| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner 2.12 - BereinigungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2013, 15:00
| #1 |
 |  GVU Trojaner 2.12 - Bereinigung Hallo! Diesmal hat es mich auch erwischt. Mit PC-Programmen komme ich recht gut klar, aber von dem "Eingemachten" habe ich nicht so viel Ahnung! Ich habe einen ACER Laptop mit Windows 7. Beim Hochfahren zeigte sich die Seite und nix ging mehr. Habe über den abgesicherten Modung "Spybot Search & Destroy" laufen lassen. Jetzt lässt sich der Rechner zumindest wieder starten. Avira hat mehrere Dateien gefunden und eine in die Quarantäne gesteckt. Habe dann gemerkt, dass ich an meine Grenze gekommen bin und war froh, eure Seite gefunden zu haben. Schritt 1 "defogger" habe ich ausgeführt: defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:47 on 06/05/2013 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Schritt 2 OTL LOG Dateien im Anhang. OTL in 2 Teilen da zu groß (hoffe, dass das ok ist) Ich hoffe, dass ihr mir weiterhelfen könnt und ein wenig Geduld mit mir habt  Vielen Dank schonmal im Voraus cheekylisa |
|
06.05.2013, 15:51
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Trojaner 2.12 - Bereinigung Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
06.05.2013, 16:07
| #3 |
| | GVU Trojaner 2.12 - Bereinigung Hallo,
__________________vielen Dank für die Antwort. Danke für den Hinweis mit den Code-Tag - bin wohl doch etwas raus...  Habe noch einen LOG von AVIRA: Code:
ATTFilter 06.05.2013,09:17:49 [INFO] ---------------------------------------------------------
06.05.2013,09:17:49 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
06.05.2013,09:18:42 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.12.34, VDF Version: 7.11.75.242
06.05.2013,09:18:44 [INFO] Online-Dienste stehen zur Verfügung.
06.05.2013,09:18:44 [INFO] Echtzeit Scanner wurde aktiviert
06.05.2013,09:18:44 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Alle Dateien
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
06.05.2013,09:23:36 [INFO] Update-Auftrag gestartet!
06.05.2013,09:23:45 [INFO] Aktuelle Engine Version: 8.2.12.34
06.05.2013,09:23:45 [INFO] Aktuelle Version der VDF-Datei: 7.11.76.90
06.05.2013,09:40:31 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Alle Dateien
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
06.05.2013,13:33:22 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: UNSER\***
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,13:36:25 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,13:38:46 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,13:39:17 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:15:31 [FUND] Enthält Erkennungsmuster der Anwendung APPL/InstallBrain.Gen5!
C:\Program Files (x86)\Uninstall Information\ib_uninst_455\uninstall.exe
[INFO] Benutzer: UNSER\***
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:15:35 [FUND] Enthält Erkennungsmuster der Anwendung APPL/InstallBrain.Gen5!
C:\Program Files (x86)\Uninstall Information\ib_uninst_518\uninstall.exe
[INFO] Benutzer: UNSER\***
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:15:38 [FUND] Enthält Erkennungsmuster der Anwendung APPL/InstallBrain.Gen5!
C:\Program Files (x86)\Uninstall Information\ib_uninst_519\uninstall.exe
[INFO] Benutzer: UNSER\***
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:17:18 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412!
C:\ProgramData\2eooc.js
[INFO] Benutzer: UNSER\***
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:17:18 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: UNSER\***
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:19:06 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412!
C:\ProgramData\2eooc.js
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:19:06 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:21:53 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:21:53 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412!
C:\ProgramData\2eooc.js
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:22:22 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:23:49 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:26:38 [FUND] Ist das Trojanische Pferd TR/Reveton.A.186!
C:\ProgramData\cooe2.dat
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:44:01 [FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Malicious.Flash.Gen!
C:\Windows\Temp\00000041-40475A2E.av$
[INFO] Benutzer: NT-AUTORITÄT\SYSTEM
[INFO] Der Zugriff auf die Datei wurde verweigert!
06.05.2013,14:49:07 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
06.05.2013,14:50:53 [INFO] ---------------------------------------------------------
06.05.2013,14:50:53 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
06.05.2013,14:51:35 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.12.34, VDF Version: 7.11.76.90
06.05.2013,14:51:37 [INFO] Online-Dienste stehen zur Verfügung.
06.05.2013,14:51:37 [INFO] Echtzeit Scanner wurde aktiviert
06.05.2013,14:51:37 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Alle Dateien
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
06.05.2013,14:53:49 [INFO] ---------------------------------------------------------
06.05.2013,14:53:49 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
06.05.2013,14:54:31 [INFO] Echtzeit Scanner Version: 12.03.00.15, Engine Version 8.2.12.34, VDF Version: 7.11.76.90
06.05.2013,14:54:32 [INFO] Online-Dienste stehen zur Verfügung.
06.05.2013,14:54:32 [INFO] Echtzeit Scanner wurde aktiviert
06.05.2013,14:54:32 [INFO] Verwendete Konfiguration der Echtzeitsuche:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Alle Dateien
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
06.05.2013,14:57:05 [FUND] Verdächtige Datei: Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3402!
C:\Windows\Fonts\gulim.ttc
[INFO] Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung. Bitte senden Sie uns diese Datei zur weiteren Analyse umgehend zu.
[INFO] Auf diese Datei wird keine Aktion ausgeführt.
|
|
06.05.2013, 16:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner 2.12 - Bereinigung Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.05.2013, 16:53
| #5 |
| | GVU Trojaner 2.12 - Bereinigung Scan durchgeführt. Hier die Log-Datei: Code:
ATTFilter ComboFix 13-05-06.01 - *** 06.05.2013 17:36:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4092.2387 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
c:\programdata\2eooc.bat
c:\programdata\2eooc.pad
c:\programdata\rundll32.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-06 bis 2013-05-06 ))))))))))))))))))))))))))))))
.
.
2013-05-06 15:43 . 2013-05-06 15:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 11:31 . 2013-05-06 11:31 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-05-06 11:31 . 2013-05-06 11:31 -------- d-----w- c:\programdata\Malwarebytes
2013-05-06 11:31 . 2013-05-06 11:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-06 11:31 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-06 09:20 . 2013-05-06 12:55 -------- d-----w- c:\users\***\AppData\Local\Vidalia
2013-05-06 09:20 . 2013-05-06 10:13 -------- d-----w- c:\program files (x86)\Vidalia Bridge Bundle
2013-05-06 08:46 . 2013-05-06 12:58 -------- d-----w- c:\users\***\AppData\Roaming\KeePass
2013-05-06 08:43 . 2013-05-06 15:42 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2013-05-06 08:07 . 2013-05-06 08:07 -------- d-----w- c:\windows\system32\IO
2013-05-03 15:34 . 2013-05-03 15:34 151 ----a-w- c:\programdata\2eooc.reg
2013-04-24 16:57 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 11:33 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 11:33 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 11:33 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 11:33 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 11:33 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 11:33 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 11:31 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 11:31 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 11:31 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 11:31 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 11:59 . 2010-03-22 11:26 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 19:53 . 2012-07-06 19:52 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 19:53 . 2011-07-19 09:52 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 04:12 . 2013-03-26 16:50 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45 2355224 ----a-w- c:\program files (x86)\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
"Vidalia"="c:\program files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe" [2012-12-02 6239727]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
R2 0316241367853593mcinstcleanup;McAfee Application Installer Cleanup (0316241367853593);c:\windows\TEMP\031624~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-26 219136]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-12 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-30 828912]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-12-04 103472]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 19:53]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 20:19]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 20:19]
.
2010-03-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-21 11:22]
.
2013-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-03-21 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-19 8306208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchplusnetwork.com/?sp=vit4
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.searchplusnetwork.com/?sp=vit4&q=
FF - ExtSQL: 2013-05-06 10:31; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-Locked - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-KeePass Password Safe 2 - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe
Wow6432Node-HKLM-Run-KeePass 2 PreLoad - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-06 17:47:45
ComboFix-quarantined-files.txt 2013-05-06 15:47
.
Vor Suchlauf: 11 Verzeichnis(se), 41.221.144.576 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 41.638.592.512 Bytes frei
.
- - End Of File - - 2B9B1F13316147368681D738B60EF51E
|
|
06.05.2013, 20:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner 2.12 - Bereinigung Hm, CF hat deine Keepass2-Installation gelöscht, falls du es noch brauchst wäre es wohl sauberer das Programm neu zu installieren. Aber das ist erstmal nebensächlich. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> GVU Trojaner 2.12 - Bereinigung |
|
06.05.2013, 22:10
| #7 |
| | GVU Trojaner 2.12 - Bereinigung Rootkitscan mit Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-06 22:20:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22A23T0 rev.01.01A01 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***&~1\AppData\Local\Temp\pgldapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fba000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624 fffff80002fba040 1 byte [01]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f91465 2 bytes [F9, 74]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f914bb 2 bytes [F9, 74]
.text ... * 2
---- EOF - GMER 2.1 ----
Malwarebytes Anti-Rootkit: 4 Funde danach Clean up. Programm hat von sich aus keinen Neustart gemacht. Haben einen manuellen Neustart gemacht und das Programm nochmals durchlaufen lassen - nix mehr gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.03.22.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: UNSER [administrator]
06.05.2013 22:33:04
mbar-log-2013-05-06 (22-33-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28757
Time elapsed: 10 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
Files Detected: 1
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
(end)
|
|
07.05.2013, 10:14
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner 2.12 - BereinigungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 10:23
| #9 |
| | GVU Trojaner 2.12 - Bereinigung ??? Soll ich es nochmals durchlaufen lassen? Vielleicht habe ich etwas übersehen, nachdem ich gestern den ganzen Tag vor dem Pc saß...  Jepp - habe mir dir Anleitung NICHT durchgelesen! |
|
07.05.2013, 10:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner 2.12 - Bereinigung Natürlich musst du MBAR mit aktuellen Signaturen nochma laufen lassen....
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 10:58
| #11 |
| | GVU Trojaner 2.12 - Bereinigung Ist durch - nix gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.07.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: UNSER [administrator]
07.05.2013 11:52:18
mbar-log-2013-05-07 (11-52-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28808
Time elapsed: 14 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
07.05.2013, 11:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner 2.12 - Bereinigung aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 12:41
| #13 |
| | GVU Trojaner 2.12 - Bereinigung aswMBR ist durch: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 12:56:14
-----------------------------
12:56:14.275 OS Version: Windows x64 6.1.7601 Service Pack 1
12:56:14.275 Number of processors: 2 586 0x602
12:56:14.275 ComputerName: UNSER UserName:
12:56:15.757 Initialize success
13:00:11.825 AVAST engine defs: 13050601
13:00:27.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:00:27.612 Disk 0 Vendor: WDC_WD3200BEVT-22A23T0 01.01A01 Size: 305245MB BusType: 11
13:00:27.768 Disk 0 MBR read successfully
13:00:27.783 Disk 0 MBR scan
13:00:27.799 Disk 0 Windows 7 default MBR code
13:00:27.815 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
13:00:27.908 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
13:00:27.924 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292850 MB offset 25382700
13:00:28.095 Disk 0 scanning C:\Windows\system32\drivers
13:00:44.616 Service scanning
13:01:23.709 Modules scanning
13:01:23.725 Disk 0 trace - called modules:
13:01:23.756 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:01:24.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004526060]
13:01:24.271 3 CLASSPNP.SYS[fffff880011a943f] -> nt!IofCallDriver -> [0xfffffa8003fedbe0]
13:01:24.287 5 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044fb060]
13:01:26.268 AVAST engine scan C:\Windows
13:01:30.636 AVAST engine scan C:\Windows\system32
13:05:50.610 AVAST engine scan C:\Windows\system32\drivers
13:06:09.424 AVAST engine scan C:\Users\***
13:09:50.055 File: C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\19000cac-7ff681f2 **INFECTED** Win32:Malware-gen
13:20:20.842 AVAST engine scan C:\ProgramData
13:28:33.850 Scan finished successfully
13:35:45.144 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
13:35:45.144 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 14:09:01.0082 4608 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:09:01.0348 4608 ============================================================
14:09:01.0348 4608 Current date / time: 2013/05/07 14:09:01.0348
14:09:01.0348 4608 SystemInfo:
14:09:01.0348 4608
14:09:01.0348 4608 OS Version: 6.1.7601 ServicePack: 1.0
14:09:01.0348 4608 Product type: Workstation
14:09:01.0348 4608 ComputerName: UNSER
14:09:01.0348 4608 UserName: ***
14:09:01.0348 4608 Windows directory: C:\Windows
14:09:01.0348 4608 System windows directory: C:\Windows
14:09:01.0348 4608 Running under WOW64
14:09:01.0348 4608 Processor architecture: Intel x64
14:09:01.0348 4608 Number of processors: 2
14:09:01.0348 4608 Page size: 0x1000
14:09:01.0348 4608 Boot type: Normal boot
14:09:01.0348 4608 ============================================================
14:09:02.0954 4608 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:02.0954 4608 ============================================================
14:09:02.0954 4608 \Device\Harddisk0\DR0:
14:09:02.0954 4608 MBR partitions:
14:09:02.0954 4608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
14:09:02.0954 4608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384
14:09:02.0954 4608 ============================================================
14:09:02.0986 4608 C: <-> \Device\Harddisk0\DR0\Partition2
14:09:02.0986 4608 ============================================================
14:09:02.0986 4608 Initialize success
14:09:02.0986 4608 ============================================================
14:09:20.0598 3408 ============================================================
14:09:20.0598 3408 Scan started
14:09:20.0598 3408 Mode: Manual; SigCheck; TDLFS;
14:09:20.0598 3408 ============================================================
14:09:21.0331 3408 ================ Scan system memory ========================
14:09:21.0331 3408 System memory - ok
14:09:21.0331 3408 ================ Scan services =============================
14:09:21.0472 3408 0265251367922272mcinstcleanup - ok
14:09:21.0643 3408 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:09:21.0737 3408 1394ohci - ok
14:09:21.0815 3408 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:09:21.0862 3408 ACPI - ok
14:09:21.0940 3408 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:09:22.0033 3408 AcpiPmi - ok
14:09:22.0158 3408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:09:22.0189 3408 AdobeARMservice - ok
14:09:22.0392 3408 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:09:22.0423 3408 AdobeFlashPlayerUpdateSvc - ok
14:09:22.0470 3408 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:09:22.0501 3408 adp94xx - ok
14:09:22.0548 3408 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:09:22.0564 3408 adpahci - ok
14:09:22.0579 3408 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:09:22.0610 3408 adpu320 - ok
14:09:22.0642 3408 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:09:22.0704 3408 AeLookupSvc - ok
14:09:22.0938 3408 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:09:23.0016 3408 AFD - ok
14:09:23.0078 3408 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:09:23.0110 3408 agp440 - ok
14:09:23.0125 3408 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:09:23.0203 3408 ALG - ok
14:09:23.0234 3408 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:09:23.0250 3408 aliide - ok
14:09:23.0312 3408 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:09:23.0359 3408 AMD External Events Utility - ok
14:09:23.0390 3408 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:09:23.0406 3408 amdide - ok
14:09:23.0453 3408 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:09:23.0531 3408 AmdK8 - ok
14:09:23.0578 3408 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:09:23.0640 3408 AmdPPM - ok
14:09:23.0702 3408 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:09:23.0749 3408 amdsata - ok
14:09:23.0796 3408 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:09:23.0812 3408 amdsbs - ok
14:09:23.0843 3408 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:09:23.0843 3408 amdxata - ok
14:09:23.0983 3408 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:09:23.0999 3408 AntiVirSchedulerService - ok
14:09:24.0061 3408 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:09:24.0077 3408 AntiVirService - ok
14:09:24.0139 3408 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:09:24.0217 3408 AppID - ok
14:09:24.0264 3408 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:09:24.0342 3408 AppIDSvc - ok
14:09:24.0389 3408 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:09:24.0451 3408 Appinfo - ok
14:09:24.0514 3408 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:09:24.0529 3408 arc - ok
14:09:24.0560 3408 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:09:24.0576 3408 arcsas - ok
14:09:24.0607 3408 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:24.0670 3408 AsyncMac - ok
14:09:24.0732 3408 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:09:24.0763 3408 atapi - ok
14:09:24.0935 3408 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:25.0200 3408 atikmdag - ok
14:09:25.0278 3408 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:09:25.0309 3408 AtiPcie - ok
14:09:25.0418 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:09:25.0590 3408 AudioEndpointBuilder - ok
14:09:25.0606 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:09:25.0637 3408 AudioSrv - ok
14:09:25.0762 3408 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:09:25.0793 3408 avgntflt - ok
14:09:25.0871 3408 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:09:25.0902 3408 avipbb - ok
14:09:25.0933 3408 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:09:25.0949 3408 avkmgr - ok
14:09:26.0011 3408 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:09:26.0058 3408 AxInstSV - ok
14:09:26.0105 3408 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:09:26.0183 3408 b06bdrv - ok
14:09:26.0230 3408 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:26.0308 3408 b57nd60a - ok
14:09:26.0448 3408 [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:09:26.0573 3408 BCM43XX - ok
14:09:26.0620 3408 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:09:26.0682 3408 BDESVC - ok
14:09:26.0744 3408 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:09:26.0854 3408 Beep - ok
14:09:26.0947 3408 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:09:27.0072 3408 BFE - ok
14:09:27.0134 3408 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:09:27.0244 3408 BITS - ok
14:09:27.0290 3408 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:09:27.0353 3408 blbdrive - ok
14:09:27.0431 3408 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:09:27.0493 3408 bowser - ok
14:09:27.0524 3408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:09:27.0602 3408 BrFiltLo - ok
14:09:27.0602 3408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:09:27.0649 3408 BrFiltUp - ok
14:09:27.0680 3408 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:09:27.0790 3408 BridgeMP - ok
14:09:27.0961 3408 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:09:28.0039 3408 Browser - ok
14:09:28.0070 3408 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:09:28.0180 3408 Brserid - ok
14:09:28.0211 3408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:28.0242 3408 BrSerWdm - ok
14:09:28.0273 3408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:28.0351 3408 BrUsbMdm - ok
14:09:28.0351 3408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:28.0382 3408 BrUsbSer - ok
14:09:28.0414 3408 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:09:28.0460 3408 BTHMODEM - ok
14:09:28.0476 3408 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:09:28.0570 3408 bthserv - ok
14:09:28.0570 3408 catchme - ok
14:09:28.0601 3408 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:09:28.0694 3408 cdfs - ok
14:09:28.0788 3408 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:09:28.0850 3408 cdrom - ok
14:09:28.0928 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:09:29.0006 3408 CertPropSvc - ok
14:09:29.0053 3408 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:09:29.0116 3408 circlass - ok
14:09:29.0162 3408 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:09:29.0209 3408 CLFS - ok
14:09:29.0287 3408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:29.0318 3408 clr_optimization_v2.0.50727_32 - ok
14:09:29.0350 3408 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:29.0365 3408 clr_optimization_v2.0.50727_64 - ok
14:09:29.0490 3408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:29.0521 3408 clr_optimization_v4.0.30319_32 - ok
14:09:29.0568 3408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:29.0568 3408 clr_optimization_v4.0.30319_64 - ok
14:09:29.0599 3408 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:09:29.0599 3408 CmBatt - ok
14:09:29.0662 3408 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:09:29.0677 3408 cmdide - ok
14:09:29.0740 3408 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:09:29.0771 3408 CNG - ok
14:09:29.0818 3408 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:09:29.0833 3408 Compbatt - ok
14:09:29.0880 3408 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:09:29.0958 3408 CompositeBus - ok
14:09:29.0974 3408 COMSysApp - ok
14:09:29.0989 3408 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:09:30.0005 3408 crcdisk - ok
14:09:30.0083 3408 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:09:30.0176 3408 CryptSvc - ok
14:09:30.0254 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:09:30.0364 3408 DcomLaunch - ok
14:09:30.0410 3408 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:09:30.0473 3408 defragsvc - ok
14:09:30.0520 3408 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:09:30.0629 3408 DfsC - ok
14:09:30.0707 3408 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:09:30.0785 3408 Dhcp - ok
14:09:30.0816 3408 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:09:30.0925 3408 discache - ok
14:09:31.0003 3408 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:09:31.0034 3408 Disk - ok
14:09:31.0097 3408 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys
14:09:31.0128 3408 DKbFltr - ok
14:09:31.0190 3408 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:09:31.0268 3408 Dnscache - ok
14:09:31.0315 3408 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:09:31.0409 3408 dot3svc - ok
14:09:31.0456 3408 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:09:31.0549 3408 DPS - ok
14:09:31.0596 3408 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:09:31.0658 3408 drmkaud - ok
14:09:31.0721 3408 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:09:31.0814 3408 DXGKrnl - ok
14:09:31.0830 3408 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:09:31.0877 3408 EapHost - ok
14:09:31.0986 3408 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:09:32.0142 3408 ebdrv - ok
14:09:32.0220 3408 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:09:32.0314 3408 EFS - ok
14:09:32.0423 3408 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:09:32.0516 3408 ehRecvr - ok
14:09:32.0532 3408 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:09:32.0610 3408 ehSched - ok
14:09:32.0672 3408 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:09:32.0704 3408 elxstor - ok
14:09:32.0797 3408 [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:09:32.0828 3408 ePowerSvc - ok
14:09:32.0844 3408 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:09:32.0891 3408 ErrDev - ok
14:09:32.0938 3408 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:09:32.0984 3408 EventSystem - ok
14:09:33.0031 3408 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:09:33.0094 3408 exfat - ok
14:09:33.0250 3408 Fabs - ok
14:09:33.0265 3408 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:09:33.0374 3408 fastfat - ok
14:09:33.0468 3408 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:09:33.0593 3408 Fax - ok
14:09:33.0624 3408 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:09:33.0686 3408 fdc - ok
14:09:33.0718 3408 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:09:33.0811 3408 fdPHost - ok
14:09:33.0842 3408 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:09:33.0936 3408 FDResPub - ok
14:09:33.0967 3408 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:09:33.0983 3408 FileInfo - ok
14:09:33.0998 3408 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:09:34.0108 3408 Filetrace - ok
14:09:34.0248 3408 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:09:34.0404 3408 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:09:34.0404 3408 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:09:34.0435 3408 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:09:34.0482 3408 flpydisk - ok
14:09:34.0576 3408 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:09:34.0607 3408 FltMgr - ok
14:09:34.0685 3408 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
14:09:34.0825 3408 FontCache - ok
14:09:34.0903 3408 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:34.0919 3408 FontCache3.0.0.0 - ok
14:09:34.0950 3408 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:09:34.0966 3408 FsDepends - ok
14:09:35.0012 3408 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:09:35.0028 3408 Fs_Rec - ok
14:09:35.0122 3408 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:09:35.0153 3408 fvevol - ok
14:09:35.0184 3408 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:09:35.0184 3408 gagp30kx - ok
14:09:35.0215 3408 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:09:35.0293 3408 gpsvc - ok
14:09:35.0387 3408 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
14:09:35.0434 3408 Greg_Service - ok
14:09:35.0512 3408 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:35.0543 3408 gupdate - ok
14:09:35.0574 3408 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:35.0574 3408 gupdatem - ok
14:09:35.0605 3408 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:09:35.0621 3408 gusvc - ok
14:09:35.0652 3408 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:09:35.0730 3408 hcw85cir - ok
14:09:35.0808 3408 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:35.0855 3408 HdAudAddService - ok
14:09:35.0886 3408 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:09:35.0933 3408 HDAudBus - ok
14:09:35.0964 3408 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:09:36.0011 3408 HidBatt - ok
14:09:36.0011 3408 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:09:36.0042 3408 HidBth - ok
14:09:36.0073 3408 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:09:36.0136 3408 HidIr - ok
14:09:36.0167 3408 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:09:36.0260 3408 hidserv - ok
14:09:36.0338 3408 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:09:36.0370 3408 HidUsb - ok
14:09:36.0432 3408 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:09:36.0510 3408 hkmsvc - ok
14:09:36.0557 3408 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:36.0635 3408 HomeGroupListener - ok
14:09:36.0713 3408 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:36.0775 3408 HomeGroupProvider - ok
14:09:36.0822 3408 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:09:36.0853 3408 HpSAMD - ok
14:09:36.0931 3408 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:09:37.0087 3408 HTTP - ok
14:09:37.0150 3408 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:09:37.0181 3408 hwpolicy - ok
14:09:37.0259 3408 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:09:37.0290 3408 i8042prt - ok
14:09:37.0368 3408 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:09:37.0415 3408 iaStorV - ok
14:09:37.0508 3408 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:37.0586 3408 idsvc - ok
14:09:37.0618 3408 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:09:37.0633 3408 iirsp - ok
14:09:37.0711 3408 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:09:37.0805 3408 IKEEXT - ok
14:09:37.0914 3408 [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:38.0008 3408 IntcAzAudAddService - ok
14:09:38.0054 3408 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:09:38.0086 3408 intelide - ok
14:09:38.0117 3408 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:09:38.0148 3408 intelppm - ok
14:09:38.0179 3408 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:09:38.0242 3408 IPBusEnum - ok
14:09:38.0320 3408 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:38.0413 3408 IpFilterDriver - ok
14:09:38.0507 3408 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:09:38.0616 3408 iphlpsvc - ok
14:09:38.0678 3408 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:09:38.0725 3408 IPMIDRV - ok
14:09:38.0788 3408 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:09:38.0881 3408 IPNAT - ok
14:09:38.0912 3408 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:09:38.0959 3408 IRENUM - ok
14:09:38.0990 3408 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:09:39.0006 3408 isapnp - ok
14:09:39.0068 3408 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:09:39.0115 3408 iScsiPrt - ok
14:09:39.0131 3408 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:09:39.0146 3408 kbdclass - ok
14:09:39.0209 3408 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:09:39.0271 3408 kbdhid - ok
14:09:39.0302 3408 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:09:39.0334 3408 KeyIso - ok
14:09:39.0380 3408 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:09:39.0412 3408 KSecDD - ok
14:09:39.0427 3408 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:09:39.0443 3408 KSecPkg - ok
14:09:39.0474 3408 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:09:39.0568 3408 ksthunk - ok
14:09:39.0599 3408 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:09:39.0661 3408 KtmRm - ok
14:09:39.0692 3408 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
14:09:39.0739 3408 L1C - ok
14:09:39.0786 3408 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:09:39.0848 3408 LanmanServer - ok
14:09:39.0926 3408 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:40.0036 3408 LanmanWorkstation - ok
14:09:40.0098 3408 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:09:40.0160 3408 lltdio - ok
14:09:40.0207 3408 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:09:40.0301 3408 lltdsvc - ok
14:09:40.0332 3408 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:09:40.0410 3408 lmhosts - ok
14:09:40.0457 3408 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:09:40.0488 3408 LSI_FC - ok
14:09:40.0504 3408 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:09:40.0519 3408 LSI_SAS - ok
14:09:40.0535 3408 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:09:40.0550 3408 LSI_SAS2 - ok
14:09:40.0566 3408 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:09:40.0582 3408 LSI_SCSI - ok
14:09:40.0597 3408 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:09:40.0691 3408 luafv - ok
14:09:40.0784 3408 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
14:09:40.0816 3408 McAfee SiteAdvisor Service - ok
14:09:40.0862 3408 [ 0FC36E77D779F8D021D338BDC7368181 ] mcmscsvc C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
14:09:40.0894 3408 mcmscsvc - ok
14:09:41.0003 3408 [ 2988E515570E4F8B9D9B256137F8E8F4 ] McNASvc c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
14:09:41.0096 3408 McNASvc - ok
14:09:41.0143 3408 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:09:41.0206 3408 Mcx2Svc - ok
14:09:41.0237 3408 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:09:41.0252 3408 megasas - ok
14:09:41.0268 3408 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:09:41.0299 3408 MegaSR - ok
14:09:41.0330 3408 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:09:41.0408 3408 MMCSS - ok
14:09:41.0408 3408 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:09:41.0455 3408 Modem - ok
14:09:41.0502 3408 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:09:41.0533 3408 monitor - ok
14:09:41.0611 3408 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:09:41.0642 3408 mouclass - ok
14:09:41.0689 3408 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:09:41.0752 3408 mouhid - ok
14:09:41.0830 3408 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:09:41.0861 3408 mountmgr - ok
14:09:42.0001 3408 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:42.0032 3408 MozillaMaintenance - ok
14:09:42.0095 3408 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:09:42.0126 3408 mpio - ok
14:09:42.0157 3408 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:09:42.0220 3408 mpsdrv - ok
14:09:42.0298 3408 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:09:42.0407 3408 MpsSvc - ok
14:09:42.0438 3408 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:09:42.0469 3408 MRxDAV - ok
14:09:42.0516 3408 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:42.0578 3408 mrxsmb - ok
14:09:42.0625 3408 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:42.0656 3408 mrxsmb10 - ok
14:09:42.0703 3408 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:42.0750 3408 mrxsmb20 - ok
14:09:42.0781 3408 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:09:42.0797 3408 msahci - ok
14:09:42.0812 3408 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:09:42.0828 3408 msdsm - ok
14:09:42.0844 3408 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:09:42.0890 3408 MSDTC - ok
14:09:42.0953 3408 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:09:43.0031 3408 Msfs - ok
14:09:43.0062 3408 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:09:43.0140 3408 mshidkmdf - ok
14:09:43.0187 3408 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:09:43.0218 3408 msisadrv - ok
14:09:43.0249 3408 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:09:43.0358 3408 MSiSCSI - ok
14:09:43.0358 3408 msiserver - ok
14:09:43.0390 3408 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:09:43.0483 3408 MSKSSRV - ok
14:09:43.0514 3408 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:43.0577 3408 MSPCLOCK - ok
14:09:43.0592 3408 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:09:43.0655 3408 MSPQM - ok
14:09:43.0717 3408 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:09:43.0764 3408 MsRPC - ok
14:09:43.0811 3408 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:09:43.0842 3408 mssmbios - ok
14:09:43.0858 3408 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:09:43.0951 3408 MSTEE - ok
14:09:43.0951 3408 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:09:43.0967 3408 MTConfig - ok
14:09:43.0998 3408 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:09:44.0014 3408 Mup - ok
14:09:44.0045 3408 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:09:44.0060 3408 mwlPSDFilter - ok
14:09:44.0060 3408 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:09:44.0076 3408 mwlPSDNServ - ok
14:09:44.0092 3408 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:09:44.0107 3408 mwlPSDVDisk - ok
14:09:44.0170 3408 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
14:09:44.0201 3408 MWLService - ok
14:09:44.0263 3408 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:09:44.0310 3408 napagent - ok
14:09:44.0357 3408 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:09:44.0419 3408 NativeWifiP - ok
14:09:44.0466 3408 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:09:44.0497 3408 NDIS - ok
14:09:44.0528 3408 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:44.0591 3408 NdisCap - ok
14:09:44.0638 3408 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:44.0731 3408 NdisTapi - ok
14:09:44.0794 3408 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:44.0887 3408 Ndisuio - ok
14:09:44.0950 3408 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:45.0043 3408 NdisWan - ok
14:09:45.0121 3408 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:09:45.0215 3408 NDProxy - ok
14:09:45.0246 3408 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:09:45.0293 3408 NetBIOS - ok
14:09:45.0355 3408 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:09:45.0418 3408 NetBT - ok
14:09:45.0449 3408 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:09:45.0464 3408 Netlogon - ok
14:09:45.0511 3408 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:09:45.0574 3408 Netman - ok
14:09:45.0589 3408 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:09:45.0636 3408 netprofm - ok
14:09:45.0683 3408 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:09:45.0698 3408 NetTcpPortSharing - ok
14:09:45.0730 3408 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:09:45.0745 3408 nfrd960 - ok
14:09:45.0823 3408 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:09:45.0886 3408 NlaSvc - ok
14:09:45.0886 3408 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:09:45.0932 3408 Npfs - ok
14:09:45.0964 3408 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:09:46.0026 3408 nsi - ok
14:09:46.0057 3408 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:09:46.0120 3408 nsiproxy - ok
14:09:46.0213 3408 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:09:46.0291 3408 Ntfs - ok
14:09:46.0369 3408 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
14:09:46.0400 3408 NTIBackupSvc - ok
14:09:46.0432 3408 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:09:46.0447 3408 NTIDrvr - ok
14:09:46.0463 3408 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
14:09:46.0478 3408 NTISchedulerSvc - ok
14:09:46.0510 3408 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:09:46.0556 3408 Null - ok
14:09:46.0619 3408 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:09:46.0666 3408 nvraid - ok
14:09:46.0681 3408 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:09:46.0697 3408 nvstor - ok
14:09:46.0759 3408 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:09:46.0790 3408 nv_agp - ok
14:09:46.0853 3408 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:09:46.0884 3408 odserv - ok
14:09:46.0946 3408 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:09:47.0009 3408 ohci1394 - ok
14:09:47.0040 3408 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:47.0087 3408 ose - ok
14:09:47.0102 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:09:47.0180 3408 p2pimsvc - ok
14:09:47.0212 3408 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:09:47.0243 3408 p2psvc - ok
14:09:47.0274 3408 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:09:47.0290 3408 Parport - ok
14:09:47.0336 3408 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:09:47.0368 3408 partmgr - ok
14:09:47.0383 3408 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:09:47.0446 3408 PcaSvc - ok
14:09:47.0477 3408 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:09:47.0508 3408 pci - ok
14:09:47.0555 3408 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:09:47.0570 3408 pciide - ok
14:09:47.0586 3408 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:09:47.0617 3408 pcmcia - ok
14:09:47.0633 3408 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:09:47.0648 3408 pcw - ok
14:09:47.0664 3408 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:09:47.0742 3408 PEAUTH - ok
14:09:47.0867 3408 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:09:47.0929 3408 PerfHost - ok
14:09:48.0007 3408 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:09:48.0163 3408 pla - ok
14:09:48.0257 3408 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:09:48.0350 3408 PlugPlay - ok
14:09:48.0382 3408 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:09:48.0444 3408 PNRPAutoReg - ok
14:09:48.0475 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:09:48.0506 3408 PNRPsvc - ok
14:09:48.0584 3408 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:09:48.0678 3408 PolicyAgent - ok
14:09:48.0725 3408 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:09:48.0772 3408 Power - ok
14:09:48.0818 3408 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:09:48.0896 3408 PptpMiniport - ok
14:09:48.0928 3408 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:09:48.0974 3408 Processor - ok
14:09:49.0052 3408 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
14:09:49.0130 3408 ProfSvc - ok
14:09:49.0146 3408 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:49.0162 3408 ProtectedStorage - ok
14:09:49.0224 3408 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:09:49.0333 3408 Psched - ok
14:09:49.0411 3408 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:09:49.0505 3408 ql2300 - ok
14:09:49.0536 3408 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:09:49.0552 3408 ql40xx - ok
14:09:49.0583 3408 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:09:49.0598 3408 QWAVE - ok
14:09:49.0630 3408 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:09:49.0661 3408 QWAVEdrv - ok
14:09:49.0708 3408 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:09:49.0801 3408 RasAcd - ok
14:09:49.0848 3408 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:49.0957 3408 RasAgileVpn - ok
14:09:50.0035 3408 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:09:50.0098 3408 RasAuto - ok
14:09:50.0176 3408 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:50.0269 3408 Rasl2tp - ok
14:09:50.0332 3408 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:09:50.0425 3408 RasMan - ok
14:09:50.0456 3408 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:50.0519 3408 RasPppoe - ok
14:09:50.0566 3408 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:09:50.0644 3408 RasSstp - ok
14:09:50.0706 3408 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:09:50.0753 3408 rdbss - ok
14:09:50.0768 3408 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:09:50.0800 3408 rdpbus - ok
14:09:50.0831 3408 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:50.0893 3408 RDPCDD - ok
14:09:50.0909 3408 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:09:50.0956 3408 RDPENCDD - ok
14:09:50.0987 3408 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:09:51.0049 3408 RDPREFMP - ok
14:09:51.0080 3408 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:09:51.0174 3408 RDPWD - ok
14:09:51.0236 3408 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:09:51.0283 3408 rdyboost - ok
14:09:51.0314 3408 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:09:51.0439 3408 RemoteAccess - ok
14:09:51.0486 3408 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:09:51.0548 3408 RemoteRegistry - ok
14:09:51.0595 3408 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:09:51.0689 3408 RpcEptMapper - ok
14:09:51.0720 3408 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:09:51.0767 3408 RpcLocator - ok
14:09:51.0829 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:09:51.0907 3408 RpcSs - ok
14:09:51.0938 3408 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:09:52.0001 3408 rspndr - ok
14:09:52.0063 3408 [ B1D04ED92D148B54169499D9568A3C55 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:09:52.0094 3408 RSUSBSTOR - ok
14:09:52.0110 3408 RtsUIR - ok
14:09:52.0126 3408 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:09:52.0141 3408 SamSs - ok
14:09:52.0188 3408 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:09:52.0219 3408 sbp2port - ok
14:09:52.0266 3408 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:09:52.0344 3408 SCardSvr - ok
14:09:52.0375 3408 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:09:52.0484 3408 scfilter - ok
14:09:52.0578 3408 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:09:52.0672 3408 Schedule - ok
14:09:52.0734 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:09:52.0781 3408 SCPolicySvc - ok
14:09:52.0843 3408 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:09:52.0906 3408 SDRSVC - ok
14:09:52.0952 3408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:09:53.0062 3408 secdrv - ok
14:09:53.0124 3408 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:09:53.0218 3408 seclogon - ok
14:09:53.0280 3408 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:09:53.0342 3408 SENS - ok
14:09:53.0374 3408 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:09:53.0452 3408 SensrSvc - ok
14:09:53.0483 3408 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:09:53.0530 3408 Serenum - ok
14:09:53.0561 3408 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:09:53.0623 3408 Serial - ok
14:09:53.0654 3408 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:09:53.0701 3408 sermouse - ok
14:09:53.0764 3408 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:09:53.0826 3408 SessionEnv - ok
14:09:53.0857 3408 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:09:53.0904 3408 sffdisk - ok
14:09:53.0935 3408 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:09:53.0998 3408 sffp_mmc - ok
14:09:54.0029 3408 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:09:54.0091 3408 sffp_sd - ok
14:09:54.0138 3408 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:09:54.0200 3408 sfloppy - ok
14:09:54.0247 3408 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:09:54.0372 3408 SharedAccess - ok
14:09:54.0419 3408 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:54.0512 3408 ShellHWDetection - ok
14:09:54.0544 3408 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:09:54.0544 3408 SiSRaid2 - ok
14:09:54.0575 3408 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:09:54.0590 3408 SiSRaid4 - ok
14:09:54.0653 3408 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:09:54.0684 3408 SkypeUpdate - ok
14:09:54.0700 3408 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:09:54.0762 3408 Smb - ok
14:09:54.0809 3408 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:09:54.0840 3408 SNMPTRAP - ok
14:09:54.0887 3408 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:09:54.0918 3408 spldr - ok
14:09:54.0980 3408 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
14:09:55.0043 3408 Spooler - ok
14:09:55.0168 3408 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:09:55.0355 3408 sppsvc - ok
14:09:55.0402 3408 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:09:55.0495 3408 sppuinotify - ok
14:09:55.0604 3408 [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd C:\Windows\System32\Drivers\sptd.sys
14:09:55.0667 3408 sptd - ok
14:09:55.0745 3408 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:09:55.0792 3408 srv - ok
14:09:55.0838 3408 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:09:55.0885 3408 srv2 - ok
14:09:55.0916 3408 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:09:55.0948 3408 srvnet - ok
14:09:56.0010 3408 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:09:56.0072 3408 SSDPSRV - ok
14:09:56.0104 3408 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:09:56.0150 3408 SstpSvc - ok
14:09:56.0166 3408 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:09:56.0182 3408 stexstor - ok
14:09:56.0244 3408 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:09:56.0306 3408 stisvc - ok
14:09:56.0353 3408 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:09:56.0369 3408 swenum - ok
14:09:56.0384 3408 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:09:56.0431 3408 swprv - ok
14:09:56.0478 3408 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:09:56.0494 3408 SynTP - ok
14:09:56.0587 3408 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:09:56.0712 3408 SysMain - ok
14:09:56.0759 3408 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:56.0790 3408 TabletInputService - ok
14:09:56.0806 3408 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:09:56.0884 3408 TapiSrv - ok
14:09:56.0930 3408 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:09:57.0055 3408 TBS - ok
14:09:57.0164 3408 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:09:57.0242 3408 Tcpip - ok
14:09:57.0305 3408 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:09:57.0352 3408 TCPIP6 - ok
14:09:57.0414 3408 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:09:57.0492 3408 tcpipreg - ok
14:09:57.0539 3408 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:09:57.0617 3408 TDPIPE - ok
14:09:57.0679 3408 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:09:57.0726 3408 TDTCP - ok
14:09:57.0804 3408 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:09:57.0851 3408 tdx - ok
14:09:57.0913 3408 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:09:57.0944 3408 TermDD - ok
14:09:58.0007 3408 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:09:58.0085 3408 TermService - ok
14:09:58.0116 3408 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:09:58.0194 3408 Themes - ok
14:09:58.0241 3408 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:09:58.0303 3408 THREADORDER - ok
14:09:58.0319 3408 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:09:58.0381 3408 TrkWks - ok
14:09:58.0475 3408 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:58.0553 3408 TrustedInstaller - ok
14:09:58.0600 3408 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:58.0662 3408 tssecsrv - ok
14:09:58.0740 3408 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:09:58.0802 3408 TsUsbFlt - ok
14:09:58.0880 3408 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:09:58.0990 3408 tunnel - ok
14:09:59.0021 3408 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:09:59.0068 3408 uagp35 - ok
14:09:59.0083 3408 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:09:59.0099 3408 UBHelper - ok
14:09:59.0161 3408 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:09:59.0255 3408 udfs - ok
14:09:59.0302 3408 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:09:59.0364 3408 UI0Detect - ok
14:09:59.0411 3408 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:09:59.0426 3408 uliagpkx - ok
14:09:59.0473 3408 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:09:59.0536 3408 umbus - ok
14:09:59.0598 3408 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:09:59.0645 3408 UmPass - ok
14:09:59.0723 3408 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:09:59.0770 3408 Updater Service - ok
14:09:59.0816 3408 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:09:59.0879 3408 upnphost - ok
14:09:59.0941 3408 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
14:09:59.0988 3408 usbccgp - ok
14:10:00.0004 3408 USBCCID - ok
14:10:00.0050 3408 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:10:00.0128 3408 usbcir - ok
14:10:00.0160 3408 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:10:00.0175 3408 usbehci - ok
14:10:00.0206 3408 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:10:00.0222 3408 usbfilter - ok
14:10:00.0253 3408 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:10:00.0316 3408 usbhub - ok
14:10:00.0362 3408 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:10:00.0425 3408 usbohci - ok
14:10:00.0456 3408 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:10:00.0487 3408 usbprint - ok
14:10:00.0503 3408 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:10:00.0565 3408 usbscan - ok
14:10:00.0596 3408 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:00.0659 3408 USBSTOR - ok
14:10:00.0706 3408 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:10:00.0752 3408 usbuhci - ok
14:10:00.0784 3408 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:10:00.0799 3408 usbvideo - ok
14:10:00.0846 3408 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:10:00.0893 3408 UxSms - ok
14:10:00.0893 3408 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:10:00.0908 3408 VaultSvc - ok
14:10:00.0924 3408 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:10:00.0940 3408 vdrvroot - ok
14:10:01.0002 3408 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:10:01.0049 3408 vds - ok
14:10:01.0080 3408 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:01.0111 3408 vga - ok
14:10:01.0142 3408 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:10:01.0205 3408 VgaSave - ok
14:10:01.0267 3408 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:10:01.0298 3408 vhdmp - ok
14:10:01.0345 3408 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:10:01.0376 3408 viaide - ok
14:10:01.0392 3408 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:10:01.0423 3408 volmgr - ok
14:10:01.0486 3408 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:10:01.0517 3408 volmgrx - ok
14:10:01.0548 3408 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:10:01.0564 3408 volsnap - ok
14:10:01.0595 3408 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:10:01.0610 3408 vsmraid - ok
14:10:01.0704 3408 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:10:01.0860 3408 VSS - ok
14:10:01.0891 3408 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:10:01.0938 3408 vwifibus - ok
14:10:01.0969 3408 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:10:02.0032 3408 vwififlt - ok
14:10:02.0078 3408 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:10:02.0125 3408 vwifimp - ok
14:10:02.0156 3408 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:10:02.0234 3408 W32Time - ok
14:10:02.0266 3408 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:10:02.0312 3408 WacomPen - ok
14:10:02.0375 3408 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:10:02.0437 3408 WANARP - ok
14:10:02.0437 3408 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:10:02.0484 3408 Wanarpv6 - ok
14:10:02.0578 3408 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:10:02.0640 3408 WatAdminSvc - ok
14:10:02.0734 3408 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:10:02.0827 3408 wbengine - ok
14:10:02.0858 3408 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:10:02.0890 3408 WbioSrvc - ok
14:10:02.0952 3408 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:10:02.0999 3408 wcncsvc - ok
14:10:03.0014 3408 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:03.0092 3408 WcsPlugInService - ok
14:10:03.0124 3408 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:10:03.0139 3408 Wd - ok
14:10:03.0186 3408 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
14:10:03.0202 3408 WDC_SAM - ok
14:10:03.0264 3408 [ 334E5ED94D3FAFF3C44F4D36B1FE1C90 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:10:03.0295 3408 WDDMService ( UnsignedFile.Multi.Generic ) - warning
14:10:03.0295 3408 WDDMService - detected UnsignedFile.Multi.Generic (1)
14:10:03.0358 3408 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:10:03.0404 3408 Wdf01000 - ok
14:10:03.0404 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:10:03.0498 3408 WdiServiceHost - ok
14:10:03.0498 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:10:03.0529 3408 WdiSystemHost - ok
14:10:03.0592 3408 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:10:03.0623 3408 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
14:10:03.0623 3408 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
14:10:03.0685 3408 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:10:03.0748 3408 WebClient - ok
14:10:03.0794 3408 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:10:03.0888 3408 Wecsvc - ok
14:10:03.0919 3408 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:10:03.0982 3408 wercplsupport - ok
14:10:04.0028 3408 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:10:04.0075 3408 WerSvc - ok
14:10:04.0091 3408 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:04.0122 3408 WfpLwf - ok
14:10:04.0153 3408 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:10:04.0153 3408 WIMMount - ok
14:10:04.0184 3408 WinDefend - ok
14:10:04.0200 3408 WinHttpAutoProxySvc - ok
14:10:04.0247 3408 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:10:04.0356 3408 Winmgmt - ok
14:10:04.0450 3408 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:10:04.0574 3408 WinRM - ok
14:10:04.0684 3408 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:10:04.0699 3408 WinUsb - ok
14:10:04.0746 3408 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:10:04.0777 3408 Wlansvc - ok
14:10:04.0840 3408 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:10:04.0886 3408 WmiAcpi - ok
14:10:04.0949 3408 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:10:04.0996 3408 wmiApSrv - ok
14:10:05.0027 3408 WMPNetworkSvc - ok
14:10:05.0058 3408 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:10:05.0089 3408 WPCSvc - ok
14:10:05.0136 3408 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:10:05.0152 3408 WPDBusEnum - ok
14:10:05.0183 3408 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:10:05.0261 3408 ws2ifsl - ok
14:10:05.0292 3408 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:10:05.0354 3408 wscsvc - ok
14:10:05.0354 3408 WSearch - ok
14:10:05.0464 3408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:10:05.0573 3408 wuauserv - ok
14:10:05.0588 3408 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:10:05.0651 3408 WudfPf - ok
14:10:05.0713 3408 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:05.0791 3408 WUDFRd - ok
14:10:05.0822 3408 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:10:05.0885 3408 wudfsvc - ok
14:10:05.0916 3408 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:10:05.0994 3408 WwanSvc - ok
14:10:06.0041 3408 ================ Scan global ===============================
14:10:06.0072 3408 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:10:06.0134 3408 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0150 3408 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0181 3408 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:10:06.0212 3408 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:10:06.0212 3408 [Global] - ok
14:10:06.0228 3408 ================ Scan MBR ==================================
14:10:06.0244 3408 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:10:07.0133 3408 \Device\Harddisk0\DR0 - ok
14:10:07.0133 3408 ================ Scan VBR ==================================
14:10:07.0180 3408 [ 43D10C8A701FE2AE33CB41AD4C40F808 ] \Device\Harddisk0\DR0\Partition1
14:10:07.0180 3408 \Device\Harddisk0\DR0\Partition1 - ok
14:10:07.0226 3408 [ 14DD15F13795B58BB155E9730F137D85 ] \Device\Harddisk0\DR0\Partition2
14:10:07.0226 3408 \Device\Harddisk0\DR0\Partition2 - ok
14:10:07.0226 3408 ============================================================
14:10:07.0226 3408 Scan finished
14:10:07.0226 3408 ============================================================
14:10:07.0258 4792 Detected object count: 3
14:10:07.0258 4792 Actual detected object count: 3
14:10:45.0696 4792 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:45.0696 4792 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:45.0696 4792 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:45.0696 4792 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:45.0712 4792 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:45.0712 4792 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von cheekylisa (07.05.2013 um 13:15 Uhr) |
|
07.05.2013, 13:34
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner 2.12 - Bereinigung Das ist noch ein Fund im Java-Cache, machen wir später weg JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 13:51
| #15 |
| | GVU Trojaner 2.12 - Bereinigung JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2521884591-20305894-1218270197-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\blabbers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savings sidekick_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savings sidekick_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\***‚\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\wi3c8a~1"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"
user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2319825.CTID", "CT2319825");
user_pref("CT2319825.CurrentServerDate", "12-12-2010");
user_pref("CT2319825.DialogsAlignMode", "LTR");
user_pref("CT2319825.EMailNotifierPollDate", "Sun Dec 12 2010 16:02:34 GMT+0100");
user_pref("CT2319825.FeedPollDate11908299", "Sun Dec 12 2010 15:52:36 GMT+0100");
user_pref("CT2319825.FirstServerDate", "12-12-2010");
user_pref("CT2319825.FirstTime", true);
user_pref("CT2319825.FirstTimeFF3", true);
user_pref("CT2319825.FixPageNotFoundErrors", true);
user_pref("CT2319825.GroupingServerCheckInterval", 1440);
user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2319825.Initialize", true);
user_pref("CT2319825.InitializeCommonPrefs", true);
user_pref("CT2319825.InstalledDate", "Sun Dec 12 2010 09:22:27 GMT+0100");
user_pref("CT2319825.InvalidateCache", false);
user_pref("CT2319825.IsGrouping", false);
user_pref("CT2319825.IsMulticommunity", false);
user_pref("CT2319825.IsOpenThankYouPage", false);
user_pref("CT2319825.IsOpenUninstallPage", true);
user_pref("CT2319825.LanguagePackLastCheckTime", "Sun Dec 12 2010 09:22:30 GMT+0100");
user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2319825.LastLogin_2.5.8.6", "Sun Dec 12 2010 13:22:31 GMT+0100");
user_pref("CT2319825.LatestVersion", "2.7.2.0");
user_pref("CT2319825.Locale", "de");
user_pref("CT2319825.LoginCache", 4);
user_pref("CT2319825.MCDetectTooltipHeight", "83");
user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2319825.MCDetectTooltipWidth", "295");
user_pref("CT2319825.RadioIsPodcast", false);
user_pref("CT2319825.RadioLastCheckTime", "Sun Dec 12 2010 09:22:31 GMT+0100");
user_pref("CT2319825.RadioLastUpdateIPServer", "3");
user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
user_pref("CT2319825.RadioMediaID", "11949532");
user_pref("CT2319825.RadioMediaType", "Media Player");
user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
user_pref("CT2319825.RadioStationName", "1Live");
user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
user_pref("CT2319825.SHRINK_TOOLBAR", 1);
user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2319825.SearchFromAddressBarIsInit", true);
user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
user_pref("CT2319825.SearchInNewTabEnabled", true);
user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
user_pref("CT2319825.SearchInNewTabLastCheckTime", "Sun Dec 12 2010 09:22:30 GMT+0100");
user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2319825.SettingsCheckIntervalMin", 120);
user_pref("CT2319825.SettingsLastCheckTime", "Sun Dec 12 2010 09:22:25 GMT+0100");
user_pref("CT2319825.SettingsLastUpdate", "1291980849");
user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Sun Dec 12 2010 09:22:20 GMT+0100");
user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2319825.Uninstall", true);
user_pref("CT2319825.UserID", "UN52104729979919363");
user_pref("CT2319825.WeatherNetwork", "");
user_pref("CT2319825.WeatherPollDate", "Sun Dec 12 2010 15:52:37 GMT+0100");
user_pref("CT2319825.WeatherUnit", "C");
user_pref("CT2319825.alertChannelId", "715912");
user_pref("CT2319825.backendstorage.id", "32343438333530");
user_pref("CT2319825.clientLogIsEnabled", true);
user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2319825.myStuffEnabled", true);
user_pref("CT2319825.myStuffPublihserMinWidth", 400);
user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2724386.CTID", "ct2724407");
user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Wed Mar 16 2011 20:26:12 GMT+0100");
user_pref("CT2724386.CurrentServerDate", "16-3-2011");
user_pref("CT2724386.DialogsAlignMode", "LTR");
user_pref("CT2724386.DownloadReferralCookieData", "");
user_pref("CT2724386.FirstServerDate", "16-3-2011");
user_pref("CT2724386.FirstTime", true);
user_pref("CT2724386.FirstTimeFF3", true);
user_pref("CT2724386.FirstTimeSettingsDone", true);
user_pref("CT2724386.FixPageNotFoundErrors", true);
user_pref("CT2724386.GroupingLastCheckTime", "Wed Mar 16 2011 20:26:14 GMT+0100");
user_pref("CT2724386.GroupingLastErrorCode", "");
user_pref("CT2724386.GroupingLastResponse", true);
user_pref("CT2724386.GroupingLastServerUpdateTime", "129440657457670000");
user_pref("CT2724386.GroupingServerCheckInterval", 1440);
user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2724386.Initialize", true);
user_pref("CT2724386.InitializeCommonPrefs", true);
user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
user_pref("CT2724386.InstallationType", "ConduitIntegration");
user_pref("CT2724386.InstalledDate", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.IsGrouping", true);
user_pref("CT2724386.IsMulticommunity", false);
user_pref("CT2724386.IsOpenThankYouPage", false);
user_pref("CT2724386.IsOpenUninstallPage", true);
user_pref("CT2724386.LanguagePackLastCheckTime", "Wed Mar 16 2011 20:26:15 GMT+0100");
user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2724386.LastLogin_2.7.2.0", "Wed Mar 16 2011 20:26:16 GMT+0100");
user_pref("CT2724386.LatestVersion", "3.2.5.2");
user_pref("CT2724386.Locale", "en");
user_pref("CT2724386.LoginCache", 4);
user_pref("CT2724386.MCDetectTooltipHeight", "83");
user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2724386.MCDetectTooltipWidth", "295");
user_pref("CT2724386.RadioIsPodcast", false);
user_pref("CT2724386.RadioMediaID", "21080119");
user_pref("CT2724386.RadioMediaType", "Media Player");
user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119");
user_pref("CT2724386.RadioStationName", "Royal-Radio%20");
user_pref("CT2724386.RadioStationURL", "");
user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2724386&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2724386.SearchFromAddressBarIsInit", true);
user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&q=");
user_pref("CT2724386.SearchInNewTabEnabled", true);
user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
user_pref("CT2724386.SearchInNewTabLastCheckTime", "Wed Mar 16 2011 20:26:15 GMT+0100");
user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2724386.SettingsCheckIntervalMin", 120);
user_pref("CT2724386.SettingsLastCheckTime", "Wed Mar 16 2011 20:26:12 GMT+0100");
user_pref("CT2724386.SettingsLastUpdate", "1299584945");
user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 20:26:11 GMT+0100");
user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
user_pref("CT2724386.Uninstall", true);
user_pref("CT2724386.UserID", "UN00772594986752139");
user_pref("CT2724386.WeatherNetwork", "");
user_pref("CT2724386.WeatherPollDate", "Wed Mar 16 2011 20:26:15 GMT+0100");
user_pref("CT2724386.WeatherUnit", "C");
user_pref("CT2724386.clientLogIsEnabled", true);
user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR");
user_pref("CT2724386.ct2724407.FirstTimeSettingsDone", true);
user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false);
user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.ct2724407.GroupingLastErrorCode", "");
user_pref("CT2724386.ct2724407.GroupingLastResponse", true);
user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129436467272530000");
user_pref("CT2724386.ct2724407.InvalidateCache", false);
user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Wed Mar 16 2011 20:26:20 GMT+0100");
user_pref("CT2724386.ct2724407.Locale", "de");
user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Wed Mar 16 2011 20:26:14 GMT+0100");
user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3");
user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000");
user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2724407&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2724386.ct2724407.SettingsCheckIntervalMin", 120);
user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1299165927");
user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2724386.myStuffEnabled", true);
user_pref("CT2724386.myStuffPublihserMinWidth", 400);
user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2319825,CT2724386");
user_pref("CommunityToolbar.ToolbarsList2", "CT2319825,CT2724386");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Mar 16 2011 20:26:13 GMT+0100");
user_pref("browser.search.order.1", "iLivid Web Search");
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAASCwAAEgsAAAAAAAAAAAAA9IVCS
user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");
Emptied folder: C:\Users\***‚\AppData\Roaming\mozilla\firefox\profiles\kjmn017r.default\minidumps [106 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2013 at 14:46:05,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwCleaner: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 07/05/2013 um 14:51:43 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - UNSER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Users\Katja & René\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Katja & René\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Katja & René\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Katja & René\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\Katja & René\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\Conduit
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\jetpack
Ordner Gelöscht : C:\Users\Katja & René\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB58C757-0291-4A3C-AD39-8330384952DA}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB58C757-0291-4A3C-AD39-8330384952DA}
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB58C757-0291-4A3C-AD39-8330384952DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kjmn017r.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [13266 octets] - [07/05/2013 14:51:43]
########## EOF - C:\AdwCleaner[S1].txt - [13327 octets] ##########
Code:
ATTFilter OTL logfile created on: 07.05.2013 14:59:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,58% Memory free 7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 39,19 Gb Free Space | 13,70% Space Free | Partition Type: NTFS Computer Name: UNSER | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Katja & René\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Windows\PLFSetI.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\PLFSetI.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{34EE7CA7-4446-4B1B-ABFE-2443F6A64566}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE371DE371 IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5541&r=27360310i415l04h4z1m5t4492h25o IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2521884591-20305894-1218270197-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.08 17:35:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 18:54:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 18:54:20 | 000,000,000 | ---D | M] [2013.04.13 18:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.13 18:54:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2013.01.27 18:28:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.27 18:28:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.27 18:28:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.27 18:28:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.27 18:28:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.27 18:28:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.06 17:45:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-2521884591-20305894-1218270197-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B03E39-C5F3-4B3F-ACD5-159C4444188B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 14:39:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.07 14:39:05 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.07 12:38:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2013.05.07 12:38:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2013.05.07 12:38:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western_Digital [2013.05.07 12:38:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital [2013.05.07 12:38:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital [2013.05.07 12:38:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2013.05.07 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\EgisTec [2013.05.07 12:37:38 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.05.07 12:37:38 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2013.05.07 12:37:38 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.05.07 12:37:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2013.05.07 12:37:21 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2013.05.07 12:37:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2013.05.07 12:37:15 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2013.05.07 12:37:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2013.05.07 12:37:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2013.05.07 12:37:15 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2013.05.07 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2013.05.06 20:53:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.06 17:32:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.06 17:32:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.06 17:32:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.06 17:28:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.06 17:28:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.06 13:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.06 13:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.06 13:31:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.06 13:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.06 11:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle [2013.05.06 11:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bridge Bundle [2013.05.06 10:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2 [2013.05.06 10:07:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.04.13 18:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 13:33:34 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 13:33:34 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 13:33:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.10 13:33:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.10 13:33:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.10 13:33:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.10 13:32:24 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 13:32:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 13:32:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 13:32:16 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.10 13:32:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.10 13:32:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.10 13:32:16 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.10 13:32:01 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 13:32:00 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 13:31:59 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 13:31:59 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 13:31:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 13:31:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2009.11.13 05:12:26 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.05.07 15:05:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.07 15:02:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 15:02:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 14:55:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.07 14:53:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.07 14:53:34 | 3218,239,488 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 14:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.06 17:45:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.03 17:34:30 | 000,000,151 | ---- | M] () -- C:\ProgramData\2eooc.reg [2013.05.01 20:38:49 | 004,614,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.01 20:38:49 | 001,808,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.01 20:38:49 | 001,395,536 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.01 20:38:49 | 001,247,030 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.01 20:38:48 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.11 17:02:40 | 000,491,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.07 12:37:43 | 000,001,409 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.05.07 12:37:39 | 000,001,443 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.06 17:32:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.06 17:32:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.06 17:32:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.06 17:32:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.06 17:32:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.06 10:43:04 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2013.05.03 17:34:30 | 000,000,151 | ---- | C] () -- C:\ProgramData\2eooc.reg [2012.08.17 15:05:00 | 000,000,030 | ---- | C] () -- C:\Windows\CDMKR32.INI [2012.06.10 13:08:40 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI [2012.06.05 17:33:52 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.06.05 17:33:52 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.06.05 17:33:52 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.06.05 17:33:52 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.06.05 17:33:52 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.06.05 17:33:52 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.06.05 17:33:52 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.06.05 17:33:52 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.06.05 17:33:52 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.06.05 17:33:52 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.06.05 17:33:52 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.06.05 17:33:52 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.06.05 17:33:52 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.06.05 17:33:52 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.06.05 17:33:52 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.06.05 17:33:52 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.06.05 17:33:52 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.06.05 17:33:52 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.06.05 17:33:52 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.04.06 19:28:43 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.09.06 22:11:39 | 000,000,546 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.04.12 17:25:17 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.05.2013 14:59:46 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,58% Memory free
7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 39,19 Gb Free Space | 13,70% Space Free | Partition Type: NTFS
Computer Name: UNSER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07534515-4279-4838-BD48-4D4DDEEDA884}" = rport=445 | protocol=6 | dir=out | app=system |
"{0B7730F5-B2F2-44C0-B214-6B9CBBBFC1AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{133B9DE5-2A29-4951-89CE-7775289C0E85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{191E8D47-85D0-42C6-872E-17C27CAD250B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C007015-2BE6-41B6-BC06-A0CF071F0F69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{207D4850-34EE-4D27-A570-74164F1080F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2CE54D45-D94B-4D7D-A03F-E56C78892E28}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A3EBD31-AF94-4D81-B66A-C5419A5718FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{3BF0A70D-8038-4E98-8957-501B24E7F8F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44E67230-445A-48F3-AB86-5D56655669C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4B3CC7FF-FC19-42AD-9AA3-5853795DF9DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E00DE80-2D82-4FEB-A61B-5DF30208DFCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A352118-FDE2-41A9-B9FC-51E260D2F3E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C469BE9-CE17-420F-A1CA-3DC555FFE2D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EECA039-F83F-4B82-8455-58DA841C4D0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9327967D-E982-4B29-9FF0-6A3ECCE21FB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{99FAD311-814A-47E9-B477-05B0F0BDFC09}" = rport=139 | protocol=6 | dir=out | app=system |
"{9EA2AF58-75E0-4DE7-A3C7-0494732445CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F36B42A-24E9-44A6-A339-0C8A8E13FDFB}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD91E892-A647-44FB-B8C2-0E4D4B3C151C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8FFF986-5E1C-4EAF-955E-B1DB6102F110}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E941B719-93DF-4BEF-BBA9-AB2041E04180}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EBA5494E-949B-405D-AE93-18F522A6AA96}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC39760-B939-4D8D-8BF3-D19735D575F6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{105F5115-E1BC-4A2F-B105-8CC34D6AD6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1660CA06-A496-4C5F-A698-D54A16CE0EF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1ABAD61B-0D56-463E-AD29-0676A11EC839}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E5961BC-E566-41E6-832C-5BCB6F159321}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3722EA27-DB3C-4A06-9C67-3A5F18AE94DF}" = protocol=6 | dir=out | app=system |
"{3AD9B905-6803-4E4D-A795-47F96E7B9B83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{438D9107-B0AC-417C-BEFE-FC270A888614}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{688CFD35-CAE3-4A87-A757-18AFC6063682}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{69229A09-D2AD-4BE0-B46B-C1F1941D305F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{70F5E9E8-7A23-43A8-BB2B-1642D364188E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{74C0F224-D910-487C-9986-CE234E68FABD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79A326D3-AED1-4575-A5FE-D9A93C9A2AE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8235029C-9976-414E-809B-8DA51F5AA86A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8665B50B-6C74-4AA8-BB2E-4A2B915A30AB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{8BD04A67-F7A9-4ADC-A495-79A8D1CE7934}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F91C5D4-B05A-4D1E-B107-DD3C45B00F12}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{9963926C-2B3C-410E-9DF4-88C2FB616127}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{9D211442-0201-46B6-8AF7-2D04D0DF6F69}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A3151905-03DC-4600-BF30-342000778DC0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{B096BB4E-1132-4B21-98B1-6CC9F2F9C94D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B291B333-9746-492D-A44D-766FADA2085B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A3E470-F60E-48C3-9023-5DC82D051079}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB9D3704-A975-4835-A737-F85307936EDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD0E1DAD-7CE4-4FB0-AAB2-03BBBCDA32C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2690B41-2300-4F38-B603-D70A7C6EADD8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CDD782A4-A608-4A9C-8BAF-209BAEB9BA1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF39EC34-126E-4DD7-AD15-64C45C945C51}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D0108FE4-FA7B-461C-A566-2ACCE20D5606}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{D1C8EFAD-94B5-45B0-A036-5B319D0F23FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5EE7649-398D-42F6-9595-046F5A966DE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EC965FD0-8B29-4CD6-8032-1D47F6B353EF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED056FDE-4FB8-45F9-A210-0D249CB9F9E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F61BE9BE-804C-41C6-9EEA-968334009315}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9E664F5-95A6-42A4-8751-7EF2AB1DCDB2}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{FD0F438C-D8F4-4F52-B9B0-344C0055A9BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF3D9B6F-D127-4D94-976F-D8544B6D3997}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D3F8B55-8FA8-449B-7346-56C3ADC3142A}" = ccc-utility64
"{44FEBA86-D067-06F1-F757-B25388B75193}" = ATI Catalyst Install Manager
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{078979DD-66FF-959F-A5B6-B1D7F6320745}" = CCC Help Portuguese
"{083C4FD4-067E-4ABF-2A73-A3B8F00BBF7B}" = CCC Help Korean
"{0BC37DE4-25DA-423A-11D4-847BB417CA52}" = CCC Help Chinese Traditional
"{0BCC9771-828D-431D-E231-1E4DA226FB40}" = CCC Help Polish
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{129D4434-B9AB-4C09-BCE1-110E6C8E10E9}" = MAGIX Screenshare
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27C72889-599F-0A6E-53BF-C4753F12FDDE}" = CCC Help Turkish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31298826-074C-E85A-7193-17FE295B1CB4}" = Catalyst Control Center InstallProxy
"{340912AA-1A68-4D7F-9604-E3520FF69B98}" = MAGIX Fotos auf CD & DVD 10 Deluxe (Sonderedition)
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{390290B2-48D6-4C31-91DC-C4CB9D4CF769}" = MAGIX Speed burnR (MSI)
"{39BFD171-B593-94EE-A24F-E76C00068828}" = CCC Help Dutch
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A38C722-30A9-6319-B84D-EC121CE4E99B}" = CCC Help Chinese Standard
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5E705C6F-7163-9FAC-E599-79769775BED0}" = CCC Help Greek
"{5F2380C8-5443-40E4-8FD5-DE0AEC16B4BC}" = MAGIX Foto Manager 10
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64804F29-8AA2-2FF6-1A54-DAAA0FDC0DC9}" = CCC Help Finnish
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CE0A58B-DA52-8FB2-C255-794813218282}" = Catalyst Control Center Graphics Full Existing
"{6CFCC49A-EBED-749B-C99A-D87D7B2DFFA9}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E10F391-997D-1AA1-E256-EA1721AA1FA9}" = CCC Help Italian
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A26B0A-9185-4F3B-3361-E1F0CC3234B2}" = Catalyst Control Center Localization All
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96282E21-99B9-8009-2508-9BC91BA92E17}" = CCC Help English
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99799EBC-1A17-18CA-85B8-9ED05996FB77}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDCAB7E-6350-EF0B-E631-617FF1F03617}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A7FC0026-B0D5-F858-A751-47147FAF3EA0}" = CCC Help Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD5E481C-B8DA-8E0D-09EC-788C8CB43934}" = Catalyst Control Center Graphics Full New
"{AE03B427-F9F5-7222-061D-F637DFC762DE}" = CCC Help Hungarian
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B73AE5A2-3996-18BE-8A26-3351D3A82A52}" = CCC Help German
"{BBD80A22-43DA-E54F-E119-26EA6C6028F7}" = CCC Help Norwegian
"{C0BCA6DF-438D-6EE0-E7E8-1BC30D372E45}" = ccc-core-static
"{C32EE986-EBF6-7CC1-2B62-9D643AB85A64}" = CCC Help Spanish
"{C433CD2B-B9C6-B4F4-4169-52DF40B8F1D3}" = Catalyst Control Center Graphics Light
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CF9E6971-FCAB-E64D-F76D-EED1DF868631}" = CCC Help Swedish
"{DBD53C08-3BFD-2680-100A-6664F21015E6}" = CCC Help Czech
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4BEC5A4-7851-B0A2-F5E2-88924950F481}" = Catalyst Control Center Core Implementation
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD11E520-80B5-31C4-3CAF-704ECEEA0141}" = CCC Help Russian
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.6
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"EOS Utility" = Canon Utilities EOS Utility
"Free Video Dub_is1" = Free Video Dub version 2.0.12.706
"FTP Commander" = FTP Commander
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"KompoZer_is1" = KompoZer 0.77
"LManager" = Launch Manager
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx_SE" = MAGIX Fotos auf CD & DVD 10 Deluxe (Sonderedition)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Woodcutter Simulator 2012" = Holzfäller Simulator 2012
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2521884591-20305894-1218270197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"PhotoFiltre" = PhotoFiltre
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.05.2013 08:54:02 | Computer Name = Unser | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
args)
Error - 07.05.2013 08:58:39 | Computer Name = Unser | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0x1198 Startzeit der fehlerhaften Anwendung: 0x01ce4b225ca54028 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
d6149e0d-b715-11e2-b393-93ecb321eaab
[ System Events ]
Error - 07.05.2013 08:51:31 | Computer Name = Unser | Source = DCOM | ID = 10010
Description =
Error - 07.05.2013 08:53:37 | Computer Name = Unser | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 07.05.2013 08:56:30 | Computer Name = Unser | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
Geändert von cheekylisa (07.05.2013 um 13:58 Uhr) |
|
| Themen zu GVU Trojaner 2.12 - Bereinigung |
| abgesicherten, acer, ahnung, autostart, avira, dateien, destroy, hochfahren, hoffe, laptop, laufen, mehrere dateien, quarantäne, reboot, rechner, recht, required, schonmal, search, seite, spybot, starte, teilen, trojaner, weiterhelfen, windows |
Linear-Darstellung
