| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöschtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.03.2013, 15:52
| #1 |
| |  Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hallo, mein Vater hat mich gebeten, ihm mit seinem Netbook zu helfen. Seit einigen Tagen lässt sich Windows nicht mehr herunterfahren. Zudem sind alle Favoriten im Firefox gelöscht und das Windowsfenster zur Systemwiederherstellung ist ständig geöffnet und lässt sich nicht schließen. Desweiteren funktioniert der Befehl Strg+Alt+Entf nicht mehr (keinerlei Reaktion). Habe dann gemerkt, dass kein Antivirenprogramm installiert ist und wollte dies nachholen. Die Exe-Datei von Antivir lies sich zwar herunterladen und die Installation starten, aber nachdem die erforderlichen Daten aus dem Internet geladen wurden, hatte sich das Setup beendet, ohne dass die Installation abgeschlossen war. Weiß ehrlich gesagt nicht mehr weiter. Würde mich ehrlich freuen, wenn mir hier jemand weiterhelfen kann  Viele Grüße! |
|
01.03.2013, 16:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
01.03.2013, 17:59
| #3 |
| | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hallo,
__________________vielen Dank schonmal für die schnelle Antwort  Hier die beiden Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2013 17:29:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rudinetbook\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 195,41 Mb Available Physical Memory | 19,29% Memory free 1,99 Gb Paging File | 1,18 Gb Available in Paging File | 59,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 185,85 Gb Free Space | 86,13% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,64 Gb Free Space | 65,99% Space Free | Partition Type: FAT32 Computer Name: RUDINETBOOK-PC | User Name: rudinetbook | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\rudinetbook\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\rudinetbook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Acer\Android Manager\DEU.dll () MOD - C:\Programme\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.) DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492 IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492 IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE419 IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rudinetbook\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rudinetbook\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 19:18:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.02 10:53:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 19:18:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 19:17:57 | 000,000,000 | ---D | M] [2011.02.14 21:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Extensions [2011.02.14 21:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 17:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Firefox\Profiles\bj1uu1bj.default\extensions [2011.02.17 21:04:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Firefox\Profiles\bj1uu1bj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013.02.27 19:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.27 19:18:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.08 20:05:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.09 21:02:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.08 20:05:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.08 20:05:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.08 20:05:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.08 20:05:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rudinetbook\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\rudinetbook\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rudinetbook\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\rudinetbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rudinetbook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{881976E8-CB3D-467A-98C2-E5D4EC2CE912}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6BA12F-7069-493E-9F59-F848CD329FE2}: DhcpNameServer = 10.2.15.1 213.131.232.32 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 17:28:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rudinetbook\Desktop\OTL.exe [2013.02.27 19:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.14 14:59:18 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 14:59:14 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.14 14:59:14 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 14:59:00 | 000,187,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.14 14:57:59 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.02.14 14:57:59 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.14 14:57:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.02.14 14:57:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.01 17:28:19 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 17:28:19 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 17:28:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rudinetbook\Desktop\OTL.exe [2013.03.01 17:26:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 17:20:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 17:20:33 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 17:12:02 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821116743-1221361796-3835700242-1000UA.job [2013.03.01 17:12:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 15:04:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821116743-1221361796-3835700242-1000Core.job [2013.02.14 21:28:39 | 000,261,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.04 19:15:03 | 000,002,360 | ---- | M] () -- C:\Users\rudinetbook\Desktop\Google Chrome.lnk [2013.02.02 18:27:19 | 000,000,564 | ---- | M] () -- C:\Windows\wininit.ini [2013.02.02 18:27:13 | 000,001,021 | ---- | M] () -- C:\Users\rudinetbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.02 18:26:41 | 000,001,001 | ---- | M] () -- C:\Users\rudinetbook\Desktop\Dropbox.lnk [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.27 08:11:31 | 000,000,564 | ---- | C] () -- C:\Windows\wininit.ini [2010.08.05 14:39:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1A60DE96 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2013 17:29:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rudinetbook\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,09 Mb Total Physical Memory | 195,41 Mb Available Physical Memory | 19,29% Memory free
1,99 Gb Paging File | 1,18 Gb Available in Paging File | 59,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 185,85 Gb Free Space | 86,13% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,64 Gb Free Space | 65,99% Space Free | Partition Type: FAT32
Computer Name: RUDINETBOOK-PC | User Name: rudinetbook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA693FB-5137-42F1-B7CA-0E58D81C7551}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7C26F303-2FEA-4921-84D5-C7AE2EAD14E4}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10EB0A7B-F9AB-4A98-82B0-8F1C240C0E15}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{21D4B537-C381-4C5F-9E7A-EA1AD7650ACC}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{35BD60D5-2EFB-4E1F-A997-500E75560558}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7098A7F1-447D-4AF2-8608-2560B00F8B2A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{715DD107-D3A3-4904-AB41-D98A1CEB647D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{721F80CE-5D2C-4411-8710-70195139AEC7}" = protocol=6 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
"{C421805D-9362-42DA-A23C-454AB6D6A33D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C935BCB9-428B-4FE7-A9B5-36D77E27F965}" = protocol=17 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
"{DB2C920A-9EBD-4CB7-B64C-6CB3EBEF28B1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{8075FE8C-8FEC-448E-8790-073E21671DFC}C:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5D6BB1B2-00C3-4AC2-862B-559C128F67E0}C:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2013 13:48:00 | Computer Name = rudinetbook-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Der Server lieferte eine ungültige oder
unbekannte Rückmeldung. ErrorCode: 14007(0x36b7).
Error - 13.01.2013 06:37:33 | Computer Name = rudinetbook-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Falscher Parameter. ErrorCode: 14007(0x36b7).
Error - 14.01.2013 14:16:58 | Computer Name = rudinetbook-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Der Server lieferte eine ungültige oder
unbekannte Rückmeldung. ErrorCode: 14007(0x36b7).
Error - 04.02.2013 14:02:22 | Computer Name = rudinetbook-PC | Source = System Restore | ID = 8193
Description =
Error - 14.02.2013 16:18:27 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 16:18:27 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 16:18:27 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "SMSvcHost 4.0.0.0" (SMSvcHost 4.0.0.0). Der Fehlercode ist das erste
DWORD im Datenbereich.
Error - 14.02.2013 16:18:27 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 16:18:27 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 16:18:27 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
[ System Events ]
Error - 23.02.2013 09:56:33 | Computer Name = rudinetbook-PC | Source = DCOM | ID = 10010
Description =
Error - 24.02.2013 14:11:55 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800736b3 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 unter Windows 7 (KB2792100)
Error - 24.02.2013 15:08:19 | Computer Name = rudinetbook-PC | Source = DCOM | ID = 10010
Description =
Error - 24.02.2013 15:08:19 | Computer Name = rudinetbook-PC | Source = DCOM | ID = 10010
Description =
Error - 25.02.2013 13:54:56 | Computer Name = rudinetbook-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 25.02.2013 16:47:38 | Computer Name = rudinetbook-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 26.02.2013 14:25:57 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800736b3 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 unter Windows 7 (KB2792100)
Error - 27.02.2013 13:58:04 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800736b3 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 unter Windows 7 (KB2792100)
Error - 01.03.2013 10:08:21 | Computer Name = rudinetbook-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800736b3 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 unter Windows 7 (KB2792100)
Error - 01.03.2013 12:20:44 | Computer Name = rudinetbook-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?03.?2013 um 17:18:20 unerwartet heruntergefahren.
< End of report >
|
|
02.03.2013, 01:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.03.2013, 12:53
| #5 |
| | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hallo, hier erstmal das Log von GMER: [code] GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-02 12:50:30
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\RUDINE~1\AppData\Local\Temp\kxriypoc.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 81C5F8D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C84312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[3632] SHELL32.dll!SHEvaluateSystemCommandTemplate + 58AE 7667E284 4 Bytes [90, 1B, 39, 00]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [00391F00] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00392AC0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[3632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [003911D0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 2.1 ----
Das zweite folgt dann gleich! Hier das Log von Mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.02.05
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
rudinetbook :: RUDINETBOOK-PC [administrator]
02.03.2013 13:21:14
mbar-log-2013-03-02 (13-21-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27613
Time elapsed: 17 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
03.03.2013, 17:25
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht |
|
03.03.2013, 21:46
| #7 |
| | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hi, hier das erste Log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-03 20:44:35
-----------------------------
20:44:35.933 OS Version: Windows 6.1.7600
20:44:35.933 Number of processors: 4 586 0x1C0A
20:44:35.933 ComputerName: RUDINETBOOK-PC UserName: rudinetbook
20:44:39.069 Initialize success
21:20:14.454 AVAST engine defs: 13030300
21:22:54.385 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:22:54.401 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:22:54.448 Disk 0 MBR read successfully
21:22:54.448 Disk 0 MBR scan
21:22:54.557 Disk 0 Windows 7 default MBR code
21:22:54.572 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
21:22:54.619 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 4096 MB offset 27265024
21:22:54.650 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
21:22:54.666 Disk 0 Partition - 00 0F Extended LBA 220965 MB offset 35858432
21:22:54.713 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 220964 MB offset 35860480
21:22:54.728 Disk 0 scanning sectors +488394752
21:22:54.947 Disk 0 scanning C:\Windows\system32\drivers
21:23:14.197 Service scanning
21:24:03.291 Modules scanning
21:24:28.095 Disk 0 trace - called modules:
21:24:28.173 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:24:28.188 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ee07c8]
21:24:28.219 3 CLASSPNP.SYS[86bab59e] -> nt!IofCallDriver -> [0x84442cd0]
21:24:28.235 5 ACPI.sys[864d63b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84430028]
21:24:31.589 AVAST engine scan C:\Windows
21:24:38.297 AVAST engine scan C:\Windows\system32
21:29:34.167 AVAST engine scan C:\Windows\system32\drivers
21:29:54.712 AVAST engine scan C:\Users\rudinetbook
21:36:42.883 AVAST engine scan C:\ProgramData
21:37:22.320 Scan finished successfully
21:38:02.006 Disk 0 MBR has been saved successfully to "C:\Users\rudinetbook\Desktop\MBR.dat"
21:38:02.038 The log file has been saved successfully to "C:\Users\rudinetbook\Desktop\aswMBR.txt"
Code:
ATTFilter 21:40:57.0486 4272 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:40:58.0453 4272 ============================================================
21:40:58.0453 4272 Current date / time: 2013/03/03 21:40:58.0453
21:40:58.0453 4272 SystemInfo:
21:40:58.0453 4272
21:40:58.0453 4272 OS Version: 6.1.7600 ServicePack: 0.0
21:40:58.0453 4272 Product type: Workstation
21:40:58.0453 4272 ComputerName: RUDINETBOOK-PC
21:40:58.0453 4272 UserName: rudinetbook
21:40:58.0453 4272 Windows directory: C:\Windows
21:40:58.0453 4272 System windows directory: C:\Windows
21:40:58.0453 4272 Processor architecture: Intel x86
21:40:58.0453 4272 Number of processors: 4
21:40:58.0453 4272 Page size: 0x1000
21:40:58.0453 4272 Boot type: Normal boot
21:40:58.0453 4272 ============================================================
21:40:59.0966 4272 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:40:59.0982 4272 ============================================================
21:40:59.0982 4272 \Device\Harddisk0\DR0:
21:40:59.0982 4272 MBR partitions:
21:40:59.0982 4272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1A00800, BlocksNum 0x800000
21:40:59.0982 4272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
21:40:59.0998 4272 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2233000, BlocksNum 0x1AF92000
21:40:59.0998 4272 ============================================================
21:41:00.0060 4272 C: <-> \Device\Harddisk0\DR0\Partition3
21:41:00.0076 4272 D: <-> \Device\Harddisk0\DR0\Partition1
21:41:00.0107 4272 ============================================================
21:41:00.0107 4272 Initialize success
21:41:00.0107 4272 ============================================================
21:41:52.0336 2684 ============================================================
21:41:52.0336 2684 Scan started
21:41:52.0336 2684 Mode: Manual; SigCheck; TDLFS;
21:41:52.0336 2684 ============================================================
21:41:52.0710 2684 ================ Scan system memory ========================
21:41:52.0710 2684 System memory - ok
21:41:52.0710 2684 ================ Scan services =============================
21:41:53.0069 2684 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:41:53.0350 2684 1394ohci - ok
21:41:53.0412 2684 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:41:53.0459 2684 ACPI - ok
21:41:53.0490 2684 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:41:53.0599 2684 AcpiPmi - ok
21:41:53.0662 2684 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:41:53.0708 2684 adp94xx - ok
21:41:53.0740 2684 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:41:53.0786 2684 adpahci - ok
21:41:53.0802 2684 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:41:53.0849 2684 adpu320 - ok
21:41:53.0896 2684 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:41:54.0005 2684 AeLookupSvc - ok
21:41:54.0083 2684 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
21:41:54.0457 2684 AFD - ok
21:41:54.0504 2684 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:41:54.0566 2684 agp440 - ok
21:41:54.0598 2684 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:41:54.0644 2684 aic78xx - ok
21:41:54.0691 2684 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:41:54.0832 2684 ALG - ok
21:41:54.0878 2684 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:41:54.0910 2684 aliide - ok
21:41:54.0925 2684 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:41:54.0956 2684 amdagp - ok
21:41:54.0988 2684 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:41:55.0019 2684 amdide - ok
21:41:55.0066 2684 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:41:55.0159 2684 AmdK8 - ok
21:41:55.0175 2684 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:41:55.0268 2684 AmdPPM - ok
21:41:55.0331 2684 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:41:55.0378 2684 amdsata - ok
21:41:55.0424 2684 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:41:55.0456 2684 amdsbs - ok
21:41:55.0487 2684 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:41:55.0518 2684 amdxata - ok
21:41:55.0549 2684 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
21:41:55.0721 2684 AppID - ok
21:41:55.0783 2684 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:41:56.0002 2684 AppIDSvc - ok
21:41:56.0080 2684 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
21:41:56.0173 2684 Appinfo - ok
21:41:56.0204 2684 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
21:41:56.0236 2684 arc - ok
21:41:56.0267 2684 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:41:56.0298 2684 arcsas - ok
21:41:56.0329 2684 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:56.0563 2684 AsyncMac - ok
21:41:56.0626 2684 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:41:56.0672 2684 atapi - ok
21:41:56.0750 2684 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:41:56.0875 2684 AudioEndpointBuilder - ok
21:41:56.0922 2684 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:41:57.0000 2684 Audiosrv - ok
21:41:57.0031 2684 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:41:57.0187 2684 AxInstSV - ok
21:41:57.0250 2684 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
21:41:57.0328 2684 b06bdrv - ok
21:41:57.0359 2684 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:41:57.0452 2684 b57nd60x - ok
21:41:57.0515 2684 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:41:57.0671 2684 BDESVC - ok
21:41:57.0702 2684 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:41:57.0796 2684 Beep - ok
21:41:57.0858 2684 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
21:41:57.0967 2684 BFE - ok
21:41:58.0045 2684 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
21:41:58.0170 2684 BITS - ok
21:41:58.0201 2684 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:41:58.0264 2684 blbdrive - ok
21:41:58.0310 2684 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:41:58.0404 2684 bowser - ok
21:41:58.0435 2684 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:41:58.0498 2684 BrFiltLo - ok
21:41:58.0513 2684 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:41:58.0560 2684 BrFiltUp - ok
21:41:58.0622 2684 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
21:41:58.0732 2684 Browser - ok
21:41:58.0778 2684 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:41:58.0919 2684 Brserid - ok
21:41:58.0934 2684 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:59.0028 2684 BrSerWdm - ok
21:41:59.0028 2684 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:59.0090 2684 BrUsbMdm - ok
21:41:59.0106 2684 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:59.0153 2684 BrUsbSer - ok
21:41:59.0168 2684 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:41:59.0231 2684 BTHMODEM - ok
21:41:59.0293 2684 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:41:59.0387 2684 bthserv - ok
21:41:59.0434 2684 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:41:59.0512 2684 cdfs - ok
21:41:59.0558 2684 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:41:59.0652 2684 cdrom - ok
21:41:59.0714 2684 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
21:41:59.0808 2684 CertPropSvc - ok
21:41:59.0839 2684 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
21:41:59.0902 2684 circlass - ok
21:41:59.0948 2684 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:41:59.0995 2684 CLFS - ok
21:42:00.0089 2684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:42:00.0136 2684 clr_optimization_v2.0.50727_32 - ok
21:42:00.0229 2684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:42:00.0307 2684 clr_optimization_v4.0.30319_32 - ok
21:42:00.0338 2684 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:42:00.0401 2684 CmBatt - ok
21:42:00.0432 2684 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:42:00.0463 2684 cmdide - ok
21:42:00.0526 2684 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
21:42:00.0666 2684 CNG - ok
21:42:00.0697 2684 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:42:00.0728 2684 Compbatt - ok
21:42:00.0760 2684 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:42:00.0838 2684 CompositeBus - ok
21:42:00.0853 2684 COMSysApp - ok
21:42:00.0900 2684 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:42:00.0931 2684 crcdisk - ok
21:42:00.0994 2684 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:42:01.0087 2684 CryptSvc - ok
21:42:01.0321 2684 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:42:01.0415 2684 cvhsvc - ok
21:42:01.0477 2684 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:42:01.0508 2684 dc3d - ok
21:42:01.0555 2684 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
21:42:01.0696 2684 DcomLaunch - ok
21:42:01.0742 2684 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:42:01.0852 2684 defragsvc - ok
21:42:01.0883 2684 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:42:01.0961 2684 DfsC - ok
21:42:02.0023 2684 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:42:02.0164 2684 Dhcp - ok
21:42:02.0195 2684 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:42:02.0288 2684 discache - ok
21:42:02.0335 2684 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
21:42:02.0382 2684 Disk - ok
21:42:02.0429 2684 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:42:02.0522 2684 Dnscache - ok
21:42:02.0554 2684 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
21:42:02.0678 2684 dot3svc - ok
21:42:02.0694 2684 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
21:42:02.0834 2684 DPS - ok
21:42:02.0897 2684 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:42:02.0944 2684 drmkaud - ok
21:42:03.0084 2684 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
21:42:03.0162 2684 DsiWMIService - ok
21:42:03.0209 2684 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:42:03.0287 2684 DXGKrnl - ok
21:42:03.0318 2684 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:42:03.0427 2684 EapHost - ok
21:42:03.0552 2684 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
21:42:03.0755 2684 ebdrv - ok
21:42:03.0802 2684 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
21:42:03.0926 2684 EFS - ok
21:42:03.0989 2684 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:42:04.0036 2684 elxstor - ok
21:42:04.0192 2684 [ 2609A5B13DE9B2EEB38F3A83A406D079 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:42:04.0270 2684 ePowerSvc - ok
21:42:04.0301 2684 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:42:04.0348 2684 ErrDev - ok
21:42:04.0426 2684 [ 4FAB8DFAF156E048AD514EABD268AB3A ] EUCR C:\Windows\system32\drivers\EUCR6SK.SYS
21:42:04.0472 2684 EUCR - ok
21:42:04.0535 2684 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:42:04.0644 2684 EventSystem - ok
21:42:04.0675 2684 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:42:04.0769 2684 exfat - ok
21:42:04.0800 2684 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:42:04.0909 2684 fastfat - ok
21:42:04.0956 2684 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
21:42:05.0128 2684 Fax - ok
21:42:05.0159 2684 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
21:42:05.0252 2684 fdc - ok
21:42:05.0299 2684 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:42:05.0393 2684 fdPHost - ok
21:42:05.0408 2684 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:42:05.0486 2684 FDResPub - ok
21:42:05.0518 2684 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:42:05.0549 2684 FileInfo - ok
21:42:05.0596 2684 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:42:05.0705 2684 Filetrace - ok
21:42:05.0752 2684 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:42:05.0798 2684 flpydisk - ok
21:42:05.0861 2684 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:42:05.0908 2684 FltMgr - ok
21:42:05.0970 2684 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
21:42:06.0110 2684 FontCache - ok
21:42:06.0204 2684 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:42:06.0251 2684 FontCache3.0.0.0 - ok
21:42:06.0282 2684 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:42:06.0313 2684 FsDepends - ok
21:42:06.0360 2684 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:42:06.0391 2684 Fs_Rec - ok
21:42:06.0438 2684 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:42:06.0500 2684 fvevol - ok
21:42:06.0563 2684 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:42:06.0610 2684 gagp30kx - ok
21:42:06.0656 2684 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
21:42:06.0766 2684 gpsvc - ok
21:42:06.0859 2684 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files\Acer\Registration\GREGsvc.exe
21:42:06.0890 2684 GREGService - ok
21:42:07.0015 2684 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:42:07.0046 2684 gupdate - ok
21:42:07.0062 2684 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:42:07.0093 2684 gupdatem - ok
21:42:07.0156 2684 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:42:07.0202 2684 gusvc - ok
21:42:07.0234 2684 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:42:07.0390 2684 hcw85cir - ok
21:42:07.0436 2684 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:42:07.0514 2684 HdAudAddService - ok
21:42:07.0546 2684 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:42:07.0624 2684 HDAudBus - ok
21:42:07.0639 2684 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:42:07.0686 2684 HidBatt - ok
21:42:07.0702 2684 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:42:07.0748 2684 HidBth - ok
21:42:07.0764 2684 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:42:07.0826 2684 HidIr - ok
21:42:07.0873 2684 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:42:07.0967 2684 hidserv - ok
21:42:08.0045 2684 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:42:08.0107 2684 HidUsb - ok
21:42:08.0170 2684 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:42:08.0279 2684 hkmsvc - ok
21:42:08.0310 2684 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:42:08.0435 2684 HomeGroupListener - ok
21:42:08.0497 2684 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:42:08.0591 2684 HomeGroupProvider - ok
21:42:08.0638 2684 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:42:08.0669 2684 HpSAMD - ok
21:42:08.0716 2684 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:42:08.0856 2684 HTTP - ok
21:42:08.0887 2684 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:42:08.0918 2684 hwpolicy - ok
21:42:08.0965 2684 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:42:08.0996 2684 i8042prt - ok
21:42:09.0106 2684 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:42:09.0168 2684 IAANTMON - ok
21:42:09.0215 2684 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\Windows\system32\drivers\iaStor.sys
21:42:09.0246 2684 iaStor - ok
21:42:09.0293 2684 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:42:09.0340 2684 iaStorV - ok
21:42:09.0402 2684 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:42:09.0480 2684 idsvc - ok
21:42:09.0683 2684 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:42:10.0010 2684 igfx - ok
21:42:10.0057 2684 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:42:10.0120 2684 iirsp - ok
21:42:10.0182 2684 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
21:42:10.0307 2684 IKEEXT - ok
21:42:10.0478 2684 [ 2A1ACEC9DA72B39188F007437DA3B008 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:42:10.0666 2684 IntcAzAudAddService - ok
21:42:10.0775 2684 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:42:10.0822 2684 intelide - ok
21:42:10.0853 2684 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:42:10.0931 2684 intelppm - ok
21:42:10.0978 2684 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:42:11.0071 2684 IPBusEnum - ok
21:42:11.0087 2684 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:42:11.0180 2684 IpFilterDriver - ok
21:42:11.0212 2684 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:42:11.0321 2684 iphlpsvc - ok
21:42:11.0352 2684 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:42:11.0414 2684 IPMIDRV - ok
21:42:11.0414 2684 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:42:11.0508 2684 IPNAT - ok
21:42:11.0555 2684 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:42:11.0617 2684 IRENUM - ok
21:42:11.0664 2684 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:42:11.0695 2684 isapnp - ok
21:42:11.0726 2684 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:42:11.0758 2684 iScsiPrt - ok
21:42:11.0789 2684 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:42:11.0836 2684 kbdclass - ok
21:42:11.0867 2684 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:42:11.0929 2684 kbdhid - ok
21:42:11.0960 2684 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
21:42:11.0992 2684 KeyIso - ok
21:42:12.0054 2684 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:42:12.0085 2684 KSecDD - ok
21:42:12.0132 2684 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:42:12.0179 2684 KSecPkg - ok
21:42:12.0226 2684 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:42:12.0319 2684 KtmRm - ok
21:42:12.0397 2684 [ 12DE252A44C344A7A044B3C1190DF63B ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
21:42:12.0428 2684 L1C - ok
21:42:12.0491 2684 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
21:42:12.0616 2684 LanmanServer - ok
21:42:12.0678 2684 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:42:12.0772 2684 LanmanWorkstation - ok
21:42:12.0834 2684 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:42:12.0928 2684 lltdio - ok
21:42:12.0974 2684 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:42:13.0084 2684 lltdsvc - ok
21:42:13.0115 2684 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:42:13.0255 2684 lmhosts - ok
21:42:13.0318 2684 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:42:13.0349 2684 LSI_FC - ok
21:42:13.0396 2684 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:42:13.0427 2684 LSI_SAS - ok
21:42:13.0442 2684 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:42:13.0474 2684 LSI_SAS2 - ok
21:42:13.0489 2684 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:42:13.0520 2684 LSI_SCSI - ok
21:42:13.0567 2684 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:42:13.0661 2684 luafv - ok
21:42:13.0723 2684 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
21:42:13.0754 2684 megasas - ok
21:42:13.0786 2684 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:42:13.0817 2684 MegaSR - ok
21:42:13.0864 2684 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:42:13.0957 2684 MMCSS - ok
21:42:13.0973 2684 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:42:14.0066 2684 Modem - ok
21:42:14.0129 2684 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:42:14.0207 2684 monitor - ok
21:42:14.0238 2684 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:42:14.0269 2684 mouclass - ok
21:42:14.0300 2684 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:42:14.0347 2684 mouhid - ok
21:42:14.0378 2684 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:42:14.0410 2684 mountmgr - ok
21:42:14.0503 2684 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:42:14.0550 2684 MozillaMaintenance - ok
21:42:14.0597 2684 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys
21:42:14.0628 2684 mpio - ok
21:42:14.0659 2684 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:42:14.0753 2684 mpsdrv - ok
21:42:14.0815 2684 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
21:42:14.0924 2684 MpsSvc - ok
21:42:14.0971 2684 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:42:15.0049 2684 MRxDAV - ok
21:42:15.0096 2684 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:42:15.0205 2684 mrxsmb - ok
21:42:15.0346 2684 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:42:15.0392 2684 mrxsmb10 - ok
21:42:15.0470 2684 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:42:15.0658 2684 mrxsmb20 - ok
21:42:15.0751 2684 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
21:42:15.0782 2684 msahci - ok
21:42:15.0829 2684 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:42:15.0860 2684 msdsm - ok
21:42:16.0001 2684 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:42:16.0126 2684 MSDTC - ok
21:42:16.0297 2684 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:42:16.0469 2684 Msfs - ok
21:42:16.0531 2684 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:42:16.0687 2684 mshidkmdf - ok
21:42:16.0812 2684 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:42:16.0859 2684 msisadrv - ok
21:42:17.0046 2684 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:42:17.0202 2684 MSiSCSI - ok
21:42:17.0202 2684 msiserver - ok
21:42:17.0280 2684 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:42:17.0389 2684 MSKSSRV - ok
21:42:17.0452 2684 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:42:17.0576 2684 MSPCLOCK - ok
21:42:17.0623 2684 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:42:17.0748 2684 MSPQM - ok
21:42:17.0826 2684 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:42:17.0857 2684 MsRPC - ok
21:42:17.0888 2684 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:42:17.0920 2684 mssmbios - ok
21:42:17.0966 2684 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:42:18.0044 2684 MSTEE - ok
21:42:18.0076 2684 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:42:18.0122 2684 MTConfig - ok
21:42:18.0154 2684 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:42:18.0185 2684 Mup - ok
21:42:18.0232 2684 [ CB47C414E083CA6E50E634B148F28F64 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:42:18.0247 2684 mwlPSDFilter - ok
21:42:18.0263 2684 [ 647B953019559BFF07536F5C6121F333 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:42:18.0294 2684 mwlPSDNServ - ok
21:42:18.0310 2684 [ 5A236A36DB8687D1E64DC81C03EAABE1 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:42:18.0341 2684 mwlPSDVDisk - ok
21:42:18.0403 2684 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
21:42:18.0450 2684 MWLService - ok
21:42:18.0512 2684 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
21:42:18.0622 2684 napagent - ok
21:42:18.0700 2684 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:42:18.0778 2684 NativeWifiP - ok
21:42:18.0809 2684 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:42:18.0902 2684 NDIS - ok
21:42:18.0934 2684 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:42:19.0027 2684 NdisCap - ok
21:42:19.0058 2684 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:42:19.0136 2684 NdisTapi - ok
21:42:19.0183 2684 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:42:19.0277 2684 Ndisuio - ok
21:42:19.0324 2684 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:42:19.0417 2684 NdisWan - ok
21:42:19.0448 2684 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:42:19.0542 2684 NDProxy - ok
21:42:19.0589 2684 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:42:19.0682 2684 NetBIOS - ok
21:42:19.0714 2684 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:42:19.0823 2684 NetBT - ok
21:42:19.0854 2684 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
21:42:19.0885 2684 Netlogon - ok
21:42:19.0948 2684 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:42:20.0057 2684 Netman - ok
21:42:20.0104 2684 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:42:20.0213 2684 netprofm - ok
21:42:20.0244 2684 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:42:20.0275 2684 NetTcpPortSharing - ok
21:42:20.0540 2684 [ A520AED8926AD6185031B9B18F55397E ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
21:42:20.0915 2684 NETw5s32 - ok
21:42:20.0977 2684 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:42:21.0008 2684 nfrd960 - ok
21:42:21.0055 2684 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
21:42:21.0164 2684 NlaSvc - ok
21:42:21.0305 2684 [ A634584C506F2C82680039371AA1772C ] NOBU C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
21:42:21.0445 2684 NOBU - ok
21:42:21.0476 2684 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:42:21.0554 2684 Npfs - ok
21:42:21.0601 2684 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:42:21.0710 2684 nsi - ok
21:42:21.0742 2684 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:42:21.0835 2684 nsiproxy - ok
21:42:21.0913 2684 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:42:22.0022 2684 Ntfs - ok
21:42:22.0054 2684 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:42:22.0147 2684 Null - ok
21:42:22.0194 2684 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:42:22.0241 2684 nvraid - ok
21:42:22.0256 2684 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:42:22.0303 2684 nvstor - ok
21:42:22.0319 2684 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:42:22.0366 2684 nv_agp - ok
21:42:22.0381 2684 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:42:22.0444 2684 ohci1394 - ok
21:42:22.0537 2684 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:42:22.0568 2684 ose - ok
21:42:22.0771 2684 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:42:23.0083 2684 osppsvc - ok
21:42:23.0130 2684 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:42:23.0239 2684 p2pimsvc - ok
21:42:23.0286 2684 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:42:23.0333 2684 p2psvc - ok
21:42:23.0380 2684 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
21:42:23.0442 2684 Parport - ok
21:42:23.0489 2684 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:42:23.0520 2684 partmgr - ok
21:42:23.0551 2684 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:42:23.0614 2684 Parvdm - ok
21:42:23.0660 2684 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:42:23.0738 2684 PcaSvc - ok
21:42:23.0770 2684 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys
21:42:23.0816 2684 pci - ok
21:42:23.0848 2684 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:42:23.0879 2684 pciide - ok
21:42:23.0894 2684 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:42:23.0926 2684 pcmcia - ok
21:42:23.0957 2684 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:42:23.0988 2684 pcw - ok
21:42:24.0035 2684 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:42:24.0160 2684 PEAUTH - ok
21:42:24.0284 2684 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
21:42:24.0472 2684 pla - ok
21:42:24.0534 2684 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:42:24.0596 2684 PlugPlay - ok
21:42:24.0612 2684 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:42:24.0721 2684 PNRPAutoReg - ok
21:42:24.0752 2684 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:42:24.0799 2684 PNRPsvc - ok
21:42:24.0846 2684 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
21:42:24.0877 2684 Point32 - ok
21:42:24.0924 2684 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:42:25.0033 2684 PolicyAgent - ok
21:42:25.0080 2684 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
21:42:25.0158 2684 Power - ok
21:42:25.0205 2684 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:42:25.0283 2684 PptpMiniport - ok
21:42:25.0330 2684 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
21:42:25.0392 2684 Processor - ok
21:42:25.0454 2684 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
21:42:25.0564 2684 ProfSvc - ok
21:42:25.0579 2684 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:42:25.0626 2684 ProtectedStorage - ok
21:42:25.0657 2684 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:42:25.0751 2684 Psched - ok
21:42:25.0844 2684 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:42:25.0985 2684 ql2300 - ok
21:42:26.0000 2684 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:42:26.0032 2684 ql40xx - ok
21:42:26.0094 2684 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:42:26.0172 2684 QWAVE - ok
21:42:26.0203 2684 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:42:26.0250 2684 QWAVEdrv - ok
21:42:26.0281 2684 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:42:26.0359 2684 RasAcd - ok
21:42:26.0390 2684 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:42:26.0484 2684 RasAgileVpn - ok
21:42:26.0531 2684 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:42:26.0624 2684 RasAuto - ok
21:42:26.0640 2684 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:42:26.0749 2684 Rasl2tp - ok
21:42:26.0796 2684 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
21:42:26.0905 2684 RasMan - ok
21:42:26.0968 2684 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:42:27.0046 2684 RasPppoe - ok
21:42:27.0092 2684 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:42:27.0170 2684 RasSstp - ok
21:42:27.0186 2684 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:42:27.0295 2684 rdbss - ok
21:42:27.0326 2684 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:42:27.0389 2684 rdpbus - ok
21:42:27.0436 2684 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:42:27.0514 2684 RDPCDD - ok
21:42:27.0560 2684 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:42:27.0670 2684 RDPENCDD - ok
21:42:27.0716 2684 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:42:27.0779 2684 RDPREFMP - ok
21:42:27.0826 2684 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:42:27.0919 2684 RDPWD - ok
21:42:27.0966 2684 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:42:28.0013 2684 rdyboost - ok
21:42:28.0044 2684 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:42:28.0138 2684 RemoteAccess - ok
21:42:28.0200 2684 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:42:28.0309 2684 RemoteRegistry - ok
21:42:28.0340 2684 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:42:28.0450 2684 RpcEptMapper - ok
21:42:28.0496 2684 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:42:28.0559 2684 RpcLocator - ok
21:42:28.0590 2684 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
21:42:28.0684 2684 RpcSs - ok
21:42:28.0730 2684 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:42:28.0824 2684 rspndr - ok
21:42:28.0886 2684 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:42:28.0933 2684 RS_Service - ok
21:42:28.0964 2684 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
21:42:28.0996 2684 SamSs - ok
21:42:29.0089 2684 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:42:29.0136 2684 sbp2port - ok
21:42:29.0183 2684 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:42:29.0276 2684 SCardSvr - ok
21:42:29.0308 2684 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:42:29.0417 2684 scfilter - ok
21:42:29.0479 2684 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
21:42:29.0620 2684 Schedule - ok
21:42:29.0635 2684 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:42:29.0713 2684 SCPolicySvc - ok
21:42:29.0744 2684 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:42:29.0854 2684 SDRSVC - ok
21:42:29.0900 2684 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:42:30.0010 2684 secdrv - ok
21:42:30.0072 2684 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:42:30.0166 2684 seclogon - ok
21:42:30.0212 2684 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:42:30.0322 2684 SENS - ok
21:42:30.0368 2684 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:42:30.0431 2684 Serenum - ok
21:42:30.0446 2684 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
21:42:30.0524 2684 Serial - ok
21:42:30.0524 2684 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:42:30.0571 2684 sermouse - ok
21:42:30.0634 2684 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
21:42:30.0743 2684 SessionEnv - ok
21:42:30.0758 2684 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:42:30.0852 2684 sffdisk - ok
21:42:30.0868 2684 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:42:30.0914 2684 sffp_mmc - ok
21:42:30.0914 2684 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:42:30.0977 2684 sffp_sd - ok
21:42:30.0992 2684 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:42:31.0024 2684 sfloppy - ok
21:42:31.0102 2684 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:42:31.0148 2684 Sftfs - ok
21:42:31.0258 2684 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
21:42:31.0320 2684 sftlist - ok
21:42:31.0351 2684 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:42:31.0382 2684 Sftplay - ok
21:42:31.0398 2684 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:42:31.0429 2684 Sftredir - ok
21:42:31.0460 2684 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:42:31.0476 2684 Sftvol - ok
21:42:31.0523 2684 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
21:42:31.0554 2684 sftvsa - ok
21:42:31.0616 2684 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:42:31.0694 2684 SharedAccess - ok
21:42:31.0726 2684 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:42:31.0819 2684 ShellHWDetection - ok
21:42:31.0850 2684 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:42:31.0882 2684 sisagp - ok
21:42:31.0913 2684 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:42:31.0944 2684 SiSRaid2 - ok
21:42:31.0960 2684 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:42:32.0006 2684 SiSRaid4 - ok
21:42:32.0038 2684 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:42:32.0116 2684 Smb - ok
21:42:32.0162 2684 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:42:32.0225 2684 SNMPTRAP - ok
21:42:32.0240 2684 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:42:32.0272 2684 spldr - ok
21:42:32.0334 2684 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
21:42:32.0428 2684 Spooler - ok
21:42:32.0552 2684 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
21:42:32.0755 2684 sppsvc - ok
21:42:32.0787 2684 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:42:32.0880 2684 sppuinotify - ok
21:42:32.0943 2684 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:42:33.0021 2684 srv - ok
21:42:33.0052 2684 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:42:33.0099 2684 srv2 - ok
21:42:33.0130 2684 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:42:33.0177 2684 srvnet - ok
21:42:33.0223 2684 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:42:33.0333 2684 SSDPSRV - ok
21:42:33.0348 2684 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:42:33.0442 2684 SstpSvc - ok
21:42:33.0489 2684 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:42:33.0520 2684 stexstor - ok
21:42:33.0567 2684 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
21:42:33.0660 2684 StiSvc - ok
21:42:33.0691 2684 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:42:33.0723 2684 swenum - ok
21:42:33.0754 2684 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:42:33.0863 2684 swprv - ok
21:42:33.0925 2684 [ 5CDD124913E91C7F79B4D5CAE1C7C4DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:42:33.0972 2684 SynTP - ok
21:42:34.0035 2684 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
21:42:34.0159 2684 SysMain - ok
21:42:34.0175 2684 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:42:34.0237 2684 TabletInputService - ok
21:42:34.0284 2684 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
21:42:34.0362 2684 TapiSrv - ok
21:42:34.0393 2684 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:42:34.0503 2684 TBS - ok
21:42:34.0596 2684 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:42:34.0705 2684 Tcpip - ok
21:42:34.0768 2684 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:42:34.0846 2684 TCPIP6 - ok
21:42:34.0893 2684 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:42:34.0986 2684 tcpipreg - ok
21:42:35.0033 2684 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:42:35.0080 2684 TDPIPE - ok
21:42:35.0111 2684 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:42:35.0158 2684 TDTCP - ok
21:42:35.0205 2684 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:42:35.0298 2684 tdx - ok
21:42:35.0314 2684 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:42:35.0345 2684 TermDD - ok
21:42:35.0392 2684 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
21:42:35.0532 2684 TermService - ok
21:42:35.0563 2684 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:42:35.0641 2684 Themes - ok
21:42:35.0673 2684 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:42:35.0751 2684 THREADORDER - ok
21:42:35.0782 2684 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:42:35.0891 2684 TrkWks - ok
21:42:35.0938 2684 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:42:36.0000 2684 TrustedInstaller - ok
21:42:36.0031 2684 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:42:36.0125 2684 tssecsrv - ok
21:42:36.0187 2684 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:42:36.0281 2684 tunnel - ok
21:42:36.0328 2684 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:42:36.0359 2684 uagp35 - ok
21:42:36.0375 2684 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:42:36.0453 2684 udfs - ok
21:42:36.0499 2684 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:42:36.0577 2684 UI0Detect - ok
21:42:36.0609 2684 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:42:36.0640 2684 uliagpkx - ok
21:42:36.0687 2684 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:42:36.0718 2684 umbus - ok
21:42:36.0733 2684 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
21:42:36.0780 2684 UmPass - ok
21:42:36.0874 2684 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:42:36.0921 2684 Updater Service - ok
21:42:36.0952 2684 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:42:37.0045 2684 upnphost - ok
21:42:37.0108 2684 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:42:37.0170 2684 usbccgp - ok
21:42:37.0201 2684 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:42:37.0248 2684 usbcir - ok
21:42:37.0279 2684 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:42:37.0326 2684 usbehci - ok
21:42:37.0389 2684 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:42:37.0467 2684 usbhub - ok
21:42:37.0513 2684 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:42:37.0560 2684 usbohci - ok
21:42:37.0607 2684 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:42:37.0654 2684 usbprint - ok
21:42:37.0701 2684 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:42:37.0825 2684 USBSTOR - ok
21:42:37.0857 2684 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:42:37.0903 2684 usbuhci - ok
21:42:37.0919 2684 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:42:38.0044 2684 usbvideo - ok
21:42:38.0091 2684 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:42:38.0153 2684 UxSms - ok
21:42:38.0184 2684 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
21:42:38.0215 2684 VaultSvc - ok
21:42:38.0262 2684 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:42:38.0293 2684 vdrvroot - ok
21:42:38.0325 2684 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
21:42:38.0418 2684 vds - ok
21:42:38.0449 2684 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:42:38.0512 2684 vga - ok
21:42:38.0543 2684 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:42:38.0652 2684 VgaSave - ok
21:42:38.0668 2684 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:42:38.0715 2684 vhdmp - ok
21:42:38.0746 2684 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:42:38.0777 2684 viaagp - ok
21:42:38.0793 2684 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:42:38.0855 2684 ViaC7 - ok
21:42:38.0871 2684 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:42:38.0902 2684 viaide - ok
21:42:38.0933 2684 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:42:38.0964 2684 volmgr - ok
21:42:38.0995 2684 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:42:39.0042 2684 volmgrx - ok
21:42:39.0073 2684 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:42:39.0120 2684 volsnap - ok
21:42:39.0167 2684 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:42:39.0198 2684 vsmraid - ok
21:42:39.0276 2684 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
21:42:39.0370 2684 VSS - ok
21:42:39.0385 2684 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:42:39.0432 2684 vwifibus - ok
21:42:39.0463 2684 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:42:39.0510 2684 vwififlt - ok
21:42:39.0526 2684 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:42:39.0588 2684 vwifimp - ok
21:42:39.0651 2684 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:42:39.0775 2684 W32Time - ok
21:42:39.0822 2684 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:42:39.0885 2684 WacomPen - ok
21:42:39.0916 2684 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:42:40.0009 2684 WANARP - ok
21:42:40.0009 2684 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:42:40.0087 2684 Wanarpv6 - ok
21:42:40.0165 2684 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
21:42:40.0368 2684 wbengine - ok
21:42:40.0384 2684 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:42:40.0446 2684 WbioSrvc - ok
21:42:40.0509 2684 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:42:40.0587 2684 wcncsvc - ok
21:42:40.0618 2684 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:42:40.0758 2684 WcsPlugInService - ok
21:42:40.0789 2684 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
21:42:40.0836 2684 Wd - ok
21:42:40.0899 2684 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:42:40.0961 2684 Wdf01000 - ok
21:42:40.0992 2684 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:42:41.0039 2684 WdiServiceHost - ok
21:42:41.0055 2684 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:42:41.0101 2684 WdiSystemHost - ok
21:42:41.0148 2684 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
21:42:41.0211 2684 WebClient - ok
21:42:41.0242 2684 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:42:41.0335 2684 Wecsvc - ok
21:42:41.0367 2684 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:42:41.0445 2684 wercplsupport - ok
21:42:41.0476 2684 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:42:41.0554 2684 WerSvc - ok
21:42:41.0601 2684 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:42:41.0694 2684 WfpLwf - ok
21:42:41.0725 2684 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:42:41.0757 2684 WIMMount - ok
21:42:41.0819 2684 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:42:41.0944 2684 WinDefend - ok
21:42:41.0959 2684 WinHttpAutoProxySvc - ok
21:42:42.0069 2684 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:42:42.0209 2684 Winmgmt - ok
21:42:42.0287 2684 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
21:42:42.0427 2684 WinRM - ok
21:42:42.0505 2684 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:42:42.0552 2684 WinUsb - ok
21:42:42.0630 2684 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:42:42.0755 2684 Wlansvc - ok
21:42:42.0802 2684 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:42:42.0880 2684 WmiAcpi - ok
21:42:42.0942 2684 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:42:43.0005 2684 wmiApSrv - ok
21:42:43.0098 2684 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:42:43.0301 2684 WMPNetworkSvc - ok
21:42:43.0332 2684 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:42:43.0441 2684 WPCSvc - ok
21:42:43.0473 2684 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:42:43.0551 2684 WPDBusEnum - ok
21:42:43.0597 2684 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:42:43.0660 2684 ws2ifsl - ok
21:42:43.0707 2684 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
21:42:43.0769 2684 wscsvc - ok
21:42:43.0769 2684 WSearch - ok
21:42:43.0894 2684 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:42:44.0034 2684 wuauserv - ok
21:42:44.0081 2684 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:42:44.0221 2684 WudfPf - ok
21:42:44.0253 2684 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:42:44.0315 2684 WUDFRd - ok
21:42:44.0377 2684 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:42:44.0424 2684 wudfsvc - ok
21:42:44.0455 2684 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:42:44.0533 2684 WwanSvc - ok
21:42:44.0565 2684 ================ Scan global ===============================
21:42:44.0627 2684 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
21:42:44.0674 2684 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
21:42:44.0705 2684 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
21:42:44.0736 2684 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:42:44.0767 2684 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:42:44.0783 2684 [Global] - ok
21:42:44.0783 2684 ================ Scan MBR ==================================
21:42:44.0799 2684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:42:47.0076 2684 \Device\Harddisk0\DR0 - ok
21:42:47.0092 2684 ================ Scan VBR ==================================
21:42:47.0107 2684 [ B613266FA1C310BA666B3E60A59164DA ] \Device\Harddisk0\DR0\Partition1
21:42:47.0107 2684 \Device\Harddisk0\DR0\Partition1 - ok
21:42:47.0123 2684 [ 76A09B0C893BDDA707953272B3C5D682 ] \Device\Harddisk0\DR0\Partition2
21:42:47.0123 2684 \Device\Harddisk0\DR0\Partition2 - ok
21:42:47.0139 2684 [ D40A08040CF20FE135E73608DA8A692A ] \Device\Harddisk0\DR0\Partition3
21:42:47.0139 2684 \Device\Harddisk0\DR0\Partition3 - ok
21:42:47.0154 2684 ============================================================
21:42:47.0154 2684 Scan finished
21:42:47.0154 2684 ============================================================
21:42:47.0185 5676 Detected object count: 0
21:42:47.0185 5676 Actual detected object count: 0
21:43:36.0700 5492 Deinitialize success
Vielen Dank nochmal und schönes Restwochenende! |
|
03.03.2013, 22:01
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Dann bitte jetzt CF ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 11:36
| #9 |
| | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hi, hier das Log von Combofix [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-03-04.01 - rudinetbook 04.03.2013 10:57:01.1.4 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.1013.320 [GMT 1:00]
ausgeführt von:: c:\users\rudinetbook\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\programdata\FullRemove.exe
c:\windows\system32\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-04 bis 2013-03-04 ))))))))))))))))))))))))))))))
.
.
2013-03-04 10:26 . 2013-03-04 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-04 10:26 . 2013-03-04 10:26 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
2013-03-02 12:02 . 2013-03-02 12:02 -------- d-----w- c:\programdata\Malwarebytes
2013-03-01 14:12 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D62C7120-F480-4D46-BB95-AD0F7A94B6DC}\mpengine.dll
2013-02-14 20:21 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 13:59 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 13:59 . 2013-01-05 05:02 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 13:59 . 2013-01-05 05:02 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 13:59 . 2013-01-04 04:55 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 13:59 . 2013-01-04 04:55 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 13:58 . 2013-01-04 04:46 293376 ----a-w- c:\windows\system32\KernelBase.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2011-02-17 21:05 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-30 09:02 . 2012-12-30 09:02 0 ----a-w- c:\windows\system32\sho24.tmp
2012-12-16 14:25 . 2012-12-26 21:23 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-26 21:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 05:04 . 2013-01-09 18:35 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57 . 2013-01-09 18:35 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 03:21 . 2013-01-09 18:35 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 18:35 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 18:35 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:21 . 2013-01-09 18:35 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:21 . 2013-01-09 18:35 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:21 . 2013-01-09 18:35 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 18:35 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:21 . 2013-01-09 18:35 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 18:35 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:21 . 2013-01-09 18:35 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:21 . 2013-01-09 18:35 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-09 18:35 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 18:35 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:21 . 2013-01-09 18:35 15360 ----a-w- c:\windows\system32\djctq.rs
2012-04-03 05:10 . 2012-04-03 05:10 3993600 ----a-w- c:\program files\GUTB029.tmp
2012-04-02 17:16 . 2012-04-02 17:16 3993600 ----a-w- c:\program files\GUT7924.tmp
2013-02-27 18:18 . 2013-02-27 18:17 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rudinetbook\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rudinetbook\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\rudinetbook\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-11-30 489848]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\rudinetbook\Desktop\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\users\rudinetbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\rudinetbook\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-8-5 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 33550469
*NewlyCreated* - ASWMBR
*NewlyCreated* - KXRIYPOC
*Deregistered* - 33550469
*Deregistered* - aswMBR
*Deregistered* - kxriypoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 20:27]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 20:27]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-821116743-1221361796-3835700242-1000Core.job
- c:\users\rudinetbook\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 19:33]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-821116743-1221361796-3835700242-1000UA.job
- c:\users\rudinetbook\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 19:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\rudinetbook\AppData\Roaming\Mozilla\Firefox\Profiles\bj1uu1bj.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-04 11:31:36
ComboFix-quarantined-files.txt 2013-03-04 10:31
.
Vor Suchlauf: 14 Verzeichnis(se), 199.146.565.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 199.634.067.456 Bytes frei
.
- - End Of File - - F225BBFBEEB857935D90B5700584C36E
|
|
04.03.2013, 11:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 11:54
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 13:24
| #12 |
| | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hi, habe jetzt alle drei Programme durch. Hier die Logs: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows 7 Starter x86
Ran by rudinetbook on 04.03.2013 at 12:08:25,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
~~~ FireFox
Successfully deleted the following from C:\Users\rudinetbook\AppData\Roaming\mozilla\firefox\profiles\bj1uu1bj.default\prefs.js
user_pref("google.toolbar.button_option.cached.gtbSearchBooks", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBooks\" t
user_pref("google.toolbar.button_option.cached.gtbSearchCalendar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchCalend
user_pref("google.toolbar.button_option.cached.gtbSearchDocs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchDocs\" too
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbSearchVideo", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchVideo\" t
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:text/html;charset=UTF-8;base64,CgoKCgo8IURPQ1RZUEUgaHRtbCBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBUcmFuc2l0aW9uYWwvL0VOIgogICAgIC
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.03.2013 at 12:15:11,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 04/03/2013 um 12:54:53 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Starter (32 bits)
# Benutzer : rudinetbook - RUDINETBOOK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\rudinetbook\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\rudinetbook\AppData\Roaming\Mozilla\Firefox\Profiles\bj1uu1bj.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Brigitte\AppData\Roaming\Mozilla\Firefox\Profiles\zhhcisx6.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\rudinetbook\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1009 octets] - [04/03/2013 12:54:53]
########## EOF - C:\AdwCleaner[S1].txt - [1069 octets] ##########
Und hier die beiden von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.03.2013 13:00:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rudinetbook\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 240,97 Mb Available Physical Memory | 23,79% Memory free 1,99 Gb Paging File | 1,24 Gb Available in Paging File | 62,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 186,20 Gb Free Space | 86,29% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,64 Gb Free Space | 65,99% Space Free | Partition Type: FAT32 Computer Name: RUDINETBOOK-PC | User Name: rudinetbook | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\rudinetbook\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\rudinetbook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Acer\Android Manager\DEU.dll () MOD - C:\Programme\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\RUDINE~1\AppData\Local\Temp\catchme.sys File not found DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.) DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50211p025l0474ww85w4792u492 IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE419 IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rudinetbook\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rudinetbook\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 19:18:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 19:17:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.02 10:53:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 19:18:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 19:17:57 | 000,000,000 | ---D | M] [2011.02.14 21:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Extensions [2011.02.14 21:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 17:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Firefox\Profiles\bj1uu1bj.default\extensions [2011.02.17 21:04:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\rudinetbook\AppData\Roaming\mozilla\Firefox\Profiles\bj1uu1bj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013.02.27 19:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.27 19:18:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.08 20:05:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.09 21:02:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.08 20:05:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.08 20:05:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.08 20:05:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.08 20:05:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rudinetbook\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\rudinetbook\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rudinetbook\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2013.03.04 11:26:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - Startup: C:\Users\rudinetbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rudinetbook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{881976E8-CB3D-467A-98C2-E5D4EC2CE912}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6BA12F-7069-493E-9F59-F848CD329FE2}: DhcpNameServer = 10.2.15.1 213.131.232.32 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 12:08:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.04 12:07:43 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.04 12:06:24 | 000,547,601 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\rudinetbook\Desktop\JRT.exe [2013.03.04 11:31:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.04 10:53:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.04 10:53:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.04 10:53:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.04 10:52:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.04 10:52:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.04 10:47:42 | 005,036,013 | R--- | C] (Swearware) -- C:\Users\rudinetbook\Desktop\ComboFix.exe [2013.03.03 21:39:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rudinetbook\Desktop\tdsskiller.exe [2013.03.03 20:42:55 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\rudinetbook\Desktop\aswMBR.exe [2013.03.02 13:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.02 13:00:56 | 000,000,000 | ---D | C] -- C:\Users\rudinetbook\Desktop\mbar [2013.03.01 17:28:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rudinetbook\Desktop\OTL.exe [2013.02.27 19:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.14 14:59:18 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 14:59:14 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.14 14:59:14 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 14:59:00 | 000,187,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.14 14:57:59 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.02.14 14:57:59 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.14 14:57:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.02.14 14:57:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.14 14:57:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.02.14 14:57:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.04 13:05:33 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 13:05:33 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 13:04:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.04 13:03:02 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821116743-1221361796-3835700242-1000UA.job [2013.03.04 12:58:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 12:58:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 12:57:51 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 12:54:11 | 000,594,019 | ---- | M] () -- C:\Users\rudinetbook\Desktop\adwcleaner.exe [2013.03.04 12:06:46 | 000,547,601 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\rudinetbook\Desktop\JRT.exe [2013.03.04 11:47:43 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013.03.04 11:26:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.04 10:48:57 | 005,036,013 | R--- | M] (Swearware) -- C:\Users\rudinetbook\Desktop\ComboFix.exe [2013.03.03 21:39:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rudinetbook\Desktop\tdsskiller.exe [2013.03.03 21:38:02 | 000,000,512 | ---- | M] () -- C:\Users\rudinetbook\Desktop\MBR.dat [2013.03.03 20:44:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\rudinetbook\Desktop\aswMBR.exe [2013.03.03 19:24:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-821116743-1221361796-3835700242-1000Core.job [2013.03.02 11:20:27 | 000,002,360 | ---- | M] () -- C:\Users\rudinetbook\Desktop\Google Chrome.lnk [2013.03.01 17:28:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rudinetbook\Desktop\OTL.exe [2013.02.14 21:28:39 | 000,261,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.02 18:27:13 | 000,001,021 | ---- | M] () -- C:\Users\rudinetbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.02 18:26:41 | 000,001,001 | ---- | M] () -- C:\Users\rudinetbook\Desktop\Dropbox.lnk [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.04 12:53:49 | 000,594,019 | ---- | C] () -- C:\Users\rudinetbook\Desktop\adwcleaner.exe [2013.03.04 11:47:43 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013.03.04 10:53:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.04 10:53:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.04 10:53:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.04 10:53:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.04 10:53:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.03 21:38:02 | 000,000,512 | ---- | C] () -- C:\Users\rudinetbook\Desktop\MBR.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1A60DE96 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.03.2013 13:00:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rudinetbook\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,09 Mb Total Physical Memory | 240,97 Mb Available Physical Memory | 23,79% Memory free
1,99 Gb Paging File | 1,24 Gb Available in Paging File | 62,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 186,20 Gb Free Space | 86,29% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,64 Gb Free Space | 65,99% Space Free | Partition Type: FAT32
Computer Name: RUDINETBOOK-PC | User Name: rudinetbook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA693FB-5137-42F1-B7CA-0E58D81C7551}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7C26F303-2FEA-4921-84D5-C7AE2EAD14E4}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10EB0A7B-F9AB-4A98-82B0-8F1C240C0E15}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{21D4B537-C381-4C5F-9E7A-EA1AD7650ACC}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{35BD60D5-2EFB-4E1F-A997-500E75560558}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7098A7F1-447D-4AF2-8608-2560B00F8B2A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{715DD107-D3A3-4904-AB41-D98A1CEB647D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{721F80CE-5D2C-4411-8710-70195139AEC7}" = protocol=6 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
"{C421805D-9362-42DA-A23C-454AB6D6A33D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C935BCB9-428B-4FE7-A9B5-36D77E27F965}" = protocol=17 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
"{DB2C920A-9EBD-4CB7-B64C-6CB3EBEF28B1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{8075FE8C-8FEC-448E-8790-073E21671DFC}C:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5D6BB1B2-00C3-4AC2-862B-559C128F67E0}C:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rudinetbook\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-821116743-1221361796-3835700242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 04.03.2013 07:52:47 | Computer Name = rudinetbook-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Viele Grüße |
|
04.03.2013, 13:47
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 17:23
| #14 |
| | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Hört sich gut an  hier die beiden Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.04.05 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 rudinetbook :: RUDINETBOOK-PC [Administrator] 04.03.2013 14:31:27 mbam-log-2013-03-04 (14-31-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218776 Laufzeit: 7 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4dc1ebc7e08c7441bff1bccc5a5902f0
# engine=13293
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-04 04:00:42
# local_time=2013-03-04 05:00:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 14644 114044033 0 0
# scanned=125351
# found=0
# cleaned=0
# scan_time=7045
|
|
04.03.2013, 19:06
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht |
| antivirenprogramm, beendet, befehl, daten, favoriten, firefox, funktioniert, geladen, gelöscht, installation, installiert, interne, internet, nicht mehr, programm, reaktion, schließe, setup, starte, starten, strg, systemwiederherstellung, vater, weiterhelfen, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
