | -HSD | C] -- C:\found.003 [2013.01.22 08:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2013.01.21 08:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.01.21 08:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.02.19 12:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.19 12:21:15 | 004,658,348 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.19 12:21:15 | 001,864,396 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.19 12:21:15 | 001,452,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.19 12:21:15 | 001,318,674 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.19 12:16:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 12:16:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 12:16:24 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Trixi.job [2013.02.19 12:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.19 12:16:08 | 303,769,927 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.19 10:41:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Trixi.job [2013.02.19 08:23:35 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.18 19:45:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Trixi.job [2013.02.18 17:56:55 | 000,597,473 | ---- | M] () -- C:\Users\Trixi\Desktop\OTL.rar [2013.02.18 16:45:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trixi\Desktop\OTL.exe [2013.02.18 16:30:54 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.18 15:51:31 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.18 15:47:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.15 13:16:13 | 000,001,647 | ---- | M] () -- C:\Users\Trixi\Documents\Dokument.rtf [2013.02.13 19:17:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.02.13 18:16:40 | 000,385,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.13 12:44:56 | 000,189,440 | ---- | M] () -- C:\Users\Trixi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.09 14:24:08 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.02.09 14:24:08 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.01.28 14:19:32 | 000,032,032 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.01.28 14:19:28 | 000,021,792 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.01.25 11:01:45 | 000,047,565 | ---- | M] () -- C:\Users\Trixi\Desktop\Kardinalschnitte [2013.01.22 08:46:46 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk ========== Files Created - No Company Name ========== [2013.02.19 08:46:34 | 303,769,927 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.19 08:23:35 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.18 17:56:55 | 000,597,473 | ---- | C] () -- C:\Users\Trixi\Desktop\OTL.rar [2013.02.15 13:16:13 | 000,001,647 | ---- | C] () -- C:\Users\Trixi\Documents\Dokument.rtf [2013.02.10 16:42:35 | 000,385,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.09 14:24:08 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.02.09 14:24:08 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.02.09 14:24:07 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.01.29 19:23:11 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.01.29 19:23:11 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.27 19:29:02 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Trixi.job [2013.01.27 19:29:01 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Trixi.job [2013.01.27 19:29:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Trixi.job [2013.01.25 11:01:45 | 000,047,565 | ---- | C] () -- C:\Users\Trixi\Desktop\Kardinalschnitte [2013.01.25 10:40:21 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk [2013.01.22 08:46:46 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.12.30 15:22:04 | 000,233,456 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.12.30 08:45:02 | 000,000,000 | ---- | C] () -- C:\Users\Trixi\AppData\Local\{866EB13C-254B-4340-8B4A-328F094BE8BD} [2011.11.26 14:57:54 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini [2011.06.23 14:44:17 | 000,000,278 | ---- | C] () -- C:\Users\Trixi\AppData\Roaming\burnaware.ini [2010.10.09 08:15:55 | 000,016,384 | ---- | C] () -- C:\Users\Trixi\Sicherung.BJF [2010.03.25 10:18:45 | 002,583,110 | ---- | C] () -- C:\Users\Trixi\DSCN0205.JPG [2010.03.25 10:18:39 | 002,753,223 | ---- | C] () -- C:\Users\Trixi\DSCN0208.JPG [2010.03.25 10:18:33 | 002,846,489 | ---- | C] () -- C:\Users\Trixi\DSCN0235.JPG [2010.01.20 16:21:11 | 000,000,128 | ---- | C] () -- C:\Users\Trixi\AppData\Roaming\default.rss [2010.01.18 12:37:27 | 002,805,455 | ---- | C] () -- C:\Users\Trixi\DSCN0238.JPG [2009.12.09 10:24:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.01 19:43:51 | 000,000,680 | ---- | C] () -- C:\Users\Trixi\AppData\Local\d3d9caps.dat [2009.05.11 11:17:04 | 000,189,440 | ---- | C] () -- C:\Users\Trixi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.19 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Ashampoo [2013.01.22 08:48:59 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\BitTorrent [2010.09.24 19:11:59 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Boilsoft [2011.06.23 14:02:04 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\DeepBurner [2012.09.30 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\DVDVideoSoft [2012.09.30 19:01:44 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.21 17:35:41 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Ebner [2012.12.26 18:19:43 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\MOVAVI [2012.09.30 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\OpenCandy [2009.11.23 13:31:58 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\OpenOffice.org [2009.05.11 16:49:20 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Opera [2010.01.21 10:47:50 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\PC Suite [2010.10.22 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\Samsung [2013.02.09 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\TuneUp Software [2013.01.28 13:00:15 | 000,000,000 | ---D | M] -- C:\Users\Trixi\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.10 05:01:10 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.11.26 11:02:30 | 000,000,000 | ---D | M] -- C:\0e9734bf7def2c435119c257f7b7ea [2012.11.13 15:52:38 | 000,000,000 | ---D | M] -- C:\3a5a7332157a32e3e1cc78 [2009.02.23 17:40:40 | 000,000,000 | ---D | M] -- C:\Acer [2013.02.19 08:38:43 | 000,000,000 | ---D | M] -- C:\Avenger [2009.02.24 02:21:55 | 000,000,000 | ---D | M] -- C:\Book [2009.07.02 15:11:13 | 000,000,000 | -HSD | M] -- C:\Boot [2013.02.18 16:30:49 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.05.11 09:45:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.05.11 09:58:18 | 000,000,000 | ---D | M] -- C:\Elements [2011.01.06 00:25:42 | 000,000,000 | ---D | M] -- C:\extensions [2010.06.05 13:20:15 | 000,000,000 | ---D | M] -- C:\found.000 [2010.10.18 15:47:43 | 000,000,000 | ---D | M] -- C:\found.001 [2013.02.10 12:24:24 | 000,000,000 | -HSD | M] -- C:\found.002 [2013.01.23 16:00:59 | 000,000,000 | -HSD | M] -- C:\found.003 [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.19 08:23:27 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.19 08:23:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.05.11 09:45:46 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.03 20:34:02 | 000,000,000 | ---D | M] -- C:\sj666 [2013.02.19 13:19:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.09.24 19:19:46 | 000,000,000 | ---D | M] -- C:\Torrent_DVD [2010.10.22 19:10:55 | 000,000,000 | R--D | M] -- C:\Users [2013.02.19 12:16:08 | 000,000,000 | ---D | M] -- C:\Windows [2013.02.18 17:45:35 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,606 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.11.28 10:00:29 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.11.28 10:00:30 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.09.28 23:09:26 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.01.27 19:29:00 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Trixi.job [2013.01.27 19:29:01 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Trixi.job [2013.01.27 19:29:02 | 000,000,376 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Trixi.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.01.18 12:36:46 | 002,583,110 | ---- | M] () -- C:\Users\Trixi\DSCN0205.JPG [2010.01.18 12:37:02 | 002,753,223 | ---- | M] () -- C:\Users\Trixi\DSCN0208.JPG [2010.01.18 12:37:14 | 002,846,489 | ---- | M] () -- C:\Users\Trixi\DSCN0235.JPG [2010.01.18 12:37:27 | 002,805,455 | ---- | M] () -- C:\Users\Trixi\DSCN0238.JPG [2013.02.19 13:16:59 | 004,980,736 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat [2013.02.19 13:16:59 | 000,262,144 | -H-- | M] () -- C:\Users\Trixi\ntuser.dat.LOG1 [2009.06.28 10:59:05 | 000,262,144 | -H-- | M] () -- C:\Users\Trixi\ntuser.dat.LOG2 [2009.06.28 10:59:05 | 001,048,576 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms [2009.06.28 10:59:05 | 001,048,576 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms [2009.06.28 10:59:06 | 001,048,576 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms [2009.06.28 10:59:05 | 000,065,536 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf [2010.06.16 22:43:15 | 000,065,536 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.16 22:43:15 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.05.11 10:33:03 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2013.02.19 08:38:00 | 000,065,536 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat{d969dfba-7ab4-11df-849a-000000000000}.TM.blf [2013.02.19 08:38:00 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat{d969dfba-7ab4-11df-849a-000000000000}.TMContainer00000000000000000001.regtrans-ms [2010.06.18 09:42:47 | 000,524,288 | -HS- | M] () -- C:\Users\Trixi\ntuser.dat{d969dfba-7ab4-11df-849a-000000000000}.TMContainer00000000000000000002.regtrans-ms [2009.05.11 09:49:34 | 000,000,020 | -HS- | M] () -- C:\Users\Trixi\ntuser.ini [2010.10.09 08:17:06 | 000,016,384 | ---- | M] () -- C:\Users\Trixi\Sicherung.BJF [2010.09.01 19:27:29 | 000,027,136 | -HS- | M] () -- C:\Users\Trixi\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
19.02.2013, 17:26
| #4 |
| /// Malware-holic | Windows Hostprozess wurde geschlossen Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Trixi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\E-Mail - Verknüpfung.lnk = File not found
O4 - HKLM..\Run: [] File not found
:files
:Commands
[emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 18:57
| #5 |
| | Windows Hostprozess wurde geschlossen All processes killed ========== OTL ========== C:\Users\Trixi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\E-Mail - Verknüpfung.lnk moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Trixi ->Temp folder emptied: 2211913 bytes ->Temporary Internet Files folder emptied: 754066 bytes ->Java cache emptied: 39510957 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 10220223 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 132511 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 50,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02192013_185239 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
19.02.2013, 18:58
| #6 |
| /// Malware-holic | Windows Hostprozess wurde geschlossen hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Windows Hostprozess wurde geschlossen |
|
19.02.2013, 19:12
| #7 |
| | Windows Hostprozess wurde geschlossen Hi habe alles gemacht aber bitte wie kann ich ein logfile speichern |
|
19.02.2013, 19:42
| #8 |
| /// Malware-holic | Windows Hostprozess wurde geschlossen wo das log gespeichert ist, steht in der Anleitung.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 20:07
| #9 |
| | Windows Hostprozess wurde geschlossen Hi,ich hoffe das ist das was du brauchst 19:56:21.0861 1528 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:56:22.0161 1528 ============================================================ 19:56:22.0161 1528 Current date / time: 2013/02/19 19:56:22.0161 19:56:22.0161 1528 SystemInfo: 19:56:22.0161 1528 19:56:22.0161 1528 OS Version: 6.0.6002 ServicePack: 2.0 19:56:22.0161 1528 Product type: Workstation 19:56:22.0161 1528 ComputerName: TRIXI-PC 19:56:22.0162 1528 UserName: Trixi 19:56:22.0162 1528 Windows directory: C:\Windows 19:56:22.0162 1528 System windows directory: C:\Windows 19:56:22.0162 1528 Processor architecture: Intel x86 19:56:22.0162 1528 Number of processors: 2 19:56:22.0162 1528 Page size: 0x1000 19:56:22.0162 1528 Boot type: Normal boot 19:56:22.0162 1528 ============================================================ 19:56:24.0054 1528 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:56:24.0063 1528 ============================================================ 19:56:24.0063 1528 \Device\Harddisk0\DR0: 19:56:24.0063 1528 MBR partitions: 19:56:24.0063 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800 19:56:24.0063 1528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000 19:56:24.0063 1528 ============================================================ 19:56:24.0106 1528 C: <-> \Device\Harddisk0\DR0\Partition1 19:56:24.0218 1528 D: <-> \Device\Harddisk0\DR0\Partition2 19:56:24.0218 1528 ============================================================ 19:56:24.0218 1528 Initialize success 19:56:24.0218 1528 ============================================================ 19:56:32.0039 3784 ============================================================ 19:56:32.0039 3784 Scan started 19:56:32.0039 3784 Mode: Manual; SigCheck; TDLFS; 19:56:32.0039 3784 ============================================================ 19:56:32.0598 3784 ================ Scan system memory ======================== 19:56:32.0598 3784 System memory - ok 19:56:32.0599 3784 ================ Scan services ============================= 19:56:33.0144 3784 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 19:56:33.0366 3784 ACPI - ok 19:56:33.0428 3784 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 19:56:33.0446 3784 AdobeFlashPlayerUpdateSvc - ok 19:56:33.0496 3784 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:56:33.0536 3784 adp94xx - ok 19:56:33.0587 3784 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:56:33.0608 3784 adpahci - ok 19:56:33.0626 3784 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 19:56:33.0643 3784 adpu160m - ok 19:56:33.0657 3784 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:56:33.0675 3784 adpu320 - ok 19:56:33.0738 3784 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:56:33.0986 3784 AeLookupSvc - ok 19:56:34.0028 3784 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 19:56:34.0079 3784 AFD - ok 19:56:34.0136 3784 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:56:34.0158 3784 agp440 - ok 19:56:34.0206 3784 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 19:56:34.0240 3784 aic78xx - ok 19:56:34.0262 3784 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 19:56:34.0393 3784 ALG - ok 19:56:34.0410 3784 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 19:56:34.0430 3784 aliide - ok 19:56:34.0463 3784 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 19:56:34.0484 3784 amdagp - ok 19:56:34.0492 3784 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 19:56:34.0513 3784 amdide - ok 19:56:34.0546 3784 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 19:56:34.0605 3784 AmdK7 - ok 19:56:34.0612 3784 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 19:56:34.0656 3784 AmdK8 - ok 19:56:34.0691 3784 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 19:56:34.0743 3784 Appinfo - ok 19:56:34.0785 3784 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 19:56:34.0801 3784 arc - ok 19:56:34.0834 3784 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:56:34.0850 3784 arcsas - ok 19:56:34.0874 3784 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:56:34.0919 3784 AsyncMac - ok 19:56:34.0945 3784 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 19:56:34.0961 3784 atapi - ok 19:56:35.0014 3784 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:56:35.0043 3784 AudioEndpointBuilder - ok 19:56:35.0059 3784 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 19:56:35.0084 3784 Audiosrv - ok 19:56:35.0146 3784 [ AA6B367CA7DA571DFC3374EC137D87A5 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 19:56:35.0209 3784 b57nd60x - ok 19:56:35.0335 3784 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe 19:56:35.0365 3784 BBSvc - ok 19:56:35.0415 3784 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe 19:56:35.0448 3784 BBUpdate - ok 19:56:35.0483 3784 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 19:56:35.0527 3784 Beep - ok 19:56:35.0575 3784 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 19:56:35.0655 3784 BFE - ok 19:56:35.0776 3784 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 19:56:35.0847 3784 BITS - ok 19:56:35.0874 3784 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 19:56:35.0931 3784 blbdrive - ok 19:56:35.0958 3784 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:56:35.0980 3784 bowser - ok 19:56:36.0010 3784 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 19:56:36.0042 3784 BrFiltLo - ok 19:56:36.0065 3784 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 19:56:36.0105 3784 BrFiltUp - ok 19:56:36.0131 3784 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 19:56:36.0197 3784 Browser - ok 19:56:36.0216 3784 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 19:56:36.0450 3784 Brserid - ok 19:56:36.0472 3784 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 19:56:36.0552 3784 BrSerWdm - ok 19:56:36.0576 3784 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 19:56:36.0661 3784 BrUsbMdm - ok 19:56:36.0667 3784 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 19:56:36.0742 3784 BrUsbSer - ok 19:56:36.0782 3784 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 19:56:36.0843 3784 BTHMODEM - ok 19:56:36.0869 3784 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:56:36.0906 3784 cdfs - ok 19:56:36.0946 3784 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:56:36.0969 3784 cdrom - ok 19:56:36.0998 3784 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 19:56:37.0046 3784 CertPropSvc - ok 19:56:37.0070 3784 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 19:56:37.0119 3784 circlass - ok 19:56:37.0154 3784 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 19:56:37.0176 3784 CLFS - ok 19:56:37.0243 3784 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:56:37.0258 3784 clr_optimization_v2.0.50727_32 - ok 19:56:37.0338 3784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:56:37.0380 3784 clr_optimization_v4.0.30319_32 - ok 19:56:37.0399 3784 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:56:37.0435 3784 CmBatt - ok 19:56:37.0464 3784 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:56:37.0485 3784 cmdide - ok 19:56:37.0523 3784 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:56:37.0545 3784 Compbatt - ok 19:56:37.0561 3784 COMSysApp - ok 19:56:37.0573 3784 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:56:37.0594 3784 crcdisk - ok 19:56:37.0615 3784 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 19:56:37.0669 3784 Crusoe - ok 19:56:37.0704 3784 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:56:37.0755 3784 CryptSvc - ok 19:56:37.0836 3784 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:56:37.0928 3784 DcomLaunch - ok 19:56:37.0955 3784 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:56:37.0978 3784 DfsC - ok 19:56:38.0062 3784 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 19:56:38.0237 3784 DFSR - ok 19:56:38.0295 3784 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 19:56:38.0327 3784 Dhcp - ok 19:56:38.0375 3784 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 19:56:38.0403 3784 disk - ok 19:56:38.0438 3784 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 19:56:38.0455 3784 DKbFltr - ok 19:56:38.0499 3784 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:56:38.0532 3784 Dnscache - ok 19:56:38.0568 3784 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:56:38.0601 3784 dot3svc - ok 19:56:38.0662 3784 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 19:56:38.0721 3784 DPS - ok 19:56:38.0737 3784 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:56:38.0775 3784 drmkaud - ok 19:56:38.0865 3784 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:56:38.0909 3784 DXGKrnl - ok 19:56:38.0971 3784 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 19:56:39.0024 3784 E1G60 - ok 19:56:39.0072 3784 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 19:56:39.0112 3784 EapHost - ok 19:56:39.0173 3784 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 19:56:39.0195 3784 Ecache - ok 19:56:39.0295 3784 [ 668DCA122FFC7F10BECA6055E15FFABD ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 19:56:39.0323 3784 eDataSecurity Service - ok 19:56:39.0415 3784 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:56:39.0455 3784 ehRecvr - ok 19:56:39.0469 3784 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 19:56:39.0528 3784 ehSched - ok 19:56:39.0548 3784 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 19:56:39.0572 3784 ehstart - ok 19:56:39.0614 3784 [ E28516FED46251119ADDAF4CF33BA401 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 19:56:39.0663 3784 eLockService ( UnsignedFile.Multi.Generic ) - warning 19:56:39.0664 3784 eLockService - detected UnsignedFile.Multi.Generic (1) 19:56:39.0786 3784 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:56:39.0821 3784 elxstor - ok 19:56:39.0897 3784 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 19:56:39.0996 3784 EMDMgmt - ok 19:56:40.0051 3784 [ 44E8E86CEEB0D9F0F934B5EDC21E0444 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe 19:56:40.0159 3784 eNet Service ( UnsignedFile.Multi.Generic ) - warning 19:56:40.0159 3784 eNet Service - detected UnsignedFile.Multi.Generic (1) 19:56:40.0182 3784 [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 19:56:40.0231 3784 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning 19:56:40.0231 3784 eRecoveryService - detected UnsignedFile.Multi.Generic (1) 19:56:40.0253 3784 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:56:40.0293 3784 ErrDev - ok 19:56:40.0332 3784 [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 19:56:40.0353 3784 eSettingsService ( UnsignedFile.Multi.Generic ) - warning 19:56:40.0353 3784 eSettingsService - detected UnsignedFile.Multi.Generic (1) 19:56:40.0388 3784 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 19:56:40.0412 3784 EventSystem - ok 19:56:40.0499 3784 [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 19:56:40.0602 3784 EvtEng ( UnsignedFile.Multi.Generic ) - warning 19:56:40.0602 3784 EvtEng - detected UnsignedFile.Multi.Generic (1) 19:56:40.0631 3784 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 19:56:40.0687 3784 exfat - ok 19:56:40.0766 3784 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:56:40.0811 3784 fastfat - ok 19:56:40.0843 3784 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:56:40.0899 3784 fdc - ok 19:56:40.0918 3784 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 19:56:40.0959 3784 fdPHost - ok 19:56:40.0975 3784 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 19:56:41.0058 3784 FDResPub - ok 19:56:41.0078 3784 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:56:41.0099 3784 FileInfo - ok 19:56:41.0110 3784 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:56:41.0157 3784 Filetrace - ok 19:56:41.0176 3784 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:56:41.0231 3784 flpydisk - ok 19:56:41.0257 3784 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:56:41.0285 3784 FltMgr - ok 19:56:41.0366 3784 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 19:56:41.0460 3784 FontCache - ok 19:56:41.0583 3784 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:56:41.0618 3784 FontCache3.0.0.0 - ok 19:56:41.0664 3784 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS 19:56:41.0690 3784 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 19:56:41.0690 3784 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 19:56:41.0754 3784 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:56:41.0809 3784 Fs_Rec - ok 19:56:41.0843 3784 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:56:41.0875 3784 gagp30kx - ok 19:56:41.0957 3784 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 19:56:41.0986 3784 GoogleDesktopManager-051210-111108 - ok 19:56:42.0050 3784 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 19:56:42.0163 3784 gpsvc - ok 19:56:42.0209 3784 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca700772851a00 C:\Program Files\Google\Update\GoogleUpdate.exe 19:56:42.0237 3784 gupdate1ca700772851a00 - ok 19:56:42.0275 3784 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 19:56:42.0286 3784 gupdatem - ok 19:56:42.0344 3784 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 19:56:42.0361 3784 gusvc - ok 19:56:42.0402 3784 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:56:42.0466 3784 HdAudAddService - ok 19:56:42.0533 3784 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:56:42.0618 3784 HDAudBus - ok 19:56:42.0632 3784 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:56:42.0680 3784 HidBth - ok 19:56:42.0691 3784 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 19:56:42.0739 3784 HidIr - ok 19:56:42.0768 3784 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 19:56:42.0801 3784 hidserv - ok 19:56:42.0828 3784 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:56:42.0863 3784 HidUsb - ok 19:56:42.0881 3784 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:56:42.0923 3784 hkmsvc - ok 19:56:42.0939 3784 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 19:56:42.0969 3784 HpCISSs - ok 19:56:43.0053 3784 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 19:56:43.0067 3784 hpqcxs08 - ok 19:56:43.0104 3784 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 19:56:43.0242 3784 hpqddsvc - ok 19:56:43.0291 3784 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 19:56:43.0336 3784 HPSLPSVC - ok 19:56:43.0386 3784 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 19:56:43.0417 3784 HSFHWAZL - ok 19:56:43.0480 3784 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 19:56:43.0628 3784 HSF_DPV - ok 19:56:43.0660 3784 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 19:56:43.0689 3784 HSXHWAZL - ok 19:56:43.0760 3784 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:56:43.0841 3784 HTTP - ok 19:56:43.0868 3784 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 19:56:43.0882 3784 i2omp - ok 19:56:43.0921 3784 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:56:43.0968 3784 i8042prt - ok 19:56:44.0145 3784 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 19:56:44.0203 3784 IAANTMON - ok 19:56:44.0241 3784 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 19:56:44.0259 3784 iaStor - ok 19:56:44.0282 3784 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 19:56:44.0302 3784 iaStorV - ok 19:56:44.0367 3784 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:56:44.0456 3784 idsvc - ok 19:56:44.0611 3784 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 19:56:44.0842 3784 igfx - ok 19:56:44.0857 3784 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:56:44.0877 3784 iirsp - ok 19:56:44.0953 3784 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 19:56:45.0030 3784 IKEEXT - ok 19:56:45.0066 3784 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys 19:56:45.0082 3784 int15 - ok 19:56:45.0218 3784 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 19:56:45.0336 3784 IntcAzAudAddService - ok 19:56:45.0354 3784 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 19:56:45.0383 3784 intelide - ok 19:56:45.0419 3784 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:56:45.0505 3784 intelppm - ok 19:56:45.0545 3784 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:56:45.0625 3784 IPBusEnum - ok 19:56:45.0640 3784 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:56:45.0683 3784 IpFilterDriver - ok 19:56:45.0729 3784 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:56:45.0774 3784 iphlpsvc - ok 19:56:45.0779 3784 IpInIp - ok 19:56:45.0800 3784 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 19:56:45.0841 3784 IPMIDRV - ok 19:56:45.0862 3784 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 19:56:45.0890 3784 IPNAT - ok 19:56:45.0939 3784 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys 19:56:45.0981 3784 irda - ok 19:56:46.0000 3784 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:56:46.0042 3784 IRENUM - ok 19:56:46.0061 3784 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll 19:56:46.0126 3784 Irmon - ok 19:56:46.0140 3784 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:56:46.0166 3784 isapnp - ok 19:56:46.0200 3784 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 19:56:46.0217 3784 iScsiPrt - ok 19:56:46.0228 3784 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 19:56:46.0242 3784 iteatapi - ok 19:56:46.0277 3784 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 19:56:46.0289 3784 iteraid - ok 19:56:46.0297 3784 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:56:46.0310 3784 kbdclass - ok 19:56:46.0332 3784 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:56:46.0362 3784 kbdhid - ok 19:56:46.0383 3784 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 19:56:46.0417 3784 KeyIso - ok 19:56:46.0463 3784 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys 19:56:46.0488 3784 KMWDFILTER - ok 19:56:46.0563 3784 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:56:46.0598 3784 KSecDD - ok 19:56:46.0656 3784 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 19:56:46.0695 3784 KtmRm - ok 19:56:46.0734 3784 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 19:56:46.0768 3784 LanmanServer - ok 19:56:46.0792 3784 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:56:46.0829 3784 LanmanWorkstation - ok 19:56:46.0901 3784 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 19:56:46.0913 3784 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 19:56:46.0913 3784 LightScribeService - detected UnsignedFile.Multi.Generic (1) 19:56:46.0942 3784 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:56:46.0978 3784 lltdio - ok 19:56:47.0007 3784 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:56:47.0052 3784 lltdsvc - ok 19:56:47.0071 3784 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:56:47.0133 3784 lmhosts - ok 19:56:47.0157 3784 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:56:47.0173 3784 LSI_FC - ok 19:56:47.0194 3784 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:56:47.0209 3784 LSI_SAS - ok 19:56:47.0227 3784 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:56:47.0243 3784 LSI_SCSI - ok 19:56:47.0257 3784 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 19:56:47.0309 3784 luafv - ok 19:56:47.0356 3784 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 19:56:47.0369 3784 MBAMProtector - ok 19:56:47.0448 3784 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 19:56:47.0478 3784 MBAMScheduler - ok 19:56:47.0523 3784 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 19:56:47.0572 3784 MBAMService - ok 19:56:47.0608 3784 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:56:47.0633 3784 Mcx2Svc - ok 19:56:47.0674 3784 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 19:56:47.0708 3784 mdmxsdk - ok 19:56:47.0729 3784 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 19:56:47.0746 3784 megasas - ok 19:56:47.0797 3784 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 19:56:47.0829 3784 MegaSR - ok 19:56:47.0857 3784 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 19:56:47.0902 3784 MMCSS - ok 19:56:47.0919 3784 MobilityService - ok 19:56:47.0927 3784 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 19:56:47.0965 3784 Modem - ok 19:56:47.0975 3784 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:56:48.0003 3784 monitor - ok 19:56:48.0016 3784 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:56:48.0030 3784 mouclass - ok 19:56:48.0041 3784 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:56:48.0074 3784 mouhid - ok 19:56:48.0093 3784 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 19:56:48.0121 3784 MountMgr - ok 19:56:48.0158 3784 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 19:56:48.0180 3784 MpFilter - ok 19:56:48.0198 3784 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 19:56:48.0214 3784 mpio - ok 19:56:48.0356 3784 [ A69630D039C38018689190234F866D77 ] MpKsl41705bc3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AC49364-DA7A-4DC7-95BA-1E0A7EDDFC40}\MpKsl41705bc3.sys 19:56:48.0369 3784 MpKsl41705bc3 - ok 19:56:48.0403 3784 [ A69630D039C38018689190234F866D77 ] MpKslfa646321 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AC49364-DA7A-4DC7-95BA-1E0A7EDDFC40}\MpKslfa646321.sys 19:56:48.0438 3784 MpKslfa646321 - ok 19:56:48.0463 3784 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:56:48.0535 3784 mpsdrv - ok 19:56:48.0631 3784 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 19:56:48.0682 3784 MpsSvc - ok 19:56:48.0704 3784 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 19:56:48.0740 3784 Mraid35x - ok 19:56:48.0772 3784 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:56:48.0797 3784 MRxDAV - ok 19:56:48.0828 3784 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:56:48.0947 3784 mrxsmb - ok 19:56:48.0984 3784 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:56:49.0021 3784 mrxsmb10 - ok 19:56:49.0051 3784 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:56:49.0089 3784 mrxsmb20 - ok 19:56:49.0116 3784 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 19:56:49.0137 3784 msahci - ok 19:56:49.0157 3784 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:56:49.0192 3784 msdsm - ok 19:56:49.0229 3784 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 19:56:49.0273 3784 MSDTC - ok 19:56:49.0298 3784 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:56:49.0347 3784 Msfs - ok 19:56:49.0364 3784 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:56:49.0378 3784 msisadrv - ok 19:56:49.0403 3784 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:56:49.0445 3784 MSiSCSI - ok 19:56:49.0449 3784 msiserver - ok 19:56:49.0468 3784 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:56:49.0495 3784 MSKSSRV - ok 19:56:49.0567 3784 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 19:56:49.0583 3784 MsMpSvc - ok 19:56:49.0589 3784 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:56:49.0630 3784 MSPCLOCK - ok 19:56:49.0640 3784 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:56:49.0671 3784 MSPQM - ok 19:56:49.0698 3784 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:56:49.0718 3784 MsRPC - ok 19:56:49.0761 3784 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 19:56:49.0776 3784 mssmbios - ok 19:56:49.0794 3784 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:56:49.0832 3784 MSTEE - ok 19:56:49.0846 3784 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 19:56:49.0861 3784 Mup - ok 19:56:49.0889 3784 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 19:56:49.0932 3784 napagent - ok 19:56:49.0979 3784 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:56:50.0007 3784 NativeWifiP - ok 19:56:50.0067 3784 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:56:50.0107 3784 NDIS - ok 19:56:50.0137 3784 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:56:50.0175 3784 NdisTapi - ok 19:56:50.0193 3784 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:56:50.0231 3784 Ndisuio - ok 19:56:50.0250 3784 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:56:50.0289 3784 NdisWan - ok 19:56:50.0302 3784 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:56:50.0339 3784 NDProxy - ok 19:56:50.0398 3784 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 19:56:50.0418 3784 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 19:56:50.0418 3784 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 19:56:50.0431 3784 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:56:50.0474 3784 NetBIOS - ok 19:56:50.0527 3784 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 19:56:50.0564 3784 netbt - ok 19:56:50.0577 3784 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 19:56:50.0593 3784 Netlogon - ok 19:56:50.0623 3784 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 19:56:50.0673 3784 Netman - ok 19:56:50.0691 3784 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 19:56:50.0731 3784 netprofm - ok 19:56:50.0758 3784 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:56:50.0774 3784 NetTcpPortSharing - ok 19:56:51.0089 3784 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 19:56:51.0411 3784 NETw3v32 - ok 19:56:51.0776 3784 [ 38D720E0C8B0ECB9A019980265679798 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys 19:56:53.0366 3784 NETw4v32 - ok 19:56:55.0072 3784 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 19:56:57.0391 3784 NETw5v32 - ok 19:56:57.0485 3784 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:56:57.0515 3784 nfrd960 - ok 19:56:57.0568 3784 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:56:57.0615 3784 NisDrv - ok 19:56:57.0669 3784 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 19:56:57.0718 3784 NisSrv - ok 19:56:57.0748 3784 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:56:57.0817 3784 NlaSvc - ok 19:56:57.0856 3784 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:56:57.0915 3784 Npfs - ok 19:56:57.0941 3784 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys 19:56:58.0002 3784 NSCIRDA - ok 19:56:58.0020 3784 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 19:56:58.0077 3784 nsi - ok 19:56:58.0102 3784 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:56:58.0145 3784 nsiproxy - ok 19:56:58.0201 3784 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:56:58.0269 3784 Ntfs - ok 19:56:58.0302 3784 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 19:56:58.0322 3784 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning 19:56:58.0322 3784 NTIDrvr - detected UnsignedFile.Multi.Generic (1) 19:56:58.0344 3784 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 19:56:58.0408 3784 ntrigdigi - ok 19:56:58.0413 3784 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 19:56:58.0440 3784 Null - ok 19:56:58.0457 3784 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:56:58.0474 3784 nvraid - ok 19:56:58.0488 3784 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:56:58.0501 3784 nvstor - ok 19:56:58.0537 3784 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:56:58.0553 3784 nv_agp - ok 19:56:58.0557 3784 NwlnkFlt - ok 19:56:58.0562 3784 NwlnkFwd - ok 19:56:58.0593 3784 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 19:56:58.0628 3784 ohci1394 - ok 19:56:58.0710 3784 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:56:58.0723 3784 ose - ok 19:56:58.0779 3784 [ 4CDADEC3DC1300EE1D313EA5494E6472 ] ovt519 C:\Windows\system32\Drivers\ov519vid.sys 19:56:58.0808 3784 ovt519 ( UnsignedFile.Multi.Generic ) - warning 19:56:58.0808 3784 ovt519 - detected UnsignedFile.Multi.Generic (1) 19:56:58.0897 3784 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 19:56:58.0987 3784 p2pimsvc - ok 19:56:59.0003 3784 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 19:56:59.0042 3784 p2psvc - ok 19:56:59.0084 3784 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 19:56:59.0193 3784 Parport - ok 19:56:59.0225 3784 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:56:59.0247 3784 partmgr - ok 19:56:59.0254 3784 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 19:56:59.0324 3784 Parvdm - ok 19:56:59.0366 3784 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 19:56:59.0404 3784 PcaSvc - ok 19:56:59.0443 3784 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys 19:56:59.0493 3784 pccsmcfd - ok 19:56:59.0560 3784 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 19:56:59.0586 3784 pci - ok 19:56:59.0604 3784 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 19:56:59.0624 3784 pciide - ok 19:56:59.0664 3784 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:56:59.0691 3784 pcmcia - ok 19:56:59.0749 3784 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:56:59.0887 3784 PEAUTH - ok 19:56:59.0986 3784 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 19:57:00.0113 3784 pla - ok 19:57:00.0167 3784 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:57:00.0227 3784 PlugPlay - ok 19:57:00.0245 3784 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 19:57:00.0266 3784 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 19:57:00.0266 3784 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 19:57:00.0304 3784 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 19:57:00.0344 3784 PNRPAutoReg - ok 19:57:00.0382 3784 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 19:57:00.0433 3784 PNRPsvc - ok 19:57:00.0479 3784 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:57:00.0526 3784 PolicyAgent - ok 19:57:00.0557 3784 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:57:00.0607 3784 PptpMiniport - ok 19:57:00.0639 3784 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 19:57:00.0687 3784 Processor - ok 19:57:00.0761 3784 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 19:57:00.0814 3784 ProfSvc - ok 19:57:00.0836 3784 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 19:57:00.0858 3784 ProtectedStorage - ok 19:57:00.0896 3784 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 19:57:00.0930 3784 PSched - ok 19:57:00.0985 3784 [ 18DE162F9B83079C24CD96F59292F5ED ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 19:57:01.0003 3784 PSDFilter - ok 19:57:01.0028 3784 [ BC1457A28E76AB3106D43802AC22A627 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys 19:57:01.0043 3784 PSDNServ - ok 19:57:01.0072 3784 [ AC151E5B0943304E368C98EC78B5FC4F ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys 19:57:01.0088 3784 psdvdisk - ok 19:57:01.0233 3784 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:57:01.0355 3784 ql2300 - ok 19:57:01.0383 3784 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:57:01.0415 3784 ql40xx - ok 19:57:01.0445 3784 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 19:57:01.0488 3784 QWAVE - ok 19:57:01.0537 3784 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:57:01.0560 3784 QWAVEdrv - ok 19:57:01.0571 3784 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:57:01.0607 3784 RasAcd - ok 19:57:01.0622 3784 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 19:57:01.0662 3784 RasAuto - ok 19:57:01.0675 3784 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:57:01.0706 3784 Rasl2tp - ok 19:57:01.0746 3784 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 19:57:01.0777 3784 RasMan - ok 19:57:01.0802 3784 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:57:01.0841 3784 RasPppoe - ok 19:57:01.0867 3784 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:57:01.0884 3784 RasSstp - ok 19:57:01.0914 3784 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:57:01.0950 3784 rdbss - ok 19:57:01.0969 3784 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:57:02.0005 3784 RDPCDD - ok 19:57:02.0042 3784 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 19:57:02.0074 3784 rdpdr - ok 19:57:02.0079 3784 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:57:02.0119 3784 RDPENCDD - ok 19:57:02.0158 3784 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:57:02.0207 3784 RDPWD - ok 19:57:02.0299 3784 [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 19:57:02.0461 3784 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 19:57:02.0461 3784 RegSrvc - detected UnsignedFile.Multi.Generic (1) 19:57:02.0503 3784 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:57:02.0532 3784 RemoteAccess - ok 19:57:02.0562 3784 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:57:02.0598 3784 RemoteRegistry - ok 19:57:02.0626 3784 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 19:57:02.0672 3784 RpcLocator - ok 19:57:02.0720 3784 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 19:57:02.0751 3784 RpcSs - ok 19:57:02.0775 3784 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:57:02.0808 3784 rspndr - ok 19:57:02.0828 3784 RTL8187B - ok 19:57:02.0849 3784 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 19:57:02.0865 3784 SamSs - ok 19:57:02.0875 3784 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:57:02.0890 3784 sbp2port - ok 19:57:02.0919 3784 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:57:02.0960 3784 SCardSvr - ok 19:57:03.0010 3784 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 19:57:03.0100 3784 Schedule - ok 19:57:03.0122 3784 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 19:57:03.0149 3784 SCPolicySvc - ok 19:57:03.0191 3784 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 19:57:03.0238 3784 sdbus - ok 19:57:03.0258 3784 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:57:03.0311 3784 SDRSVC - ok 19:57:03.0357 3784 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:57:03.0436 3784 secdrv - ok 19:57:03.0451 3784 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 19:57:03.0506 3784 seclogon - ok 19:57:03.0534 3784 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 19:57:03.0585 3784 SENS - ok 19:57:03.0607 3784 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 19:57:03.0667 3784 Serenum - ok 19:57:03.0699 3784 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 19:57:03.0746 3784 Serial - ok 19:57:03.0751 3784 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:57:03.0778 3784 sermouse - ok 19:57:03.0843 3784 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 19:57:03.0875 3784 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 19:57:03.0875 3784 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 19:57:03.0929 3784 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 19:57:03.0964 3784 SessionEnv - ok 19:57:03.0986 3784 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 19:57:04.0015 3784 sffdisk - ok 19:57:04.0020 3784 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:57:04.0049 3784 sffp_mmc - ok 19:57:04.0065 3784 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 19:57:04.0087 3784 sffp_sd - ok 19:57:04.0110 3784 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:57:04.0148 3784 sfloppy - ok 19:57:04.0181 3784 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:57:04.0222 3784 SharedAccess - ok 19:57:04.0251 3784 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:57:04.0295 3784 ShellHWDetection - ok 19:57:04.0318 3784 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 19:57:04.0333 3784 sisagp - ok 19:57:04.0351 3784 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 19:57:04.0382 3784 SiSRaid2 - ok 19:57:04.0394 3784 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:57:04.0411 3784 SiSRaid4 - ok 19:57:04.0457 3784 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 19:57:04.0472 3784 SkypeUpdate - ok 19:57:04.0641 3784 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 19:57:04.0928 3784 slsvc - ok 19:57:04.0975 3784 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 19:57:05.0025 3784 SLUINotify - ok 19:57:05.0055 3784 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:57:05.0089 3784 Smb - ok 19:57:05.0133 3784 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:57:05.0167 3784 SNMPTRAP - ok 19:57:05.0190 3784 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 19:57:05.0210 3784 spldr - ok 19:57:05.0240 3784 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 19:57:05.0295 3784 Spooler - ok 19:57:05.0332 3784 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 19:57:05.0352 3784 SQLWriter - ok 19:57:05.0385 3784 [ 4FEE5EDF7DB4FF93F542062AC6FECB0C ] SQTECH905C C:\Windows\system32\Drivers\Capt905c.sys 19:57:05.0439 3784 SQTECH905C ( UnsignedFile.Multi.Generic ) - warning 19:57:05.0439 3784 SQTECH905C - detected UnsignedFile.Multi.Generic (1) 19:57:05.0476 3784 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 19:57:05.0527 3784 srv - ok 19:57:05.0579 3784 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:57:05.0624 3784 srv2 - ok 19:57:05.0654 3784 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:57:05.0689 3784 srvnet - ok 19:57:05.0740 3784 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:57:05.0834 3784 SSDPSRV - ok 19:57:05.0856 3784 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:57:05.0911 3784 SstpSvc - ok 19:57:05.0966 3784 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 19:57:06.0020 3784 StillCam - ok 19:57:06.0073 3784 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 19:57:06.0160 3784 stisvc - ok 19:57:06.0195 3784 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 19:57:06.0226 3784 swenum - ok 19:57:06.0278 3784 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 19:57:06.0349 3784 swprv - ok 19:57:06.0376 3784 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 19:57:06.0415 3784 Symc8xx - ok 19:57:06.0439 3784 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 19:57:06.0469 3784 Sym_hi - ok 19:57:06.0496 3784 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 19:57:06.0526 3784 Sym_u3 - ok 19:57:06.0565 3784 [ C5F25D490D0915732508FD421BF76D93 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:57:06.0595 3784 SynTP - ok 19:57:06.0674 3784 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 19:57:06.0774 3784 SysMain - ok 19:57:06.0811 3784 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:57:06.0851 3784 TabletInputService - ok 19:57:06.0899 3784 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:57:06.0959 3784 TapiSrv - ok 19:57:06.0999 3784 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 19:57:07.0076 3784 TBS - ok 19:57:07.0136 3784 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:57:07.0221 3784 Tcpip - ok 19:57:07.0262 3784 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 19:57:07.0352 3784 Tcpip6 - ok 19:57:07.0396 3784 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:57:07.0464 3784 tcpipreg - ok 19:57:07.0506 3784 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:57:07.0576 3784 TDPIPE - ok 19:57:07.0599 3784 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:57:07.0652 3784 TDTCP - ok 19:57:07.0681 3784 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:57:07.0704 3784 tdx - ok 19:57:07.0721 3784 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 19:57:07.0737 3784 TermDD - ok 19:57:07.0774 3784 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 19:57:07.0816 3784 TermService - ok 19:57:07.0857 3784 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 19:57:07.0875 3784 Themes - ok 19:57:07.0895 3784 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 19:57:07.0923 3784 THREADORDER - ok 19:57:07.0967 3784 [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21 C:\Windows\system32\drivers\tifm21.sys 19:57:08.0002 3784 tifm21 - ok 19:57:08.0026 3784 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 19:57:08.0056 3784 TrkWks - ok 19:57:08.0105 3784 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:57:08.0137 3784 TrustedInstaller - ok 19:57:08.0172 3784 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:57:08.0200 3784 tssecsrv - ok 19:57:08.0468 3784 [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe 19:57:08.0595 3784 TuneUp.UtilitiesSvc - ok 19:57:08.0641 3784 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 19:57:08.0656 3784 TuneUpUtilitiesDrv - ok 19:57:08.0671 3784 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 19:57:08.0707 3784 tunmp - ok 19:57:08.0762 3784 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:57:08.0783 3784 tunnel - ok 19:57:08.0809 3784 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:57:08.0831 3784 uagp35 - ok 19:57:08.0870 3784 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:57:08.0926 3784 udfs - ok 19:57:08.0959 3784 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:57:08.0987 3784 UI0Detect - ok 19:57:09.0001 3784 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:57:09.0015 3784 uliagpkx - ok 19:57:09.0029 3784 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 19:57:09.0049 3784 uliahci - ok 19:57:09.0055 3784 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 19:57:09.0071 3784 UlSata - ok 19:57:09.0084 3784 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 19:57:09.0099 3784 ulsata2 - ok 19:57:09.0118 3784 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:57:09.0147 3784 umbus - ok 19:57:09.0167 3784 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 19:57:09.0213 3784 upnphost - ok 19:57:09.0231 3784 upperdev - ok 19:57:09.0265 3784 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:57:09.0295 3784 usbaudio - ok 19:57:09.0319 3784 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:57:09.0342 3784 usbccgp - ok 19:57:09.0354 3784 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:57:09.0404 3784 usbcir - ok 19:57:09.0433 3784 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:57:09.0471 3784 usbehci - ok 19:57:09.0520 3784 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:57:09.0552 3784 usbhub - ok 19:57:09.0574 3784 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:57:09.0635 3784 usbohci - ok 19:57:09.0651 3784 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:57:09.0697 3784 usbprint - ok 19:57:09.0740 3784 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:57:09.0773 3784 usbscan - ok 19:57:09.0803 3784 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:57:09.0843 3784 USBSTOR - ok 19:57:09.0855 3784 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:57:09.0889 3784 usbuhci - ok 19:57:09.0916 3784 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:57:09.0960 3784 usbvideo - ok 19:57:09.0986 3784 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 19:57:10.0010 3784 UxSms - ok 19:57:10.0056 3784 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 19:57:10.0110 3784 vds - ok 19:57:10.0148 3784 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:57:10.0211 3784 vga - ok 19:57:10.0223 3784 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 19:57:10.0255 3784 VgaSave - ok 19:57:10.0274 3784 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 19:57:10.0289 3784 viaagp - ok 19:57:10.0320 3784 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 19:57:10.0347 3784 ViaC7 - ok 19:57:10.0359 3784 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 19:57:10.0373 3784 viaide - ok 19:57:10.0387 3784 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:57:10.0402 3784 volmgr - ok 19:57:10.0457 3784 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:57:10.0479 3784 volmgrx - ok 19:57:10.0526 3784 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:57:10.0545 3784 volsnap - ok 19:57:10.0566 3784 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:57:10.0583 3784 vsmraid - ok 19:57:10.0669 3784 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 19:57:10.0799 3784 VSS - ok 19:57:10.0832 3784 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 19:57:10.0882 3784 W32Time - ok 19:57:10.0907 3784 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 19:57:10.0996 3784 WacomPen - ok 19:57:11.0015 3784 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 19:57:11.0061 3784 Wanarp - ok 19:57:11.0067 3784 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:57:11.0099 3784 Wanarpv6 - ok 19:57:11.0135 3784 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:57:11.0203 3784 wcncsvc - ok 19:57:11.0230 3784 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:57:11.0265 3784 WcsPlugInService - ok 19:57:11.0285 3784 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 19:57:11.0313 3784 Wd - ok 19:57:11.0343 3784 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:57:11.0388 3784 Wdf01000 - ok 19:57:11.0410 3784 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:57:11.0464 3784 WdiServiceHost - ok 19:57:11.0470 3784 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:57:11.0514 3784 WdiSystemHost - ok 19:57:11.0554 3784 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 19:57:11.0594 3784 WebClient - ok 19:57:11.0626 3784 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:57:11.0681 3784 Wecsvc - ok 19:57:11.0713 3784 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:57:11.0762 3784 wercplsupport - ok 19:57:11.0802 3784 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 19:57:11.0840 3784 WerSvc - ok 19:57:11.0891 3784 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 19:57:11.0952 3784 winachsf - ok 19:57:12.0067 3784 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 19:57:12.0098 3784 WinDefend - ok 19:57:12.0106 3784 WinHttpAutoProxySvc - ok 19:57:12.0245 3784 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:57:12.0270 3784 Winmgmt - ok 19:57:12.0322 3784 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 19:57:12.0416 3784 WinRM - ok 19:57:12.0426 3784 wjyftn - ok 19:57:12.0483 3784 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 19:57:12.0541 3784 Wlansvc - ok 19:57:12.0621 3784 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:57:12.0869 3784 wlidsvc - ok 19:57:12.0902 3784 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 19:57:12.0950 3784 WmiAcpi - ok 19:57:13.0040 3784 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:57:13.0094 3784 wmiApSrv - ok 19:57:13.0177 3784 [ C8F8AAC50B5B0BF821AB7D7126056B30 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 19:57:13.0232 3784 WMIService ( UnsignedFile.Multi.Generic ) - warning 19:57:13.0232 3784 WMIService - detected UnsignedFile.Multi.Generic (1) 19:57:13.0320 3784 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 19:57:13.0407 3784 WMPNetworkSvc - ok 19:57:13.0446 3784 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:57:13.0506 3784 WPCSvc - ok 19:57:13.0535 3784 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:57:13.0595 3784 WPDBusEnum - ok 19:57:13.0627 3784 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 19:57:13.0649 3784 WpdUsb - ok 19:57:13.0791 3784 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 19:57:13.0858 3784 WPFFontCache_v0400 - ok 19:57:13.0883 3784 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:57:13.0941 3784 ws2ifsl - ok 19:57:13.0965 3784 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 19:57:13.0983 3784 wscsvc - ok 19:57:13.0988 3784 WSearch - ok 19:57:14.0074 3784 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 19:57:14.0213 3784 wuauserv - ok 19:57:14.0237 3784 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:57:14.0263 3784 WudfPf - ok 19:57:14.0295 3784 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:57:14.0323 3784 WUDFRd - ok 19:57:14.0356 3784 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:57:14.0375 3784 wudfsvc - ok 19:57:14.0406 3784 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 19:57:14.0444 3784 XAudio - ok 19:57:14.0475 3784 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 19:57:14.0498 3784 XAudioService - ok 19:57:14.0549 3784 ================ Scan global =============================== 19:57:14.0572 3784 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 19:57:14.0607 3784 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 19:57:14.0630 3784 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 19:57:14.0674 3784 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 19:57:14.0685 3784 [Global] - ok 19:57:14.0686 3784 ================ Scan MBR ================================== 19:57:14.0701 3784 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0 19:57:17.0543 3784 \Device\Harddisk0\DR0 - ok 19:57:17.0543 3784 ================ Scan VBR ================================== 19:57:17.0577 3784 [ 46CF572282B7731E1514CC2BBDF79A96 ] \Device\Harddisk0\DR0\Partition1 19:57:17.0612 3784 \Device\Harddisk0\DR0\Partition1 - ok 19:57:17.0634 3784 [ 1C50B896183ED336F3780A6BD56DA305 ] \Device\Harddisk0\DR0\Partition2 19:57:17.0659 3784 \Device\Harddisk0\DR0\Partition2 - ok 19:57:17.0659 3784 ============================================================ 19:57:17.0659 3784 Scan finished 19:57:17.0660 3784 ============================================================ 19:57:17.0673 3336 Detected object count: 15 19:57:17.0674 3336 Actual detected object count: 15 19:57:48.0059 3336 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0059 3336 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0064 3336 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0064 3336 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0068 3336 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0069 3336 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0074 3336 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0074 3336 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0078 3336 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0078 3336 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0083 3336 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0083 3336 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0087 3336 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0088 3336 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0088 3336 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0089 3336 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0093 3336 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0094 3336 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0098 3336 ovt519 ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0098 3336 ovt519 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0102 3336 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0103 3336 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0108 3336 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0108 3336 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0113 3336 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0113 3336 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0114 3336 SQTECH905C ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0114 3336 SQTECH905C ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:48.0118 3336 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user 19:57:48.0118 3336 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
19.02.2013, 20:09
| #10 |
| /// Malware-holic | Windows Hostprozess wurde geschlossen passt. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 20:59
| #11 |
| | Windows Hostprozess wurde geschlossen Combofix Logfile: Code:
ATTFilter ComboFix 13-02-18.02 - Trixi 19.02.2013 20:47:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3061.1986 [GMT 1:00]
ausgeführt von:: c:\users\Trixi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-19 bis 2013-02-19 ))))))))))))))))))))))))))))))
.
.
2013-02-19 19:53 . 2013-02-19 19:53 -------- d-----w- c:\users\Trixi\AppData\Local\temp
2013-02-19 19:53 . 2013-02-19 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-19 19:25 . 2013-02-19 19:25 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D92465C8-D0CE-4396-9F80-FADA36E7257B}\MpKsl776acab3.sys
2013-02-19 19:13 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D92465C8-D0CE-4396-9F80-FADA36E7257B}\mpengine.dll
2013-02-19 07:23 . 2013-02-19 07:23 -------- d-----w- c:\users\Trixi\AppData\Roaming\Malwarebytes
2013-02-19 07:23 . 2013-02-19 07:23 -------- d-----w- c:\programdata\Malwarebytes
2013-02-19 07:23 . 2013-02-19 07:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-19 07:23 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-18 16:45 . 2013-02-18 16:45 -------- d-----w- C:\_OTL
2013-02-18 15:04 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-14 12:30 . 2012-10-23 05:04 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4499B488-32AC-4BB5-A181-28576B5592A6}\gapaengine.dll
2013-02-13 16:27 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 16:27 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 16:27 . 2013-01-04 11:28 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 16:27 . 2013-01-04 01:55 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-02-13 16:27 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 16:27 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-09 13:24 . 2013-01-28 13:19 32032 ----a-w- c:\windows\system32\TURegOpt.exe
2013-02-09 13:24 . 2013-01-28 13:19 21792 ----a-w- c:\windows\system32\authuitu.dll
2013-02-09 13:23 . 2013-02-09 13:23 -------- d-----w- c:\users\Trixi\AppData\Roaming\TuneUp Software
2013-02-09 13:23 . 2013-02-09 13:24 -------- d-----w- c:\program files\TuneUp Utilities 2013
2013-02-09 13:22 . 2013-02-09 13:23 -------- d-----w- c:\programdata\TuneUp Software
2013-02-09 13:21 . 2013-02-09 13:31 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-09 13:21 . 2013-02-09 13:21 -------- d--h--w- c:\programdata\Common Files
2013-01-23 15:00 . 2013-01-23 15:00 -------- d-----w- C:\found.003
2013-01-22 07:46 . 2013-01-22 07:46 -------- d-----w- c:\program files\uTorrent
2013-01-21 07:27 . 2013-01-21 07:27 -------- d-----w- c:\program files\Common Files\Java
2013-01-21 07:26 . 2013-01-21 07:26 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-21 07:26 . 2013-01-21 07:26 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 13:55 . 2012-09-28 22:09 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 13:55 . 2012-09-28 22:09 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 10:53 . 2009-10-03 06:10 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-21 07:26 . 2010-06-21 11:43 473072 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2010-10-24 20:25 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-12-16 13:12 . 2012-12-23 09:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-23 09:42 293376 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files\BittorrentBar_DE\tbBitt.dll" [2010-12-09 3911776]
"{990af1c2-5a27-4460-8149-ecc6bc122af3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\BittorrentBar_DE\tbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{990af1c2-5a27-4460-8149-ecc6bc122af3}]
2011-06-27 10:05 175912 ----a-w- c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files\BittorrentBar_DE\tbBitt.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{990af1c2-5a27-4460-8149-ecc6bc122af3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}"= "c:\program files\BittorrentBar_DE\tbBitt.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-03 00:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-14 15:06 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 19:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 14:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 19:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2011-08-03 07:55 366024 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 11:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 10:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 19:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 13:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-08 00:25 4853760 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-11 08:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-03 06:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL776ACAB3
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 13:55]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 08:47]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 08:47]
.
2013-02-19 c:\windows\Tasks\ReclaimerUpdateFiles_Trixi.job
- c:\users\Trixi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-27 15:27]
.
2013-02-19 c:\windows\Tasks\ReclaimerUpdateXML_Trixi.job
- c:\users\Trixi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-27 15:27]
.
2013-02-19 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Trixi.job
- c:\users\Trixi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-27 15:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com?a=6oy9p1n3l1
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0209&m=extensa_5620
IE: Free YouTube Download - c:\users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Trixi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-BitTorrent DNA - c:\users\Trixi\Program Files\DNA\btdna.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-19 20:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3687985660-2958616181-2635551742-1003\Software\SecuROM\License information*]
"datasecu"=hex:d2,d5,a9,29,41,52,b4,e7,33,3e,a2,3d,57,37,85,51,27,f5,64,fe,4f,
75,c8,16,71,6d,2c,da,5a,32,93,ce,8e,ba,57,fa,f0,3e,79,7e,c8,1a,2f,61,3c,b0,\
"rkeysecu"=hex:7f,00,1c,dd,8a,24,28,99,ff,12,b7,1b,2b,b1,ab,0e
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-19 20:55:05
ComboFix-quarantined-files.txt 2013-02-19 19:55
.
Vor Suchlauf: 17 Verzeichnis(se), 38.625.218.560 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 40.948.408.320 Bytes frei
.
- - End Of File - - 24B4AA35C43C077A5DD9FCB898DFD447
|
|
19.02.2013, 21:10
| #12 |
| /// Malware-holic | Windows Hostprozess wurde geschlossen hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 21:46
| #13 |
| | Windows Hostprozess wurde geschlossen Acer eDataSecurity Management Egis Inc. 23.02.2009 63,2MB 2.8.4354 notwendig Acer eLock Management Acer Inc. 23.02.2009 13,3MB 2.5.4302 notwendig Acer Empowering Technology Acer Inc. 27.03.2008 217MB 2.5.4301 notwendig Acer eNet Management Acer Inc. 23.02.2009 8,71MB 2.6.4303 ,......, Acer ePower Management Acer Inc. 23.02.2009 16,0MB 2.5.4310 Acer ePresentation Management Acer Inc. 23.02.2009 3,53MB 2.5.4300 ,....., Acer eSettings Management Acer Inc. 23.02.2009 13,1MB 2.5.4302 Acer GridVista 23.02.2009 1,51MB 2.72.317 Notwendig Acer Mobility Center Plug-In Acer Inc. 23.02.2009 4,12MB 1.0.4301 unnötIG Acer ScreenSaver Acer Inc. 27.03.2008 2.11.20071207 unnötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.02.2013 11.5.502.149 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.02.2013 11.5.502.149 notwendig Adobe Reader 9.5.3 - Deutsch Adobe Systems Incorporated 13.02.2013 118MB 9.5.3 notwendig AVS Media Player 4.1.9.95 Online Media Technologies Ltd. 26.12.2012 7,50MB AVS Update Manager 1.0 Online Media Technologies Ltd. 26.12.2012 11,9MB unnötig AVS Video Converter 8 Online Media Technologies Ltd. 26.12.2012 39,2MB unötig AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 26.12.2012 6,75MB unnötig Bing Bar Microsoft Corporation 10.09.2012 527KB 7.1.391.0 unnötig BittorrentBar_DE Toolbar BittorrentBar_DE 06.01.2011 3,96MB 6.2.7.3 notwendig Boilsoft AVI to DVD Converter 4.02 Boilsoft, Inc. 24.09.2010 53,3MB unnötig Broadcom Gigabit Integrated Controller Broadcom Corporation 27.03.2008 820KB 10.50.08 unbekannt BurnAware Free 3.3.1 Burnaware Technologies 23.06.2011 21,5MB nötig CCleaner Piriform 23.01.2013 3,41MB 3.27 nötig Compatibility Pack für 2007 Office System Microsoft Corporation 26.01.2013 12.0.6612.1000 nötig Conduit Engine Conduit Ltd. 06.01.2011 3,82MB unbekannt eMule 10.06.2009 10,9MB nötig Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 28.04.2011 3,23MB nötig Free Video to MP3 Converter version 4.2.20.421 DVDVideoSoft Limited. 28.04.2011 3,56MB nötig Free YouTube Download version 2.10.34.421 DVDVideoSoft Limited. 28.04.2011 3,71MB nötig Free YouTube to MP3 Converter version 3.11.32.918 DVDVideoSoft Ltd. 30.09.2012 17,9MB 3.11.32.918 nötig Google Desktop Google 15.09.2010 39,0MB 5.9.1005.12335 unnötig Google Toolbar for Internet Explorer Google Inc. 15.01.2013 6,94MB 7.4.3607.2246 unnötig HDAUDIO Soft Data Fax Modem with SmartCP 23.02.2009 724KB unbekannt HP Customer Participation Program 14.0 HP 30.12.2012 179MB 14.0nötig HP Imaging Device Functions 14.0 HP 30.12.2012 3,37MB 14.0 nötig HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HP 30.12.2012 41,3MB 14.0 nötig HP Smart Web Printing 4.60 HP 30.12.2012 26,3MB 4.60nötig HP Solution Center 14.0 HP 30.12.2012 3,46MB 14.0 nötig HP Update Hewlett-Packard 30.12.2012 2,97MB 5.002.002.002nötig IncrediMail 2.0 IncrediMail Ltd. 03.08.2011 17,8MB 6.2.9.5036nötig IncrediMail MediaBar Deutsch 2 Toolbar IncrediMail MediaBar Deutsch 2 03.08.2011 4,39MB 6.3.30.0nötig Intel(R) Graphics Media Accelerator Driver 23.02.2009 Intel(R) Matrix Storage Manager 23.02.2009 3,77MB unbekann Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 06.02.2011 78,4MB 12.02.0000 unbekannt Java(TM) 6 Update 38 Oracle 21.01.2013 95,7MB 6.0.380 Launch Manager 23.02.2009 3,23MB unbekannt Logitech Eyetoy Webcam 08.12.2010 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 19.02.2013 12,2MB 1.70.0.1100 nötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.05.2009 36,9MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 11.05.2009 27,8MB unbekann Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120MB 4.0.30319 unbekannz Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 05.06.2010 506KB 2.0.4024.1unbekannt Microsoft Office Outlook Connector Microsoft Corporation 28.11.2009 6,13MB 12.0.6423.1000 umbekannt Microsoft Office Small Business Connectivity Components Microsoft Corporation 27.03.2008 158KB 2.0.7024.0 unbekannt Microsoft Office Word Viewer 2003 Microsoft Corporation 10.02.2013 11.0.8173.0unbekannt Microsoft PowerPoint Viewer Microsoft Corporation 23.12.2012 14.0.6029.1000 Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 07.08.2010 7,77MB 8.0.50727.42 Microsoft Security Essentials Microsoft Corporation 18.02.2013 21,8MB 4.2.223.1 Microsoft Silverlight Microsoft Corporation 09.09.2012 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 27.06.2009 1,74MB 3.1.0000 Microsoft SQL Server Native Client Microsoft Corporation 14.05.2009 2,63MB 9.00.4035.00 Microsoft SQL Server VSS Writer Microsoft Corporation 14.05.2009 699KB 9.00.4035.00 Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 28.11.2009 624KB 1.0.1215.0 Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 28.11.2009 1,44MB 1.0.1215.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 31.07.2009 251KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.06.2011 294KB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 06.11.2009 199KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 18.06.2011 592KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.11.2009 590KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 07.08.2010 586KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.06.2011 594KB 9.0.30729.6161 Movavi Video Converter 12 Movavi 26.12.2012 167MB 12.2.0 MSXML 4.0 SP2 (KB927978) Microsoft Corporation 17.01.2010 34,0KB 4.20.9841.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.01.2010 34,0KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.01.2010 1,33MB 4.20.9876.0 MyDSC2 My Company Name 07.06.2009 3,45MB 1.0 Nero 9 Trial Nero AG 15.01.2010 NTI Backup NOW! 4.7 NewTech Infosystems 27.03.2008 7,22MB 1.00.0000 NTI CD & DVD-Maker NewTech Infosystems 27.03.2008 40,0MB 7 NTI Shadow NewTech Infosystems 27.03.2008 7,33MB 3.7.6.37 OpenOffice.org 3.1 OpenOffice.org 23.11.2009 371MB 3.1.9420 Opera 12.14 Opera Software ASA 07.02.2013 42,8MB 12.14.1738 PC Connectivity Solution Nokia 21.01.2010 9,25MB 8.15.0.0 PC VGA Camer@ Ihr Firmenname 30.12.2012 48,0KB 1.0.2.7 PhoTags Express Smith Micro Software, Inc. 07.06.2009 Photo Notifier and Animation Creator IncrediMail Ltd. 09.02.2013 2,71MB 1.0.0.1009 PowerDVD CyberLink Corporation 23.02.2009 58,8MB 7.32.3730a.0 QuickTime 18.12.2009 9,46MB RealPlayer RealNetworks 03.08.2010 86,7MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.03.2008 15,9MB 6.0.1.5543 Shockwave 07.07.2009 Shop for HP Supplies HP 30.12.2012 179MB 14.0 Skype Toolbars Skype Technologies S.A. 22.06.2011 5,86MB 5.3.7555 Skype™ 5.10 Skype Technologies S.A. 09.09.2012 19,4MB 5.10.116 SLOW-PCfighter SPAMfighter ApS 25.09.2010 13,8MB 1.2.61 Synaptics Pointing Device Driver Synaptics 27.03.2008 13,6MB 10.0.15.0 Texas Instruments PCIxx21/x515/xx12 drivers. Texas Instruments Inc. 27.03.2008 964KB 2.00.0002 TuneUp Utilities 2013 TuneUp Software 09.02.2013 78,5MB 13.0.3020.2 Uninstall 1.0.0.1 28.04.2011 27,7MB Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 14.05.2009 23,2MB 9.00.4035.00 VLC media player 0.9.9 VideoLAN Team 25.05.2009 63,1MB 0.9.9 Windows 7 Upgrade Advisor Microsoft Corporation 13.11.2012 8,77MB 2.0.5000.0unbekannt Windows Live Essentials Microsoft Corporation 28.11.2009 44,0MB 14.0.8089.0726unbekannt Windows Live ID-Anmelde-Assistent Microsoft Corporation 05.06.2010 4,68MB 6.500.3165.0 unbekannt Windows Live Sync Microsoft Corporation 28.11.2009 2,79MB 14.0.8089.726 unbekannt Windows Live-Uploadtool Microsoft Corporation 12.05.2009 225KB 14.0.8014.1029 unbekannt Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 21.01.2010 10/12/2007 6.85.4.0 WinRAR 06.01.2010 3,78MB nötig Yontoo Layers 1.10.01 23.06.2011 188KB 1.10.01 unbekannt µTorrent BitTorrent Inc. 22.01.2013 948KB 3.2.3.28705 nötig |
|
19.02.2013, 21:52
| #14 |
| /// Malware-holic | Windows Hostprozess wurde geschlossen wieso fehlt ab der hälfte die beschriftung?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 22:02
| #15 |
| | Windows Hostprozess wurde geschlossen entschuldigun habe ich Übersehen Acer eDataSecurity Management Egis Inc. 23.02.2009 63,2MB 2.8.4354 notwendig Acer eLock Management Acer Inc. 23.02.2009 13,3MB 2.5.4302 notwendig Acer Empowering Technology Acer Inc. 27.03.2008 217MB 2.5.4301 notwendig Acer eNet Management Acer Inc. 23.02.2009 8,71MB 2.6.4303 ,......, Acer ePower Management Acer Inc. 23.02.2009 16,0MB 2.5.4310 Acer ePresentation Management Acer Inc. 23.02.2009 3,53MB 2.5.4300 ,....., Acer eSettings Management Acer Inc. 23.02.2009 13,1MB 2.5.4302 Acer GridVista 23.02.2009 1,51MB 2.72.317 Notwendig Acer Mobility Center Plug-In Acer Inc. 23.02.2009 4,12MB 1.0.4301 unnötIG Acer ScreenSaver Acer Inc. 27.03.2008 2.11.20071207 unnötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.02.2013 11.5.502.149 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.02.2013 11.5.502.149 notwendig Adobe Reader 9.5.3 - Deutsch Adobe Systems Incorporated 13.02.2013 118MB 9.5.3 notwendig AVS Media Player 4.1.9.95 Online Media Technologies Ltd. 26.12.2012 7,50MB AVS Update Manager 1.0 Online Media Technologies Ltd. 26.12.2012 11,9MB unnötig AVS Video Converter 8 Online Media Technologies Ltd. 26.12.2012 39,2MB unötig AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 26.12.2012 6,75MB unnötig Bing Bar Microsoft Corporation 10.09.2012 527KB 7.1.391.0 unnötig BittorrentBar_DE Toolbar BittorrentBar_DE 06.01.2011 3,96MB 6.2.7.3 notwendig Boilsoft AVI to DVD Converter 4.02 Boilsoft, Inc. 24.09.2010 53,3MB unnötig Broadcom Gigabit Integrated Controller Broadcom Corporation 27.03.2008 820KB 10.50.08 unbekannt BurnAware Free 3.3.1 Burnaware Technologies 23.06.2011 21,5MB nötig CCleaner Piriform 23.01.2013 3,41MB 3.27 nötig Compatibility Pack für 2007 Office System Microsoft Corporation 26.01.2013 12.0.6612.1000 nötig Conduit Engine Conduit Ltd. 06.01.2011 3,82MB unbekannt eMule 10.06.2009 10,9MB nötig Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 28.04.2011 3,23MB nötig Free Video to MP3 Converter version 4.2.20.421 DVDVideoSoft Limited. 28.04.2011 3,56MB nötig Free YouTube Download version 2.10.34.421 DVDVideoSoft Limited. 28.04.2011 3,71MB nötig Free YouTube to MP3 Converter version 3.11.32.918 DVDVideoSoft Ltd. 30.09.2012 17,9MB 3.11.32.918 nötig Google Desktop Google 15.09.2010 39,0MB 5.9.1005.12335 unnötig Google Toolbar for Internet Explorer Google Inc. 15.01.2013 6,94MB 7.4.3607.2246 unnötig HDAUDIO Soft Data Fax Modem with SmartCP 23.02.2009 724KB unbekannt HP Customer Participation Program 14.0 HP 30.12.2012 179MB 14.0nötig HP Imaging Device Functions 14.0 HP 30.12.2012 3,37MB 14.0 nötig HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HP 30.12.2012 41,3MB 14.0 nötig HP Smart Web Printing 4.60 HP 30.12.2012 26,3MB 4.60nötig HP Solution Center 14.0 HP 30.12.2012 3,46MB 14.0 nötig HP Update Hewlett-Packard 30.12.2012 2,97MB 5.002.002.002nötig IncrediMail 2.0 IncrediMail Ltd. 03.08.2011 17,8MB 6.2.9.5036nötig IncrediMail MediaBar Deutsch 2 Toolbar IncrediMail MediaBar Deutsch 2 03.08.2011 4,39MB 6.3.30.0nötig Intel(R) Graphics Media Accelerator Driver 23.02.2009 Intel(R) Matrix Storage Manager 23.02.2009 3,77MB unbekann Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 06.02.2011 78,4MB 12.02.0000 unbekannt Java(TM) 6 Update 38 Oracle 21.01.2013 95,7MB 6.0.380 Launch Manager 23.02.2009 3,23MB unbekannt Logitech Eyetoy Webcam 08.12.2010 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 19.02.2013 12,2MB 1.70.0.1100 nötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.05.2009 36,9MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 11.05.2009 27,8MB unbekann Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 05.06.2010 506KB 2.0.4024.1unbekannt Microsoft Office Outlook Connector Microsoft Corporation 28.11.2009 6,13MB 12.0.6423.1000 umbekannt Microsoft Office Small Business Connectivity Components Microsoft Corporation 27.03.2008 158KB 2.0.7024.0 unbekannt Microsoft Office Word Viewer 2003 Microsoft Corporation 10.02.2013 11.0.8173.0 unbekannt Microsoft PowerPoint Viewer Microsoft Corporation 23.12.2012 14.0.6029.1000 nötig Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 07.08.2010 7,77MB 8.0.50727.42 unbekannt Microsoft Security Essentials Microsoft Corporation 18.02.2013 21,8MB 4.2.223.1nötig Microsoft Silverlight Microsoft Corporation 09.09.2012 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 27.06.2009 1,74MB 3.1.0000 unbekannt Microsoft SQL Server Native Client Microsoft Corporation 14.05.2009 2,63MB 9.00.4035.00 unbekannt Microsoft SQL Server VSS Writer Microsoft Corporation 14.05.2009 699KB 9.00.4035.00 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 28.11.2009 624KB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 28.11.2009 1,44MB 1.0.1215.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 31.07.2009 251KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.06.2011 294KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 06.11.2009 199KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 18.06.2011 592KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.11.2009 590KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 07.08.2010 586KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.06.2011 594KB 9.0.30729.6161 unbekannt Movavi Video Converter 12 Movavi 26.12.2012 167MB 12.2.0 unbekannt MSXML 4.0 SP2 (KB927978) Microsoft Corporation 17.01.2010 34,0KB 4.20.9841.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.01.2010 34,0KB 4.20.9870.0unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.01.2010 1,33MB 4.20.9876.0unbekannt MyDSC2 My Company Name 07.06.2009 3,45MB 1.0 unbekannt Nero 9 Trial Nero AG 15.01.2010 unnötig NTI Backup NOW! 4.7 NewTech Infosystems 27.03.2008 7,22MB 1.00.0000 unbekannt NTI CD & DVD-Maker NewTech Infosystems 27.03.2008 40,0MB 7 unbekannt NTI Shadow NewTech Infosystems 27.03.2008 7,33MB 3.7.6.37unbekannt OpenOffice.org 3.1 OpenOffice.org 23.11.2009 371MB 3.1.9420 notwendig Opera 12.14 Opera Software ASA 07.02.2013 42,8MB 12.14.1738 notwendig PC Connectivity Solution Nokia 21.01.2010 9,25MB 8.15.0.0 unbekannt PC VGA Camer@ Ihr Firmenname 30.12.2012 48,0KB 1.0.2.7 unbekannt PhoTags Express Smith Micro Software, Inc. 07.06.2009 unbekannt Photo Notifier and Animation Creator IncrediMail Ltd. 09.02.2013 2,71MB 1.0.0.1009 unbekannt PowerDVD CyberLink Corporation 23.02.2009 58,8MB 7.32.3730a.0 notwendig QuickTime 18.12.2009 9,46MB notwendig RealPlayer RealNetworks 03.08.2010 86,7MB notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.03.2008 15,9MB 6.0.1.5543notwendig Shockwave 07.07.2009 unbekannt Shop for HP Supplies HP 30.12.2012 179MB 14.0 unnötig Skype Toolbars Skype Technologies S.A. 22.06.2011 5,86MB 5.3.7555 notwendig Skype™ 5.10 Skype Technologies S.A. 09.09.2012 19,4MB 5.10.116 notwendig SLOW-PCfighter SPAMfighter ApS 25.09.2010 13,8MB 1.2.61unbekannt Synaptics Pointing Device Driver Synaptics 27.03.2008 13,6MB 10.0.15.0 unbekannt Texas Instruments PCIxx21/x515/xx12 drivers. Texas Instruments Inc. 27.03.2008 964KB 2.00.0002 unbekannt TuneUp Utilities 2013 TuneUp Software 09.02.2013 78,5MB 13.0.3020.2nötig Uninstall 1.0.0.1 28.04.2011 27,7MB unbekannt Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 14.05.2009 23,2MB 9.00.4035.00 unbekannt VLC media player 0.9.9 VideoLAN Team 25.05.2009 63,1MB 0.9.9nötig Windows 7 Upgrade Advisor Microsoft Corporation 13.11.2012 8,77MB 2.0.5000.0unbekannt Windows Live Essentials Microsoft Corporation 28.11.2009 44,0MB 14.0.8089.0726unbekannt Windows Live ID-Anmelde-Assistent Microsoft Corporation 05.06.2010 4,68MB 6.500.3165.0 unbekannt Windows Live Sync Microsoft Corporation 28.11.2009 2,79MB 14.0.8089.726 unbekannt Windows Live-Uploadtool Microsoft Corporation 12.05.2009 225KB 14.0.8014.1029 unbekannt Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 21.01.2010 10/12/2007 6.85.4.0 WinRAR 06.01.2010 3,78MB nötig Yontoo Layers 1.10.01 23.06.2011 188KB 1.10.01 unbekannt µTorrent BitTorrent Inc. 22.01.2013 948KB 3.2.3.28705 nötig |
|
| Themen zu Windows Hostprozess wurde geschlossen |
| .dll, absturz, administrator, anti-malware, autostart, bild, browser, dateien, englisch, explorer, gelöscht, hardware, helper, hostprozess, hängen, laptop, microsoft, problem, probleme, prozess, quarantäne, software, test, vista, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
