|
Log-Analyse und Auswertung: Offene Ports nach Netstat -a ScanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.03.2013, 17:03 | #1 |
| Offene Ports nach Netstat -a Scan Hallo, mein Avira free hatte 4 Viren gefunden und in Quarantäne verschoben: Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AV --> hw.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AW --> m.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.AX --> vcs.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.MD.2 Jetzt hatte ich letzte Woche eine Netzwerkschulung und der Referent sagte mir, ich sollte mal ein Portscan durchführen. Habe ich mit Netstat -a gemacht, aber leider kann ich nicht so viel damit anfangen. Ich habe Angst, das irgendwie noch was bei mir drauf ist. Ich habe mich im Internet etwas schlau machen wollen und bin dabei auf euch gestoßen. Ich bin nach eurer Anleitung vorgegangen und habe Defogger, Otl und GMER Scan gemacht. Ich poste die hier mal, da ich damit nicht viel anfangen kann. defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:51 on 16/03/2013 (Guido) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- dann Otl: OTL logfile created on: 16.03.2013 15:52:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Guido\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,85% Memory free 6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 78,74 Gb Free Space | 55,20% Space Free | Partition Type: NTFS Drive D: | 142,67 Gb Total Space | 89,17 Gb Free Space | 62,50% Space Free | Partition Type: NTFS Drive E: | 21,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GUIDO-PC | User Name: Guido | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.16 15:52:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Downloads\OTL.exe PRC - [2013.03.15 17:15:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.01.20 20:00:24 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 09:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.08 18:50:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:10:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.08 18:10:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:10:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:10:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.08 14:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.06.14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.17 07:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2013.03.15 17:15:46 | 003,069,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.01.20 20:00:24 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.01.13 18:20:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\SiteAdvisor\6172\SAService.exe -- (SiteAdvisor Service) SRV - File not found [Disabled | Unknown] -- -- (Lsiitofot-4) SRV - [2013.03.15 17:15:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 18:10:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.08 18:10:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 18:10:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.26 13:47:27 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.08.26 13:47:27 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.05.08 18:10:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:10:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.05.18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.05.18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.05.18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.03.02 20:20:20 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.28 09:20:05 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura) DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.10.08 10:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2008.10.08 10:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2008.10.01 10:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_8730 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{29F609BA-47B4-4D93-BBC8-2DB2370F8503}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.14.0.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.15 17:15:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.15 17:15:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.03 16:39:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.15 17:15:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.15 17:15:38 | 000,000,000 | ---D | M] [2009.03.21 23:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions [2012.10.23 18:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\x7m3dma4.default\extensions [2010.11.14 17:58:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\x7m3dma4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.23 16:30:45 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\x7m3dma4.default\extensions\toolbar@ask.com [2013.03.11 17:13:33 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-1.xml [2009.04.25 07:54:28 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-2.xml [2009.04.30 17:28:52 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-3.xml [2009.06.17 17:54:32 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-4.xml [2009.09.20 17:05:50 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-5.xml [2010.06.01 16:31:39 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-6.xml [2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin.xml [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.15 17:15:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.15 17:15:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.26 17:32:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.07 16:19:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.26 17:32:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 17:32:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 17:32:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 17:32:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Guido\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAFED2A-826B-479E-B6A9-4636C777D5EA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E505B816-D8C6-4ED2-9856-7F27E58C85BC}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E96E6466-AF0C-47B1-B8B7-3A900CB30458}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Guido\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Guido\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{583ad8dd-6d5f-11e2-93e8-001d72ecb22a}\Shell - "" = AutoRun O33 - MountPoints2\{583ad8dd-6d5f-11e2-93e8-001d72ecb22a}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{583ad8ed-6d5f-11e2-93e8-001d72ecb22a}\Shell - "" = AutoRun O33 - MountPoints2\{583ad8ed-6d5f-11e2-93e8-001d72ecb22a}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{6ef6b19b-02bc-11df-890d-00216b716f82}\Shell - "" = AutoRun O33 - MountPoints2\{6ef6b19b-02bc-11df-890d-00216b716f82}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{a131cb17-7907-11e1-a00a-001d72ecb22a}\Shell - "" = AutoRun O33 - MountPoints2\{a131cb17-7907-11e1-a00a-001d72ecb22a}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{b84dbf50-48d4-11e0-a0b5-001d72ecb22a}\Shell - "" = AutoRun O33 - MountPoints2\{b84dbf50-48d4-11e0-a0b5-001d72ecb22a}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe O33 - MountPoints2\{c650ec6c-031d-11e1-82b2-001d72ecb22a}\Shell - "" = AutoRun O33 - MountPoints2\{c650ec6c-031d-11e1-82b2-001d72ecb22a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{dd040e12-a557-11df-a9bd-001d72ecb22a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.15 17:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.14 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Guido\Desktop\SuperScan ========== Files - Modified Within 30 Days ========== [2013.03.16 15:51:21 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable [2013.03.16 15:19:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.16 15:19:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.16 13:25:48 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.16 13:25:48 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.16 13:25:48 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.16 13:25:48 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.16 13:19:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.03.16 13:19:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.16 13:18:29 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys ========== Files Created - No Company Name ========== [2013.03.16 15:51:21 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.02.26 17:40:19 | 000,001,356 | ---- | C] () -- C:\Users\Guido\AppData\Local\d3d9caps.dat [2009.11.13 14:55:57 | 000,000,134 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\wklnhst.dat [2009.03.22 12:10:47 | 000,211,456 | ---- | C] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.11.20 04:37:09 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Acer GameZone Console [2011.10.16 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canneverbe Limited [2011.10.30 19:02:11 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Canon [2012.08.12 12:47:59 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dropbox [2012.09.27 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\DVDVideoSoft [2012.09.07 19:48:04 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.31 17:55:51 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\ICQ [2013.03.11 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MyPhoneExplorer [2011.06.01 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Nokia [2011.06.01 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Nokia Ovi Suite [2011.03.08 16:31:19 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\PC Suite [2012.09.02 16:32:58 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Sony [2009.11.13 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Template ========== Purity Check ========== < End of report > Und zuletzt gmer: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-16 22:36:01 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Guido\AppData\Local\Temp\fwdoqpob.sys .text ... ---- System - GMER 2.1 ---- SSDT 8C99F81F ZwTerminateProcess SSDT 8C99F87E ZwCreateSection SSDT 8C99F883 ZwSetContextThread SSDT 8C99F888 ZwRequestWaitReplyPort SSDT 8C99F88D ZwSetSecurityObject SSDT 8C99F892 ZwSystemDebugControl ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[1144] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75D0B37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL} ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 215 824BC8D8 4 Bytes [7E, F8, 99, 8C] .text ntkrnlpa.exe!KeSetEvent + 539 824BCBFC 4 Bytes [88, F8, 99, 8C] .text ntkrnlpa.exe!KeSetEvent + 56D 824BCC30 4 Bytes [83, F8, 99, 8C] .text ntkrnlpa.exe!KeSetEvent + 5D1 824BCC94 4 Bytes [8D, F8, 99, 8C] .text ntkrnlpa.exe!KeSetEvent + 619 824BCCDC 4 Bytes [92, F8, 99, 8C] ---- EOF - GMER 2.1 ---- Ich hoffe, ich habe erstmal alles richtig gemacht Vielen Dank für eure Mühe im voraus. |
17.03.2013, 17:06 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Offene Ports nach Netstat -a Scan Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
17.03.2013, 17:21 | #3 |
| Offene Ports nach Netstat -a Scan Danke schonmal und entschuldige wegen den fehlenden Code-Tags.
__________________Ich fang mal nach der Anleitung an, weiß aber noch nicht wie weit ich heute komme. Wäre dann morgen abend erst wieder da. |
17.03.2013, 17:45 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Offene Ports nach Netstat -a Scan lass bitte solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ Logfiles bitte immer in CODE-Tags posten |
17.03.2013, 18:30 | #5 |
| Offene Ports nach Netstat -a Scan OK. Ich habe die drei Scans fertig. Ich poste mal nacheinander. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.17.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Guido :: GUIDO-PC [administrator] 17.03.2013 17:28:05 mbar-log-2013-03-17 (17-28-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28838 Time elapsed: 11 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-03-17 17:46:26 ----------------------------- 17:46:26.620 OS Version: Windows 6.0.6002 Service Pack 2 17:46:26.620 Number of processors: 2 586 0x170A 17:46:26.621 ComputerName: GUIDO-PC UserName: Guido 17:47:01.511 Initialize success 17:48:04.503 AVAST engine defs: 13031700 17:48:18.183 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:48:18.189 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3 17:48:18.219 Disk 0 MBR read successfully 17:48:18.223 Disk 0 MBR scan 17:48:18.249 Disk 0 unknown MBR code 17:48:18.267 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 17:48:18.302 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146074 MB offset 20482048 17:48:18.327 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146097 MB offset 319641600 17:48:18.427 Disk 0 Partition 4 00 12 Compaq diag NTFS 3072 MB offset 618848256 17:48:18.437 Disk 0 scanning sectors +625139712 17:48:18.539 Disk 0 scanning C:\Windows\system32\drivers 17:48:36.422 Service scanning 17:49:02.322 Modules scanning 17:49:07.189 Disk 0 trace - called modules: 17:49:07.226 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 17:49:07.235 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861ce848] 17:49:07.244 3 CLASSPNP.SYS[8a9a28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859478d8] 17:49:09.877 AVAST engine scan C:\Windows 17:49:14.735 AVAST engine scan C:\Windows\system32 17:53:06.694 AVAST engine scan C:\Windows\system32\drivers 17:53:26.399 AVAST engine scan C:\Users\Guido 18:03:49.501 AVAST engine scan C:\ProgramData 18:05:17.802 Scan finished successfully 18:12:51.660 Disk 0 MBR has been saved successfully to "C:\Users\Guido\Downloads\MBR.dat" 18:12:51.670 The log file has been saved successfully to "C:\Users\Guido\Downloads\aswMBR.txt" Code:
ATTFilter 18:15:06.0606 5120 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:15:06.0711 5120 ============================================================ 18:15:06.0712 5120 Current date / time: 2013/03/17 18:15:06.0711 18:15:06.0712 5120 SystemInfo: 18:15:06.0712 5120 18:15:06.0712 5120 OS Version: 6.0.6002 ServicePack: 2.0 18:15:06.0712 5120 Product type: Workstation 18:15:06.0712 5120 ComputerName: GUIDO-PC 18:15:06.0717 5120 UserName: Guido 18:15:06.0718 5120 Windows directory: C:\Windows 18:15:06.0718 5120 System windows directory: C:\Windows 18:15:06.0718 5120 Processor architecture: Intel x86 18:15:06.0718 5120 Number of processors: 2 18:15:06.0718 5120 Page size: 0x1000 18:15:06.0718 5120 Boot type: Normal boot 18:15:06.0718 5120 ============================================================ 18:15:07.0890 5120 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 18:15:07.0892 5120 ============================================================ 18:15:07.0892 5120 \Device\Harddisk0\DR0: 18:15:07.0892 5120 MBR partitions: 18:15:07.0892 5120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x11D4D000 18:15:07.0892 5120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x130D5800, BlocksNum 0x11D58800 18:15:07.0892 5120 ============================================================ 18:15:07.0926 5120 C: <-> \Device\Harddisk0\DR0\Partition1 18:15:07.0966 5120 D: <-> \Device\Harddisk0\DR0\Partition2 18:15:07.0966 5120 ============================================================ 18:15:07.0967 5120 Initialize success 18:15:07.0967 5120 ============================================================ 18:16:12.0048 4740 ============================================================ 18:16:12.0048 4740 Scan started 18:16:12.0048 4740 Mode: Manual; SigCheck; TDLFS; 18:16:12.0048 4740 ============================================================ 18:16:12.0467 4740 ================ Scan system memory ======================== 18:16:12.0467 4740 System memory - ok 18:16:12.0467 4740 ================ Scan services ============================= 18:16:12.0573 4740 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 18:16:12.0670 4740 AAV UpdateService - ok 18:16:12.0862 4740 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 18:16:12.0886 4740 ACPI - ok 18:16:13.0001 4740 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 18:16:13.0032 4740 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 18:16:13.0032 4740 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 18:16:13.0106 4740 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 18:16:13.0120 4740 AdobeARMservice - ok 18:16:13.0191 4740 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:16:13.0219 4740 adp94xx - ok 18:16:13.0300 4740 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:16:13.0321 4740 adpahci - ok 18:16:13.0344 4740 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 18:16:13.0359 4740 adpu160m - ok 18:16:13.0377 4740 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:16:13.0392 4740 adpu320 - ok 18:16:13.0438 4740 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:16:13.0541 4740 AeLookupSvc - ok 18:16:13.0595 4740 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 18:16:13.0655 4740 AFD - ok 18:16:13.0689 4740 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:16:13.0703 4740 agp440 - ok 18:16:13.0738 4740 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 18:16:13.0752 4740 aic78xx - ok 18:16:13.0784 4740 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 18:16:13.0914 4740 ALG - ok 18:16:13.0938 4740 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 18:16:13.0951 4740 aliide - ok 18:16:13.0981 4740 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 18:16:13.0995 4740 amdagp - ok 18:16:14.0022 4740 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 18:16:14.0036 4740 amdide - ok 18:16:14.0087 4740 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 18:16:14.0141 4740 AmdK7 - ok 18:16:14.0153 4740 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:16:14.0194 4740 AmdK8 - ok 18:16:14.0334 4740 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 18:16:14.0346 4740 AntiVirSchedulerService - ok 18:16:14.0396 4740 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 18:16:14.0409 4740 AntiVirService - ok 18:16:14.0430 4740 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 18:16:14.0452 4740 AntiVirWebService - ok 18:16:14.0518 4740 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 18:16:14.0583 4740 Appinfo - ok 18:16:14.0609 4740 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 18:16:14.0623 4740 arc - ok 18:16:14.0646 4740 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:16:14.0660 4740 arcsas - ok 18:16:14.0696 4740 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:16:14.0745 4740 AsyncMac - ok 18:16:14.0800 4740 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 18:16:14.0813 4740 atapi - ok 18:16:14.0857 4740 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:16:14.0885 4740 AudioEndpointBuilder - ok 18:16:14.0901 4740 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 18:16:14.0925 4740 Audiosrv - ok 18:16:14.0945 4740 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 18:16:14.0963 4740 avgntflt - ok 18:16:14.0999 4740 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 18:16:15.0017 4740 avipbb - ok 18:16:15.0029 4740 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 18:16:15.0041 4740 avkmgr - ok 18:16:15.0087 4740 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaura C:\Windows\system32\DRIVERS\avmaura.sys 18:16:15.0136 4740 avmaura - ok 18:16:15.0175 4740 [ 6FB43F0DADB3FDC287D080C19666AF8D ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 18:16:15.0265 4740 b57nd60x - ok 18:16:15.0287 4740 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 18:16:15.0314 4740 Beep - ok 18:16:15.0382 4740 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 18:16:15.0420 4740 BFE - ok 18:16:15.0486 4740 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 18:16:15.0603 4740 BITS - ok 18:16:15.0619 4740 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 18:16:15.0658 4740 blbdrive - ok 18:16:15.0689 4740 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:16:15.0724 4740 bowser - ok 18:16:15.0761 4740 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 18:16:15.0787 4740 BrFiltLo - ok 18:16:15.0826 4740 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 18:16:15.0893 4740 BrFiltUp - ok 18:16:15.0924 4740 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 18:16:15.0976 4740 Browser - ok 18:16:16.0002 4740 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 18:16:16.0201 4740 Brserid - ok 18:16:16.0244 4740 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 18:16:16.0300 4740 BrSerWdm - ok 18:16:16.0325 4740 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 18:16:16.0390 4740 BrUsbMdm - ok 18:16:16.0405 4740 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 18:16:16.0459 4740 BrUsbSer - ok 18:16:16.0473 4740 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:16:16.0538 4740 BTHMODEM - ok 18:16:16.0593 4740 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 18:16:16.0612 4740 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning 18:16:16.0612 4740 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1) 18:16:16.0634 4740 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:16:16.0668 4740 cdfs - ok 18:16:16.0702 4740 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:16:16.0731 4740 cdrom - ok 18:16:16.0771 4740 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 18:16:16.0809 4740 CertPropSvc - ok 18:16:16.0844 4740 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 18:16:16.0884 4740 circlass - ok 18:16:16.0921 4740 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 18:16:16.0939 4740 CLFS - ok 18:16:16.0993 4740 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:16:17.0007 4740 clr_optimization_v2.0.50727_32 - ok 18:16:17.0114 4740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:16:17.0127 4740 clr_optimization_v4.0.30319_32 - ok 18:16:17.0167 4740 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:16:17.0205 4740 CmBatt - ok 18:16:17.0230 4740 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:16:17.0244 4740 cmdide - ok 18:16:17.0263 4740 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:16:17.0277 4740 Compbatt - ok 18:16:17.0282 4740 COMSysApp - ok 18:16:17.0290 4740 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:16:17.0304 4740 crcdisk - ok 18:16:17.0331 4740 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 18:16:17.0393 4740 Crusoe - ok 18:16:17.0435 4740 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:16:17.0497 4740 CryptSvc - ok 18:16:17.0565 4740 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:16:17.0650 4740 DcomLaunch - ok 18:16:17.0687 4740 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:16:17.0719 4740 DfsC - ok 18:16:17.0809 4740 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 18:16:17.0966 4740 DFSR - ok 18:16:18.0031 4740 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 18:16:18.0092 4740 Dhcp - ok 18:16:18.0128 4740 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 18:16:18.0143 4740 disk - ok 18:16:18.0191 4740 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 18:16:18.0202 4740 DKbFltr - ok 18:16:18.0247 4740 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:16:18.0283 4740 Dnscache - ok 18:16:18.0312 4740 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:16:18.0343 4740 dot3svc - ok 18:16:18.0373 4740 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 18:16:18.0410 4740 DPS - ok 18:16:18.0429 4740 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:16:18.0461 4740 drmkaud - ok 18:16:18.0510 4740 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:16:18.0554 4740 DXGKrnl - ok 18:16:18.0595 4740 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 18:16:18.0643 4740 E1G60 - ok 18:16:18.0673 4740 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 18:16:18.0710 4740 EapHost - ok 18:16:18.0767 4740 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 18:16:18.0784 4740 Ecache - ok 18:16:18.0939 4740 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 18:16:18.0958 4740 eDataSecurity Service - ok 18:16:18.0990 4740 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:16:19.0024 4740 ehRecvr - ok 18:16:19.0049 4740 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 18:16:19.0079 4740 ehSched - ok 18:16:19.0092 4740 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 18:16:19.0117 4740 ehstart - ok 18:16:19.0158 4740 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:16:19.0183 4740 elxstor - ok 18:16:19.0257 4740 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 18:16:19.0313 4740 EMDMgmt - ok 18:16:19.0355 4740 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:16:19.0392 4740 ErrDev - ok 18:16:19.0467 4740 [ F25247D0E011A643EE60052CE23BE05E ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 18:16:19.0485 4740 ETService ( UnsignedFile.Multi.Generic ) - warning 18:16:19.0485 4740 ETService - detected UnsignedFile.Multi.Generic (1) 18:16:19.0522 4740 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 18:16:19.0561 4740 EventSystem - ok 18:16:19.0653 4740 [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 18:16:19.0732 4740 EvtEng ( UnsignedFile.Multi.Generic ) - warning 18:16:19.0732 4740 EvtEng - detected UnsignedFile.Multi.Generic (1) 18:16:19.0780 4740 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 18:16:19.0817 4740 exfat - ok 18:16:19.0875 4740 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:16:19.0898 4740 fastfat - ok 18:16:19.0940 4740 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:16:19.0982 4740 fdc - ok 18:16:20.0007 4740 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 18:16:20.0033 4740 fdPHost - ok 18:16:20.0040 4740 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 18:16:20.0086 4740 FDResPub - ok 18:16:20.0123 4740 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:16:20.0137 4740 FileInfo - ok 18:16:20.0151 4740 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:16:20.0189 4740 Filetrace - ok 18:16:20.0215 4740 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:16:20.0262 4740 flpydisk - ok 18:16:20.0293 4740 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:16:20.0311 4740 FltMgr - ok 18:16:20.0385 4740 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 18:16:20.0446 4740 FontCache - ok 18:16:20.0549 4740 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:16:20.0561 4740 FontCache3.0.0.0 - ok 18:16:20.0588 4740 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:16:20.0625 4740 Fs_Rec - ok 18:16:20.0689 4740 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:16:20.0703 4740 gagp30kx - ok 18:16:20.0762 4740 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys 18:16:20.0772 4740 ggflt - ok 18:16:20.0832 4740 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys 18:16:20.0842 4740 ggsemc - ok 18:16:20.0877 4740 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 18:16:20.0960 4740 gpsvc - ok 18:16:21.0006 4740 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:16:21.0069 4740 HdAudAddService - ok 18:16:21.0132 4740 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:16:21.0182 4740 HDAudBus - ok 18:16:21.0209 4740 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:16:21.0269 4740 HidBth - ok 18:16:21.0290 4740 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 18:16:21.0352 4740 HidIr - ok 18:16:21.0386 4740 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 18:16:21.0418 4740 hidserv - ok 18:16:21.0446 4740 [ 7F7E5E98CEFED8A10F7E56810EA7B6DF ] hidshim C:\Windows\system32\DRIVERS\hidshim.sys 18:16:21.0498 4740 hidshim - ok 18:16:21.0538 4740 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:16:21.0586 4740 HidUsb - ok 18:16:21.0643 4740 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:16:21.0676 4740 hkmsvc - ok 18:16:21.0688 4740 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 18:16:21.0702 4740 HpCISSs - ok 18:16:21.0735 4740 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 18:16:21.0781 4740 HSFHWAZL - ok 18:16:21.0896 4740 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 18:16:22.0020 4740 HSF_DPV - ok 18:16:22.0057 4740 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 18:16:22.0070 4740 HSXHWAZL - ok 18:16:22.0113 4740 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:16:22.0175 4740 HTTP - ok 18:16:22.0289 4740 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 18:16:22.0302 4740 i2omp - ok 18:16:22.0347 4740 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 18:16:22.0376 4740 i8042prt - ok 18:16:22.0405 4740 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 18:16:22.0424 4740 iaStorV - ok 18:16:22.0472 4740 [ A4E43A7AB1202356BEBEB6B798F15488 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe 18:16:22.0487 4740 ICQ Service - ok 18:16:22.0570 4740 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:16:22.0631 4740 idsvc - ok 18:16:22.0654 4740 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:16:22.0667 4740 iirsp - ok 18:16:22.0708 4740 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 18:16:22.0749 4740 IKEEXT - ok 18:16:22.0822 4740 [ 58FF11C95C3681C9250914521CB9F036 ] int15 C:\Windows\system32\drivers\int15.sys 18:16:22.0833 4740 int15 - ok 18:16:22.0970 4740 [ B8716D9677B04B82FA405C8C54954728 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 18:16:23.0118 4740 IntcAzAudAddService - ok 18:16:23.0145 4740 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 18:16:23.0158 4740 intelide - ok 18:16:23.0191 4740 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:16:23.0230 4740 intelppm - ok 18:16:23.0278 4740 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:16:23.0314 4740 IPBusEnum - ok 18:16:23.0341 4740 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:16:23.0378 4740 IpFilterDriver - ok 18:16:23.0421 4740 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:16:23.0463 4740 iphlpsvc - ok 18:16:23.0468 4740 IpInIp - ok 18:16:23.0490 4740 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 18:16:23.0532 4740 IPMIDRV - ok 18:16:23.0568 4740 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 18:16:23.0596 4740 IPNAT - ok 18:16:23.0619 4740 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys 18:16:23.0646 4740 irda - ok 18:16:23.0663 4740 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:16:23.0688 4740 IRENUM - ok 18:16:23.0719 4740 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll 18:16:23.0763 4740 Irmon - ok 18:16:23.0788 4740 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:16:23.0802 4740 isapnp - ok 18:16:23.0839 4740 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 18:16:23.0855 4740 iScsiPrt - ok 18:16:23.0871 4740 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 18:16:23.0883 4740 iteatapi - ok 18:16:23.0923 4740 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 18:16:23.0935 4740 iteraid - ok 18:16:23.0966 4740 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:16:23.0979 4740 kbdclass - ok 18:16:24.0012 4740 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:16:24.0045 4740 kbdhid - ok 18:16:24.0072 4740 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 18:16:24.0115 4740 KeyIso - ok 18:16:24.0157 4740 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:16:24.0183 4740 KSecDD - ok 18:16:24.0221 4740 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 18:16:24.0258 4740 KtmRm - ok 18:16:24.0344 4740 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 18:16:24.0401 4740 LanmanServer - ok 18:16:24.0459 4740 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:16:24.0514 4740 LanmanWorkstation - ok 18:16:24.0561 4740 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 18:16:24.0574 4740 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 18:16:24.0574 4740 LightScribeService - detected UnsignedFile.Multi.Generic (1) 18:16:24.0598 4740 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:16:24.0625 4740 lltdio - ok 18:16:24.0662 4740 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:16:24.0691 4740 lltdsvc - ok 18:16:24.0714 4740 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:16:24.0766 4740 lmhosts - ok 18:16:24.0803 4740 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:16:24.0818 4740 LSI_FC - ok 18:16:24.0835 4740 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:16:24.0850 4740 LSI_SAS - ok 18:16:24.0873 4740 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:16:24.0888 4740 LSI_SCSI - ok 18:16:24.0910 4740 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 18:16:24.0944 4740 luafv - ok 18:16:24.0969 4740 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:16:25.0048 4740 Mcx2Svc - ok 18:16:25.0060 4740 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 18:16:25.0072 4740 mdmxsdk - ok 18:16:25.0105 4740 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 18:16:25.0119 4740 megasas - ok 18:16:25.0155 4740 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 18:16:25.0179 4740 MegaSR - ok 18:16:25.0228 4740 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 18:16:25.0274 4740 MMCSS - ok 18:16:25.0321 4740 MobilityService - ok 18:16:25.0376 4740 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 18:16:25.0416 4740 Modem - ok 18:16:25.0459 4740 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:16:25.0497 4740 monitor - ok 18:16:25.0512 4740 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:16:25.0525 4740 mouclass - ok 18:16:25.0600 4740 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:16:25.0626 4740 mouhid - ok 18:16:25.0649 4740 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 18:16:25.0662 4740 MountMgr - ok 18:16:25.0732 4740 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 18:16:25.0747 4740 MozillaMaintenance - ok 18:16:25.0778 4740 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 18:16:25.0791 4740 mpio - ok 18:16:25.0826 4740 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:16:25.0858 4740 mpsdrv - ok 18:16:25.0905 4740 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 18:16:25.0946 4740 MpsSvc - ok 18:16:25.0974 4740 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 18:16:25.0987 4740 Mraid35x - ok 18:16:26.0018 4740 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:16:26.0050 4740 MRxDAV - ok 18:16:26.0067 4740 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:16:26.0105 4740 mrxsmb - ok 18:16:26.0135 4740 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:16:26.0171 4740 mrxsmb10 - ok 18:16:26.0185 4740 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:16:26.0212 4740 mrxsmb20 - ok 18:16:26.0252 4740 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys 18:16:26.0266 4740 msahci - ok 18:16:26.0316 4740 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:16:26.0331 4740 msdsm - ok 18:16:26.0545 4740 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 18:16:26.0589 4740 MSDTC - ok 18:16:26.0629 4740 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:16:26.0682 4740 Msfs - ok 18:16:26.0769 4740 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:16:26.0816 4740 msisadrv - ok 18:16:26.0849 4740 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:16:26.0878 4740 MSiSCSI - ok 18:16:26.0882 4740 msiserver - ok 18:16:26.0901 4740 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:16:26.0946 4740 MSKSSRV - ok 18:16:26.0958 4740 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:16:26.0994 4740 MSPCLOCK - ok 18:16:27.0017 4740 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:16:27.0044 4740 MSPQM - ok 18:16:27.0082 4740 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:16:27.0098 4740 MsRPC - ok 18:16:27.0109 4740 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 18:16:27.0123 4740 mssmbios - ok 18:16:27.0145 4740 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:16:27.0171 4740 MSTEE - ok 18:16:27.0206 4740 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 18:16:27.0221 4740 Mup - ok 18:16:27.0261 4740 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 18:16:27.0302 4740 napagent - ok 18:16:27.0340 4740 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:16:27.0365 4740 NativeWifiP - ok 18:16:27.0413 4740 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:16:27.0452 4740 NDIS - ok 18:16:27.0487 4740 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:16:27.0525 4740 NdisTapi - ok 18:16:27.0535 4740 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:16:27.0561 4740 Ndisuio - ok 18:16:27.0602 4740 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:16:27.0625 4740 NdisWan - ok 18:16:27.0633 4740 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:16:27.0653 4740 NDProxy - ok 18:16:27.0675 4740 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:16:27.0745 4740 NetBIOS - ok 18:16:27.0794 4740 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 18:16:27.0828 4740 netbt - ok 18:16:27.0852 4740 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 18:16:27.0867 4740 Netlogon - ok 18:16:27.0944 4740 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 18:16:28.0003 4740 Netman - ok 18:16:28.0027 4740 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 18:16:28.0072 4740 netprofm - ok 18:16:28.0117 4740 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:16:28.0130 4740 NetTcpPortSharing - ok 18:16:28.0270 4740 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 18:16:28.0478 4740 NETw5v32 - ok 18:16:28.0514 4740 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:16:28.0528 4740 nfrd960 - ok 18:16:28.0556 4740 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:16:28.0587 4740 NlaSvc - ok 18:16:28.0635 4740 [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 18:16:28.0683 4740 nmwcd - ok 18:16:28.0710 4740 [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys 18:16:28.0738 4740 nmwcdc - ok 18:16:28.0788 4740 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:16:28.0808 4740 Npfs - ok 18:16:28.0824 4740 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys 18:16:28.0856 4740 NSCIRDA - ok 18:16:28.0889 4740 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 18:16:28.0925 4740 nsi - ok 18:16:28.0953 4740 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:16:29.0014 4740 nsiproxy - ok 18:16:29.0077 4740 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:16:29.0178 4740 Ntfs - ok 18:16:29.0212 4740 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 18:16:29.0232 4740 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning 18:16:29.0232 4740 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1) 18:16:29.0253 4740 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 18:16:29.0264 4740 NTIDrvr - ok 18:16:29.0295 4740 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 18:16:29.0318 4740 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning 18:16:29.0318 4740 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1) 18:16:29.0331 4740 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 18:16:29.0376 4740 ntrigdigi - ok 18:16:29.0396 4740 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 18:16:29.0429 4740 Null - ok 18:16:29.0465 4740 [ 85D8845B7B6A434B7CE35723BF0E5C57 ] nuvotonhidgeneric C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys 18:16:29.0495 4740 nuvotonhidgeneric - ok 18:16:29.0543 4740 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 18:16:29.0558 4740 NVHDA - ok 18:16:29.0776 4740 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:16:30.0236 4740 nvlddmkm - ok 18:16:30.0308 4740 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:16:30.0323 4740 nvraid - ok 18:16:30.0359 4740 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:16:30.0374 4740 nvstor - ok 18:16:30.0445 4740 [ B785320CBCF5021DE9945C803696C511 ] nvsvc C:\Windows\system32\nvvsvc.exe 18:16:30.0488 4740 nvsvc - ok 18:16:30.0618 4740 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 18:16:30.0698 4740 nvUpdatusService - ok 18:16:30.0739 4740 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:16:30.0753 4740 nv_agp - ok 18:16:30.0757 4740 NwlnkFlt - ok 18:16:30.0764 4740 NwlnkFwd - ok 18:16:30.0805 4740 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 18:16:30.0840 4740 ohci1394 - ok 18:16:30.0891 4740 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 18:16:30.0967 4740 p2pimsvc - ok 18:16:30.0987 4740 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 18:16:31.0014 4740 p2psvc - ok 18:16:31.0036 4740 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 18:16:31.0087 4740 Parport - ok 18:16:31.0110 4740 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:16:31.0125 4740 partmgr - ok 18:16:31.0236 4740 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 18:16:31.0302 4740 Parvdm - ok 18:16:31.0318 4740 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 18:16:31.0367 4740 PcaSvc - ok 18:16:31.0433 4740 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys 18:16:31.0480 4740 pccsmcfd - ok 18:16:31.0510 4740 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 18:16:31.0525 4740 pci - ok 18:16:31.0548 4740 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 18:16:31.0561 4740 pciide - ok 18:16:31.0605 4740 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:16:31.0621 4740 pcmcia - ok 18:16:31.0662 4740 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:16:31.0746 4740 PEAUTH - ok 18:16:31.0904 4740 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 18:16:32.0025 4740 pla - ok 18:16:32.0072 4740 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:16:32.0098 4740 PlugPlay - ok 18:16:32.0125 4740 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 18:16:32.0151 4740 PNRPAutoReg - ok 18:16:32.0191 4740 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 18:16:32.0219 4740 PNRPsvc - ok 18:16:32.0253 4740 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:16:32.0290 4740 PolicyAgent - ok 18:16:32.0363 4740 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:16:32.0405 4740 PptpMiniport - ok 18:16:32.0424 4740 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 18:16:32.0462 4740 Processor - ok 18:16:32.0491 4740 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 18:16:32.0514 4740 ProfSvc - ok 18:16:32.0611 4740 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 18:16:32.0625 4740 ProtectedStorage - ok 18:16:32.0704 4740 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 18:16:32.0739 4740 PSched - ok 18:16:32.0789 4740 [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 18:16:32.0801 4740 PSDFilter - ok 18:16:32.0830 4740 [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys 18:16:32.0842 4740 PSDNServ - ok 18:16:32.0855 4740 [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys 18:16:32.0867 4740 psdvdisk - ok 18:16:32.0940 4740 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:16:33.0024 4740 ql2300 - ok 18:16:33.0043 4740 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:16:33.0057 4740 ql40xx - ok 18:16:33.0087 4740 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 18:16:33.0133 4740 QWAVE - ok 18:16:33.0149 4740 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:16:33.0177 4740 QWAVEdrv - ok 18:16:33.0263 4740 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 18:16:33.0307 4740 RapiMgr - ok 18:16:33.0355 4740 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:16:33.0399 4740 RasAcd - ok 18:16:33.0461 4740 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 18:16:33.0492 4740 RasAuto - ok 18:16:33.0521 4740 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:16:33.0550 4740 Rasl2tp - ok 18:16:33.0600 4740 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 18:16:33.0638 4740 RasMan - ok 18:16:33.0674 4740 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:16:33.0713 4740 RasPppoe - ok 18:16:33.0739 4740 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:16:33.0754 4740 RasSstp - ok 18:16:33.0805 4740 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:16:33.0830 4740 rdbss - ok 18:16:33.0854 4740 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:16:33.0889 4740 RDPCDD - ok 18:16:33.0913 4740 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 18:16:33.0943 4740 rdpdr - ok 18:16:33.0947 4740 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:16:33.0974 4740 RDPENCDD - ok 18:16:34.0004 4740 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:16:34.0064 4740 RDPWD - ok 18:16:34.0163 4740 [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 18:16:34.0221 4740 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 18:16:34.0221 4740 RegSrvc - detected UnsignedFile.Multi.Generic (1) 18:16:34.0256 4740 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:16:34.0286 4740 RemoteAccess - ok 18:16:34.0318 4740 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:16:34.0391 4740 RemoteRegistry - ok 18:16:34.0413 4740 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 18:16:34.0455 4740 RpcLocator - ok 18:16:34.0482 4740 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 18:16:34.0512 4740 RpcSs - ok 18:16:34.0564 4740 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:16:34.0590 4740 rspndr - ok 18:16:34.0663 4740 [ D1FB9A678BD6C2B1129FCB09D5FEB6DD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 18:16:34.0693 4740 RTSTOR - ok 18:16:34.0712 4740 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 18:16:34.0726 4740 SamSs - ok 18:16:34.0746 4740 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:16:34.0760 4740 sbp2port - ok 18:16:34.0792 4740 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:16:34.0815 4740 SCardSvr - ok 18:16:34.0894 4740 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 18:16:34.0949 4740 Schedule - ok 18:16:34.0982 4740 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 18:16:35.0013 4740 SCPolicySvc - ok 18:16:35.0095 4740 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 18:16:35.0125 4740 sdbus - ok 18:16:35.0147 4740 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:16:35.0210 4740 SDRSVC - ok 18:16:35.0238 4740 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:16:35.0293 4740 secdrv - ok 18:16:35.0335 4740 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 18:16:35.0364 4740 seclogon - ok 18:16:35.0404 4740 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys 18:16:35.0435 4740 seehcri - ok 18:16:35.0450 4740 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 18:16:35.0492 4740 SENS - ok 18:16:35.0510 4740 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 18:16:35.0572 4740 Serenum - ok 18:16:35.0584 4740 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 18:16:35.0637 4740 Serial - ok 18:16:35.0650 4740 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:16:35.0676 4740 sermouse - ok 18:16:35.0761 4740 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 18:16:35.0838 4740 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 18:16:35.0838 4740 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 18:16:35.0891 4740 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 18:16:35.0922 4740 SessionEnv - ok 18:16:35.0960 4740 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:16:35.0982 4740 sffdisk - ok 18:16:35.0991 4740 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:16:36.0052 4740 sffp_mmc - ok 18:16:36.0065 4740 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:16:36.0108 4740 sffp_sd - ok 18:16:36.0129 4740 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:16:36.0194 4740 sfloppy - ok 18:16:36.0227 4740 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:16:36.0260 4740 SharedAccess - ok 18:16:36.0299 4740 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:16:36.0373 4740 ShellHWDetection - ok 18:16:36.0398 4740 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 18:16:36.0412 4740 sisagp - ok 18:16:36.0443 4740 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 18:16:36.0457 4740 SiSRaid2 - ok 18:16:36.0469 4740 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:16:36.0483 4740 SiSRaid4 - ok 18:16:36.0496 4740 SiteAdvisor Service - ok 18:16:36.0603 4740 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 18:16:36.0805 4740 slsvc - ok 18:16:36.0852 4740 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 18:16:36.0874 4740 SLUINotify - ok 18:16:36.0953 4740 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:16:37.0052 4740 Smb - ok 18:16:37.0105 4740 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:16:37.0161 4740 SNMPTRAP - ok 18:16:37.0274 4740 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe 18:16:37.0284 4740 Sony PC Companion - ok 18:16:37.0346 4740 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 18:16:37.0359 4740 spldr - ok 18:16:37.0390 4740 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 18:16:37.0446 4740 Spooler - ok 18:16:37.0473 4740 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 18:16:37.0501 4740 srv - ok 18:16:37.0532 4740 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:16:37.0550 4740 srv2 - ok 18:16:37.0577 4740 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:16:37.0609 4740 srvnet - ok 18:16:37.0640 4740 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:16:37.0684 4740 SSDPSRV - ok 18:16:37.0702 4740 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 18:16:37.0713 4740 ssmdrv - ok 18:16:37.0739 4740 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:16:37.0757 4740 SstpSvc - ok 18:16:37.0808 4740 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 18:16:37.0873 4740 stisvc - ok 18:16:37.0891 4740 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 18:16:37.0904 4740 swenum - ok 18:16:37.0940 4740 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 18:16:37.0982 4740 swprv - ok 18:16:38.0009 4740 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 18:16:38.0021 4740 Symc8xx - ok 18:16:38.0043 4740 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 18:16:38.0055 4740 Sym_hi - ok 18:16:38.0073 4740 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 18:16:38.0086 4740 Sym_u3 - ok 18:16:38.0102 4740 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:16:38.0118 4740 SynTP - ok 18:16:38.0170 4740 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 18:16:38.0217 4740 SysMain - ok 18:16:38.0250 4740 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:16:38.0269 4740 TabletInputService - ok 18:16:38.0296 4740 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:16:38.0370 4740 TapiSrv - ok 18:16:38.0391 4740 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 18:16:38.0422 4740 TBS - ok 18:16:38.0470 4740 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:16:38.0530 4740 Tcpip - ok 18:16:38.0564 4740 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 18:16:38.0613 4740 Tcpip6 - ok 18:16:38.0649 4740 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:16:38.0717 4740 tcpipreg - ok 18:16:38.0756 4740 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:16:38.0781 4740 TDPIPE - ok 18:16:38.0855 4740 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:16:38.0901 4740 TDTCP - ok 18:16:38.0941 4740 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:16:38.0991 4740 tdx - ok 18:16:39.0001 4740 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 18:16:39.0018 4740 TermDD - ok 18:16:39.0045 4740 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 18:16:39.0117 4740 TermService - ok 18:16:39.0156 4740 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 18:16:39.0174 4740 Themes - ok 18:16:39.0245 4740 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 18:16:39.0272 4740 THREADORDER - ok 18:16:39.0412 4740 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 18:16:39.0440 4740 TrkWks - ok 18:16:39.0560 4740 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:16:39.0618 4740 TrustedInstaller - ok 18:16:39.0659 4740 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:16:39.0700 4740 tssecsrv - ok 18:16:39.0722 4740 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 18:16:39.0748 4740 tunmp - ok 18:16:39.0771 4740 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:16:39.0786 4740 tunnel - ok 18:16:39.0801 4740 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:16:39.0816 4740 uagp35 - ok 18:16:39.0835 4740 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 18:16:39.0845 4740 UBHelper - ok 18:16:39.0889 4740 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:16:39.0912 4740 udfs - ok 18:16:39.0944 4740 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:16:39.0979 4740 UI0Detect - ok 18:16:40.0001 4740 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:16:40.0015 4740 uliagpkx - ok 18:16:40.0044 4740 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 18:16:40.0063 4740 uliahci - ok 18:16:40.0084 4740 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 18:16:40.0099 4740 UlSata - ok 18:16:40.0109 4740 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 18:16:40.0123 4740 ulsata2 - ok 18:16:40.0136 4740 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:16:40.0169 4740 umbus - ok 18:16:40.0186 4740 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys 18:16:40.0211 4740 UMPass - ok 18:16:40.0258 4740 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 18:16:40.0299 4740 upnphost - ok 18:16:40.0346 4740 [ EC01DA44B090D2651FC032C8B9257232 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 18:16:40.0405 4740 upperdev - ok 18:16:40.0424 4740 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:16:40.0445 4740 usbccgp - ok 18:16:40.0467 4740 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:16:40.0511 4740 usbcir - ok 18:16:40.0559 4740 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:16:40.0593 4740 usbehci - ok 18:16:40.0608 4740 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:16:40.0642 4740 usbhub - ok 18:16:40.0658 4740 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:16:40.0702 4740 usbohci - ok 18:16:40.0735 4740 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:16:40.0762 4740 usbprint - ok 18:16:40.0815 4740 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:16:40.0836 4740 usbscan - ok 18:16:40.0869 4740 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys 18:16:40.0890 4740 usbser - ok 18:16:40.0925 4740 [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 18:16:40.0962 4740 UsbserFilt - ok 18:16:40.0991 4740 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:16:41.0020 4740 USBSTOR - ok 18:16:41.0043 4740 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 18:16:41.0100 4740 usbuhci - ok 18:16:41.0126 4740 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:16:41.0167 4740 usbvideo - ok 18:16:41.0204 4740 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 18:16:41.0250 4740 usb_rndisx - ok 18:16:41.0280 4740 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 18:16:41.0325 4740 UxSms - ok 18:16:41.0365 4740 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 18:16:41.0396 4740 vds - ok 18:16:41.0424 4740 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:16:41.0470 4740 vga - ok 18:16:41.0491 4740 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 18:16:41.0517 4740 VgaSave - ok 18:16:41.0546 4740 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 18:16:41.0560 4740 viaagp - ok 18:16:41.0579 4740 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 18:16:41.0606 4740 ViaC7 - ok 18:16:41.0621 4740 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 18:16:41.0634 4740 viaide - ok 18:16:41.0666 4740 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:16:41.0679 4740 volmgr - ok 18:16:41.0713 4740 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:16:41.0736 4740 volmgrx - ok 18:16:41.0766 4740 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:16:41.0788 4740 volsnap - ok 18:16:41.0808 4740 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:16:41.0825 4740 vsmraid - ok 18:16:41.0871 4740 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 18:16:41.0995 4740 VSS - ok 18:16:42.0027 4740 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 18:16:42.0059 4740 W32Time - ok 18:16:42.0102 4740 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:16:42.0180 4740 WacomPen - ok 18:16:42.0205 4740 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 18:16:42.0228 4740 Wanarp - ok 18:16:42.0232 4740 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:16:42.0253 4740 Wanarpv6 - ok 18:16:42.0301 4740 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 18:16:42.0336 4740 WcesComm - ok 18:16:42.0371 4740 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:16:42.0397 4740 wcncsvc - ok 18:16:42.0428 4740 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:16:42.0465 4740 WcsPlugInService - ok 18:16:42.0483 4740 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 18:16:42.0496 4740 Wd - ok 18:16:42.0536 4740 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:16:42.0588 4740 Wdf01000 - ok 18:16:42.0611 4740 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:16:42.0658 4740 WdiServiceHost - ok 18:16:42.0666 4740 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:16:42.0696 4740 WdiSystemHost - ok 18:16:42.0729 4740 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 18:16:42.0791 4740 WebClient - ok 18:16:42.0822 4740 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:16:42.0865 4740 Wecsvc - ok 18:16:42.0879 4740 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:16:42.0902 4740 wercplsupport - ok 18:16:43.0014 4740 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 18:16:43.0039 4740 WerSvc - ok 18:16:43.0068 4740 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 18:16:43.0095 4740 winachsf - ok 18:16:43.0155 4740 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 18:16:43.0175 4740 WinDefend - ok 18:16:43.0180 4740 WinHttpAutoProxySvc - ok 18:16:43.0233 4740 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:16:43.0256 4740 Winmgmt - ok 18:16:43.0306 4740 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 18:16:43.0404 4740 WinRM - ok 18:16:43.0430 4740 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] winusb C:\Windows\system32\DRIVERS\winusb.sys 18:16:43.0445 4740 winusb - ok 18:16:43.0486 4740 WisINT15 - ok 18:16:43.0532 4740 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 18:16:43.0572 4740 Wlansvc - ok 18:16:43.0677 4740 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:16:43.0757 4740 wlidsvc - ok 18:16:43.0778 4740 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 18:16:43.0812 4740 WmiAcpi - ok 18:16:43.0835 4740 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:16:43.0857 4740 wmiApSrv - ok 18:16:43.0961 4740 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 18:16:44.0073 4740 WMPNetworkSvc - ok 18:16:44.0092 4740 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:16:44.0159 4740 WPCSvc - ok 18:16:44.0192 4740 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:16:44.0221 4740 WPDBusEnum - ok 18:16:44.0261 4740 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 18:16:44.0275 4740 WpdUsb - ok 18:16:44.0467 4740 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 18:16:44.0508 4740 WPFFontCache_v0400 - ok 18:16:44.0536 4740 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:16:44.0574 4740 ws2ifsl - ok 18:16:44.0599 4740 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 18:16:44.0628 4740 wscsvc - ok 18:16:44.0633 4740 WSearch - ok 18:16:44.0709 4740 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 18:16:44.0864 4740 wuauserv - ok 18:16:44.0925 4740 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:16:45.0009 4740 WudfPf - ok 18:16:45.0045 4740 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:16:45.0081 4740 WUDFRd - ok 18:16:45.0138 4740 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:16:45.0156 4740 wudfsvc - ok 18:16:45.0207 4740 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 18:16:45.0226 4740 XAudio - ok 18:16:45.0276 4740 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 18:16:45.0296 4740 XAudioService - ok 18:16:45.0330 4740 ================ Scan global =============================== 18:16:45.0346 4740 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 18:16:45.0375 4740 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 18:16:45.0398 4740 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 18:16:45.0434 4740 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 18:16:45.0439 4740 [Global] - ok 18:16:45.0439 4740 ================ Scan MBR ================================== 18:16:45.0469 4740 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0 18:16:46.0247 4740 \Device\Harddisk0\DR0 - ok 18:16:46.0247 4740 ================ Scan VBR ================================== 18:16:46.0274 4740 [ AAE2E6F6B6EACA9D502335ABFC5FA7C0 ] \Device\Harddisk0\DR0\Partition1 18:16:46.0276 4740 \Device\Harddisk0\DR0\Partition1 - ok 18:16:46.0455 4740 [ E4669792537F49C83AC651E6EA50FF76 ] \Device\Harddisk0\DR0\Partition2 18:16:46.0457 4740 \Device\Harddisk0\DR0\Partition2 - ok 18:16:46.0457 4740 ============================================================ 18:16:46.0457 4740 Scan finished 18:16:46.0457 4740 ============================================================ 18:16:46.0467 4348 Detected object count: 9 18:16:46.0467 4348 Actual detected object count: 9 18:18:18.0514 4348 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0514 4348 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0516 4348 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0517 4348 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0519 4348 ETService ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0519 4348 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0521 4348 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0521 4348 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0523 4348 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0523 4348 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0525 4348 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0525 4348 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0527 4348 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0527 4348 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0529 4348 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0529 4348 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:18:18.0532 4348 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 18:18:18.0532 4348 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:20:22.0595 5460 Deinitialize success Geändert von Alpine88 (17.03.2013 um 18:40 Uhr) |
17.03.2013, 19:12 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Offene Ports nach Netstat -a Scan Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Offene Ports nach Netstat -a Scan |
17.03.2013, 20:21 | #7 |
| Offene Ports nach Netstat -a Scan OK habe es ausgeführt, hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 13-03-17.01 - Guido 17.03.2013 20:01:54.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1499 [GMT 1:00] ausgeführt von:: c:\users\Guido\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\windows\IsUn0407.exe c:\windows\Temp\log.txt . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-17 bis 2013-03-17 )))))))))))))))))))))))))))))) . . 2013-03-17 19:08 . 2013-03-17 19:08 -------- d-----w- c:\users\Guido\AppData\Local\temp 2013-03-17 16:12 . 2013-03-17 16:12 -------- d-----w- c:\programdata\Malwarebytes 2013-03-15 17:37 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-03-15 17:37 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 16:05 . 2012-06-19 16:02 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-15 16:05 . 2011-02-10 19:49 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-20 19:00 . 2012-04-02 18:27 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-20 19:00 . 2011-05-16 17:29 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-05 05:26 . 2013-02-12 19:45 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-05 05:26 . 2013-02-12 19:45 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-04 11:28 . 2013-02-12 19:46 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-04 01:38 . 2013-02-12 19:46 2048512 ----a-w- c:\windows\system32\win32k.sys 2012-12-29 10:26 . 2013-02-12 19:34 53176 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-29 10:26 . 2013-02-12 19:32 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-29 10:26 . 2013-02-12 19:32 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-12-29 10:26 . 2013-02-12 19:32 6263784 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-29 10:26 . 2013-02-12 19:32 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-12-29 10:26 . 2013-02-12 19:32 1017272 ----a-w- c:\windows\system32\nvdispco32.dll 2012-12-29 10:26 . 2013-02-12 19:32 7931896 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-29 10:26 . 2013-02-12 19:32 2720696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-29 10:26 . 2013-02-12 19:32 2504248 ----a-w- c:\windows\system32\nvapi.dll 2012-12-29 10:26 . 2013-02-12 19:32 20450232 ----a-w- c:\windows\system32\nvoglv32.dll 2012-12-29 10:26 . 2013-02-12 19:32 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-29 10:26 . 2013-02-12 19:32 17560504 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-29 10:26 . 2013-02-12 19:32 15129064 ----a-w- c:\windows\system32\nvd3dum.dll 2012-12-29 08:26 . 2012-04-24 19:00 4129720 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:26 . 2012-04-24 19:00 3001272 ----a-w- c:\windows\system32\nvsvc.dll 2012-12-29 08:25 . 2013-02-12 19:35 62904 ----a-w- c:\windows\system32\nvshext.dll 2012-12-29 08:25 . 2012-04-24 19:00 639928 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-29 08:25 . 2012-04-24 19:00 2557880 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-29 08:25 . 2012-04-24 19:00 108984 ----a-w- c:\windows\system32\nvmctray.dll 2013-03-15 16:15 . 2013-03-15 16:15 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "Skytel"="Skytel.exe" [2008-09-19 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\Guido\Desktop\mbar\mbar.exe" [2013-02-16 1363016] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-8-31 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray] 2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] 2008-09-11 21:46 544768 ------w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] 2008-11-28 09:08 417792 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-09-19 03:00 6294048 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 11315556 *NewlyCreated* - ASWMBR *Deregistered* - 11315556 *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_8730 IE: Free YouTube to MP3 Converter - c:\users\Guido\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\x7m3dma4.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - ExtSQL: !HIDDEN! 2010-08-13 09:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file) WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file) HKLM-Run-eRecoveryService - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-AVMUSBFernanschluss - c:\users\Guido\AppData\Local\Apps\2.0\KHXHD8C5.VPT\JOE7KNLE.NPT\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\AVMAutoStart.exe AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-03-17 20:08 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2013-03-17 20:09:55 ComboFix-quarantined-files.txt 2013-03-17 19:09 . Vor Suchlauf: 11 Verzeichnis(se), 83.474.739.200 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 84.926.160.896 Bytes frei . - - End Of File - - FE3DF12E51D06F8341B3000646A90160 |
17.03.2013, 20:54 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Offene Ports nach Netstat -a Scan JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
17.03.2013, 22:01 | #9 |
| Offene Ports nach Netstat -a Scan Die nächsten 3 Logfiles: Avira hat gemeckert, das der Browser Schutz nicht richtig funktioniert. Ich sollte die Toolbar wieder richtig installieren. JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.2 (03.15.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by Guido on 17.03.2013 at 21:02:50,25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] icq service Successfully deleted: [Service] icq service ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{855f3b16-6d32-4fe6-8a56-bbb695989046} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{855f3b16-6d32-4fe6-8a56-bbb695989046} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\icq service.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\icqtoolbar.iehook Successfully deleted: [Registry Key] hkey_local_machine\software\classes\icqtoolbar.iehook.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2431245 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Guido\AppData\Roaming\dvdvideosoftiehelpers" Successfully deleted: [Folder] "C:\Program Files\icq6toolbar" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\extensions\toolbar@ask.com Successfully deleted the following from C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\prefs.js user_pref("extensions.asktb.AviraIDW-TS", "1319397993404"); user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xmlns=\"hxxp://websearch.ask.com/widgets\">\n <widget_url>hxxps://aviratoolb user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); user_pref("extensions.asktb.cbid", "JM"); user_pref("extensions.asktb.config-updated", true); user_pref("extensions.asktb.crumb", "2011.06.29+08.28.25-toolbar001iad-DE-S2VycGVuLEdlcm1hbnk%3D"); user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar"); user_pref("extensions.asktb.dtid", "YYYYYYYYDE"); user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX5292"); user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); user_pref("extensions.asktb.guid", "b814eb30-5ddf-4cff-a26f-288575264a0b"); user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp user_pref("extensions.asktb.if", "first"); user_pref("extensions.asktb.keyword-toggled-in-session", false); user_pref("extensions.asktb.l", "dis"); user_pref("extensions.asktb.last-config-req", "1363535286865"); user_pref("extensions.asktb.last-search-timestamp", "1362129698298"); user_pref("extensions.asktb.last-v", "3.14.0.100010"); user_pref("extensions.asktb.locale", "de_DE"); user_pref("extensions.asktb.location", "Kerpen,Germany"); user_pref("extensions.asktb.new-tab-opt-out", true); user_pref("extensions.asktb.notification-shown", true); user_pref("extensions.asktb.o", "100000080"); user_pref("extensions.asktb.qsrc", "2871"); user_pref("extensions.asktb.sa", "NO"); user_pref("extensions.asktb.search-history-queries", "Hallelujah Leonardÿ Cohen||sparrkasse dieburg||wer-kennt-wen.de||www.wer-kennt-wen.de||flirtlife||web.de||labrador||Pirre user_pref("extensions.asktb.search-suggestions-enabled", true); user_pref("extensions.asktb.silent-upgrade", true); user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); user_pref("extensions.asktb.themeid", ""); user_pref("extensions.asktb.to", ""); user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="); Emptied folder: C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\minidumps [32 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17.03.2013 at 21:05:33,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 17/03/2013 um 21:19:22 erstellt # Aktualisiert am 17/03/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Guido - GUIDO-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Guido\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\x7m3dma4.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\x7m3dma4.default\searchplugins\icqplugin-1.xml Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\x7m3dma4.default\searchplugins\icqplugin-2.xml Datei Gelöscht : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\x7m3dma4.default\searchplugins\icqplugin-3.xml Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Guido\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\Guido\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Software Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\x7m3dma4.default\prefs.js Gelöscht : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...] Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Gelöscht : user_pref("icqtoolbar.allowSendURL", false); Gelöscht : user_pref("icqtoolbar.engineVerified", false); Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options"); Gelöscht : user_pref("icqtoolbar.history", "autositze%20beledern||autositze%20beziehen%20anleitung||olymp%20Tro[...] Gelöscht : user_pref("icqtoolbar.installsource", "1"); Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0); Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.19"); Gelöscht : user_pref("icqtoolbar.skip_default_search", "no"); Gelöscht : user_pref("icqtoolbar.suggestions", false); Gelöscht : user_pref("icqtoolbar.uniqueID", "123767324712376732421237717727525"); Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1275321826); Gelöscht : user_pref("icqtoolbar.version", "1.1.4"); Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false); Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de"); Datei : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\gn6fw80h.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [9299 octets] - [17/03/2013 21:19:22] ########## EOF - C:\AdwCleaner[S1].txt - [9359 octets] ########## OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.03.2013 21:25:25 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Guido\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,26% Memory free 6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 80,04 Gb Free Space | 56,11% Space Free | Partition Type: NTFS Drive D: | 142,67 Gb Total Space | 89,17 Gb Free Space | 62,50% Space Free | Partition Type: NTFS Computer Name: GUIDO-PC | User Name: Guido | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.16 15:52:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Downloads\OTL.exe PRC - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 09:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.08 18:50:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:10:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.08 18:10:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:10:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:10:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.12.17 07:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.13 18:20:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\SiteAdvisor\6172\SAService.exe -- (SiteAdvisor Service) SRV - File not found [Disabled | Unknown] -- -- (Lsiitofot-4) SRV - [2013.03.15 17:15:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 18:10:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.08 18:10:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 18:10:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Guido\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.26 13:47:27 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.08.26 13:47:27 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.05.08 18:10:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:10:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.05.18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.05.18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.05.18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.03.02 20:20:20 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.28 09:20:05 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura) DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.10.08 10:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2008.10.08 10:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2008.10.01 10:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_8730 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{29F609BA-47B4-4D93-BBC8-2DB2370F8503}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.15 17:15:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.15 17:15:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.03 16:39:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.15 17:15:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.15 17:15:38 | 000,000,000 | ---D | M] [2009.03.21 23:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions [2013.03.17 21:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\x7m3dma4.default\extensions [2010.11.14 17:58:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\x7m3dma4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.17 17:54:32 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-4.xml [2009.09.20 17:05:50 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-5.xml [2010.06.01 16:31:39 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-6.xml [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.15 17:15:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.15 17:15:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.26 17:32:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.07 16:19:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.26 17:32:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 17:32:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 17:32:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 17:32:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2013.03.17 20:08:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Guido\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAFED2A-826B-479E-B6A9-4636C777D5EA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E505B816-D8C6-4ED2-9856-7F27E58C85BC}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E96E6466-AF0C-47B1-B8B7-3A900CB30458}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Guido\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Guido\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 21:02:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.17 21:01:32 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.17 20:09:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.17 20:09:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.17 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\temp [2013.03.17 20:00:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.17 20:00:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.17 20:00:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.17 20:00:33 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.17 19:59:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.17 19:59:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.17 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\Guido\Desktop\mbar [2013.03.17 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.17 16:39:01 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.03.15 18:37:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.15 17:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.15 17:06:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.15 17:06:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.15 17:06:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.15 17:06:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.15 17:06:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.15 17:06:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.15 17:06:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.15 17:06:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.15 17:06:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.15 17:06:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.15 17:06:09 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.15 17:06:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.14 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Guido\Desktop\SuperScan ========== Files - Modified Within 30 Days ========== [2013.03.17 21:28:28 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.17 21:28:28 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.17 21:28:28 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.17 21:28:28 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.17 21:22:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.03.17 21:22:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 21:22:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 21:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.17 21:21:52 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2013.03.17 21:12:31 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.17 20:08:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.17 11:14:09 | 256,892,486 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.16 15:51:21 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable [2013.03.15 17:05:48 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.15 17:05:47 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.15 17:05:47 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.15 17:05:46 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.15 17:05:45 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.03.15 17:05:45 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2013.03.17 20:00:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.17 20:00:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.17 20:00:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.17 20:00:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.17 20:00:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.16 15:51:21 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.02.26 17:40:19 | 000,001,356 | ---- | C] () -- C:\Users\Guido\AppData\Local\d3d9caps.dat [2009.11.13 14:55:57 | 000,000,134 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\wklnhst.dat [2009.03.22 12:10:47 | 000,211,456 | ---- | C] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
18.03.2013, 11:41 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Offene Ports nach Netstat -a ScanCode:
ATTFilter Scan Mode: Current user
__________________ Logfiles bitte immer in CODE-Tags posten |
18.03.2013, 17:41 | #11 |
| Offene Ports nach Netstat -a Scan Hier nochmal richtig: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.03.2013 17:22:16 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Guido\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,66% Memory free 6,19 Gb Paging File | 4,86 Gb Available in Paging File | 78,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 84,37 Gb Free Space | 59,14% Space Free | Partition Type: NTFS Drive D: | 142,67 Gb Total Space | 89,17 Gb Free Space | 62,50% Space Free | Partition Type: NTFS Computer Name: GUIDO-PC | User Name: Guido | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.16 15:52:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Downloads\OTL.exe PRC - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 09:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.08 18:50:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:10:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.08 18:10:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:10:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:10:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.17 07:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.13 18:20:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\SiteAdvisor\6172\SAService.exe -- (SiteAdvisor Service) SRV - File not found [Disabled | Unknown] -- -- (Lsiitofot-4) SRV - [2013.03.15 17:15:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 18:10:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.08 18:10:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 18:10:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Guido\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.26 13:47:27 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.08.26 13:47:27 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.05.08 18:10:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:10:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.05.18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.05.18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.05.18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.03.02 20:20:20 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.28 09:20:05 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura) DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.10.08 10:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2008.10.08 10:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2008.10.01 10:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_8730 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\..\SearchScopes\{29F609BA-47B4-4D93-BBC8-2DB2370F8503}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-572745244-618600403-1647975730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-572745244-618600403-1647975730-1006\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.15 17:15:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.15 17:15:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.03 16:39:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.15 17:15:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.15 17:15:38 | 000,000,000 | ---D | M] [2009.03.21 23:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Extensions [2013.03.17 21:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\x7m3dma4.default\extensions [2010.11.14 17:58:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Guido\AppData\Roaming\mozilla\Firefox\Profiles\x7m3dma4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.17 17:54:32 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-4.xml [2009.09.20 17:05:50 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-5.xml [2010.06.01 16:31:39 | 000,000,950 | ---- | M] () -- C:\Users\Guido\AppData\Roaming\mozilla\firefox\profiles\x7m3dma4.default\searchplugins\icqplugin-6.xml [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.15 17:15:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.15 17:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.15 17:15:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.26 17:32:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.07 16:19:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.26 17:32:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 17:32:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 17:32:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 17:32:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2013.03.17 20:08:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-572745244-618600403-1647975730-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-572745244-618600403-1647975730-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-572745244-618600403-1647975730-1006..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKU\S-1-5-21-572745244-618600403-1647975730-1006..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-572745244-618600403-1647975730-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-572745244-618600403-1647975730-1006..\RunOnce: [AcerScrSav] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-572745244-618600403-1647975730-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-572745244-618600403-1647975730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-572745244-618600403-1647975730-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Guido\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAFED2A-826B-479E-B6A9-4636C777D5EA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E505B816-D8C6-4ED2-9856-7F27E58C85BC}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E96E6466-AF0C-47B1-B8B7-3A900CB30458}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Guido\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Guido\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 21:02:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.17 21:01:32 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.17 20:09:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.17 20:09:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.17 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\temp [2013.03.17 20:00:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.17 20:00:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.17 20:00:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.17 20:00:33 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.17 19:59:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.17 19:59:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.17 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\Guido\Desktop\mbar [2013.03.17 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.17 16:39:01 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.03.15 18:37:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.15 17:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.15 17:06:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.15 17:06:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.15 17:06:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.15 17:06:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.15 17:06:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.15 17:06:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.15 17:06:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.15 17:06:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.15 17:06:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.15 17:06:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.15 17:06:09 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.15 17:06:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.14 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Guido\Desktop\SuperScan ========== Files - Modified Within 30 Days ========== [2013.03.18 17:22:05 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.18 17:22:05 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.18 17:22:05 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.18 17:22:05 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.18 17:16:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.03.18 17:15:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 17:15:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 17:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.18 17:15:38 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2013.03.17 21:12:31 | 000,293,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.17 20:08:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.17 11:14:09 | 256,892,486 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.16 15:51:21 | 000,000,000 | ---- | M] () -- C:\Users\Guido\defogger_reenable [2013.03.15 17:05:48 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.15 17:05:47 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.15 17:05:47 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.15 17:05:46 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.15 17:05:45 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.03.15 17:05:45 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2013.03.17 20:00:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.17 20:00:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.17 20:00:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.17 20:00:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.17 20:00:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.16 15:51:21 | 000,000,000 | ---- | C] () -- C:\Users\Guido\defogger_reenable [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.02.26 17:40:19 | 000,001,356 | ---- | C] () -- C:\Users\Guido\AppData\Local\d3d9caps.dat [2009.11.13 14:55:57 | 000,000,134 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\wklnhst.dat [2009.03.22 12:10:47 | 000,211,456 | ---- | C] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
18.03.2013, 23:07 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Offene Ports nach Netstat -a Scan Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
19.03.2013, 21:08 | #13 |
| Offene Ports nach Netstat -a ScanCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.19.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Guido :: GUIDO-PC [administrator] 19.03.2013 16:57:57 mbar-log-2013-03-19 (16-57-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28557 Time elapsed: 8 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=b9bed47ba46b6846ac9d5a2478098a96 # engine=13429 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-19 06:43:51 # local_time=2013-03-19 07:43:51 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 100 14366 229141921 7132 0 # compatibility_mode=5892 16776638 100 100 82029337 201251359 0 0 # scanned=160521 # found=0 # cleaned=0 # scan_time=6790 |
20.03.2013, 13:09 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Offene Ports nach Netstat -a ScanZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.03.2013, 19:12 | #15 |
| Offene Ports nach Netstat -a Scan Entschuldige, hatte ich überlesen. Hier der Log Anti Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.20.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Guido :: GUIDO-PC [Administrator] 20.03.2013 19:04:31 mbam-log-2013-03-20 (19-04-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 249087 Laufzeit: 4 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Themen zu Offene Ports nach Netstat -a Scan |
antivir, autorun, avg, avira, avira searchfree toolbar, bho, converter, desktop, downloader, error, excel, firefox, format, helper, home, internet, launch, logfile, mozilla, mp3, netstat, offene ports, plug-in, registry, scan, siteadvisor, software, unknown mbr, viren, vista |